Arteris (AIP) Risk Analysis

After incurring significant design and development expenditures and dedicating engineering resources to achieve a single initial design win for an IP interconnect or other solution, a substantial period of time generally elapses before we generate meaningful revenue from royalties relating to such solution, if at all. The reasons for this delay include, among other things, the following: ¦Changing customer requirements, resulting in an extended development cycle for the product. ¦Delay in the ramp-up of volume production of the customers' products into which our solutions are designed. ¦Delay or cancellation of the customers' product development plans. ¦Market or competitive pressures to reduce the selling price of the customers' end-products. ¦The discovery of design flaws, defects, errors or bugs in the products, whether or not those defects, errors or bugs are related to our IP interconnect and other solutions that delay the customer from finishing the product in which our IP solution is incorporated. ¦Lower than expected acceptance of the customers' end-products. Moreover, as noted above, even if a customer selects our IP interconnect and other solutions, we cannot guarantee that this will result in any royalty or future licensing revenue, as the customer may ultimately change or cancel its product plans, or the customer's efforts to market and sell its product may not be successful.

Third parties may assert that we have infringed, misappropriated, or otherwise violated their copyrights, patents, and other intellectual property rights, particularly as new technologies such as GenAI impact the industries in which we operate. We may experience brand or reputational harm, competitive harm or legal liability if we do not have sufficient rights to use the output of GenAI or open source content, or the data or other material or content on which these rely. In addition, we may incur liability through the breach of third-party intellectual property licenses or contracts to which we are a party, and violations of applicable laws and regulations. For example, there is uncertainty in the U.S. courts as to how AI technologies affect IP ownership, including copyright protections, which may expose us or our customers to claims of copyright infringement or misappropriation.

We are subject to regulation by various governmental agencies in the United States and other jurisdictions in which we operate. These laws and regulations (and the government agency responsible for their enforcement in the United States) cover: radio frequency emission regulatory activities (Federal Communications Commission); anti-trust regulatory activities (Federal Trade Commission and Department of Justice); consumer protection laws (Federal Trade Commission); import/export regulatory activities (Department of Commerce); product safety regulatory activities (Consumer Products Safety Commission); worker safety (Occupational Safety and Health Administration); environmental protection (Environmental Protection Agency and similar state and local agencies); employment matters (Equal Employment Opportunity Commission); and tax and other regulations by a variety of regulatory authorities in each of the areas in which we conduct business. In certain jurisdictions, regulatory requirements in one or more of these areas may be more stringent than in the United States. In the area of employment matters, we are subject to a variety of federal, state and foreign employment and labor laws and regulations, including the Americans with Disabilities Act, the Federal Fair Labor Standards Act, the WARN Act and other regulations related to working conditions, wage and hour pay, overtime pay, employee benefits, anti-discrimination, and termination of employment. We are subject to local employment statutes and regulations in other jurisdictions. Noncompliance with any of these applicable regulations or requirements could subject us to investigations, sanctions, enforcement actions, fines, damages, penalties, or injunctions. In certain instances, former employees have brought claims against us, and we expect that we will encounter similar actions against us in the future. An adverse outcome in any such litigation could require us to pay damages, attorneys' fees and costs. These enforcement actions could harm our reputation and business. If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our business could be harmed. In addition, responding to any action will likely result in a significant diversion of management's attention and resources and an increase in professional fees.

As a multinational business, we are subject to income and other taxes in both the United States and various foreign jurisdictions. Changes to tax laws or regulations in the jurisdictions in which we operate, or in the interpretation of such laws or regulations, could, significantly increase our effective tax rate and reduce our cash flow from operating activities, and otherwise have a material adverse effect on our financial condition. In addition, other factors or events, including business combinations and investment transactions, changes in the valuation of our deferred tax assets and liabilities, adjustments to taxes upon finalization of various tax returns or as a result of deficiencies asserted by taxing authorities, increases in expenses not deductible for tax purposes, changes in available tax credits, changes in transfer pricing methodologies, other changes in the apportionment of our income and other activities among tax jurisdictions, and changes in tax rates, could also increase our effective tax rate. Our tax filings are subject to review or audit by the U.S. Internal Revenue Service (the IRS) and state, local and foreign taxing authorities. We may also be liable for taxes in connection with businesses we acquire. Our determinations are not binding on the IRS or any other taxing authorities, and accordingly the final determination in an audit or other proceeding may be materially different than the treatment reflected in our tax provisions, accruals and returns. An assessment of additional taxes because of an audit could harm our business. Further changes in the tax laws of foreign jurisdictions could arise, in particular, as a result of the base erosion and profit shifting project that was undertaken by the Organization for Economic Co-operation and Development (the OECD). The OECD, which represents a coalition of member countries, recommended changes to numerous long-standing tax principles. These changes, if adopted, could increase tax uncertainty and may adversely affect our provision for income taxes and increase our tax liabilities.

The global data protection landscape continues to evolve, and we are or may become subject to numerous state, federal and foreign laws, regulations, legal requirements, contractual obligations and industry standards regarding security, data protection and privacy and any actual or perceived failure to comply with these requirements, obligations or standards could harm our reputation and business. If we are found to have violated any such laws or regulations in any such jurisdiction, we may be subject to enforcement actions that require us to change our business practices in a manner which may negatively impact our revenue, as well as expose us to litigation, fines, civil and/or criminal penalties and adverse publicity that could cause our customers to lose trust in us, negatively impacting our reputation and business in a manner that harms our financial position. Implementation standards and enforcement practices continue to evolve, and we cannot yet determine the impact future laws, regulations, standards, or perception of their requirements may have on our business. This evolution may create uncertainty in our business, affect our ability to operate in certain jurisdictions or to collect, store, transfer, use and share personal information, necessitate the acceptance of more onerous obligations in our contracts, result in liability or impose additional costs on us. The cost of compliance with these laws, regulations and standards is high and is likely to increase in the future. As part of our business, we collect personal data, and other potentially sensitive and/or regulated data from our customers. In the United States, numerous federal and state laws and regulations, including data breach notification laws, data privacy and security laws, and consumer protection laws and regulations govern the collection, use, disclosure, protection and other processing of personal information. For example, the CCPA requires covered companies to, among other things, provide certain disclosures to California consumers about use of personal information, and affords such consumers privacy rights such as the ability to opt-out of certain sales of personal information and expanded rights to access and delete their personal information, opt out of certain personal information sharing, and receive detailed information about how their personal information is collected, used and shared. The CCPA provides for civil penalties for violations, as well as a private right of action for security breaches that may increase security breach litigation. The California Privacy Rights Act (CPRA) passed in California significantly amended the CCPA and imposed additional data protection obligations on covered businesses, including additional consumer rights, new cybersecurity audit requirements for businesses whose processing of personal information presents significant risk to consumer's privacy or security, and opt outs for certain uses of sensitive personal information. As part of the CPRA, a new California Privacy Protection Agency is authorized to issue substantive regulations and could result in increased privacy and information security enforcement. The majority of the provisions went into effect on January 1, 2023, and additional compliance investment and potential business process changes may be required, including as the California Privacy Protection Agency continues to issue regulations. Further, several other states have passed state privacy laws. These state privacy laws may increase our compliance costs and potential liability, and could harm our business, including how we use personal information. A number of other proposals exist for new federal and state privacy legislation that, if passed, could increase our potential liability, increase our compliance costs and harm our business. Our operations abroad may also be subject to increased scrutiny or attention from data protection authorities. For example, the EU General Data Protection Regulation (EU GDPR) and the U.K. General Data Protection Regulation and the U.K. Data Protection Act 2018 (UK GDPR) (collectively, the GDPR) imposes comprehensive data privacy compliance obligations on our collection, processing, sharing, disclosure, transfer and other use of data relating to an identifiable living individual or "personal data". The EU and U.K. regimes also include laws which, among other things, require European Economic Area (EEA) member states and the U.K. to regulate marketing by electronic means and the use of cookies and similar technologies. The GDPR has resulted in, and will continue to result in, significant compliance burdens and costs for companies with customers and/or operations in the EEA and the U.K. The GDPR, and national implementing legislation in each member state, imposes a data protection compliance regime including: (i) providing detailed disclosures about how personal data is collected and processed; (ii) demonstrating that an appropriate legal basis is in place or otherwise exists to justify data processing activities; (iii) granting certain rights for data subjects in regard to their personal data (including transparency, the right to be "forgotten," right to data portability, right of access, and right to rectification); (iv) obligation to notify data protection regulators or supervisory authorities (and in certain cases, affected individuals) of data breaches; (v) imposing limitations on retention of personal data; (vi) maintaining a record of data processing; and (vii) complying with the principal of accountability and the obligation to demonstrate compliance through policies, procedures, training and audit. If our privacy or data security measures fail to comply with applicable current or future laws and regulations, we may be subject to litigation, regulatory investigations, and enforcement notices requiring us to change the way we use personal data or our marketing practices. For example, under the GDPR we may be subject to fines of up to €20 million / £17.5 million or up to 4% of the total worldwide annual group turnover of the preceding financial year (whichever is higher) for major violations. In addition to the foregoing, a breach of the GDPR could result in regulatory investigations, reputational damage, orders to cease/ change our processing of our data, enforcement notices, and/ or assessment notices (for a compulsory audit). We may also face civil claims including representative actions and other class action type litigation (where individuals have suffered harm), potentially amounting to significant compensation or damages liabilities, as well as associated costs, diversion of internal resources, reputational harm and a potential loss of business. We are also subject to European Union rules with respect to cross-border transfers of personal data out of the EEA and the U.K. In July 2020, the Court of Justice of the EU (CJEU) limited how organizations could lawfully transfer personal data from the EU/EEA to the United States by invalidating the Privacy Shield for purposes of international transfers and imposing further restrictions on the use of standard contractual clauses (SCCs). In March 2022, the US and EU announced the EU-U.S. DPF after determining that the additional safeguards included in Executive Order 14086 signed by former President Biden on October 7, 2022, provide an adequate level of protection for personal data transferred from the European Union. The adequacy decision allows the EU-U.S. DPF to facilitate the transfer of data from Europe to the United States. We currently rely on the SCCs to transfer personal data outside the EEA and the U.K., including to the United States. As supervisory authorities issue further guidance on personal data export mechanisms, we could suffer additional costs, complaints and/or regulatory investigations or fines. Further, the exit of the U.K. from the EU, often referred to as Brexit, created uncertainty with regard to data protection regulation in the U.K. The European Commission has adopted an adequacy decision in favor of the U.K., enabling data transfers from EU member states to the U.K. without additional safeguards. However, the U.K. adequacy decision will automatically expire in June 2025 unless the European Commission re-assesses and renews/ extends that decision and remains under review by the European Commission during this period. The relationship between the U.K. and the EU in relation to certain aspects of data protection law remains unclear, and it is unclear how U.K. data protection laws and regulations will develop in the medium to longer term, and how data transfers to and from the U.K. will be regulated in the long term. These changes will lead to additional costs and increase our overall risk exposure. In addition, we are subject to evolving data privacy and security laws, rules and regulations in the PRC, particularly the Personal Information Protection Law (PIPL), Cybersecurity Law (CSL) and Data Security Law (DSL), along with their implementing regulations and standards. Consent from the data subject is required for any collection or processing of personal data, unless one of a limited number of exemptions applies. Notably, the PIPL, similar to the EU GDPR, applies extraterritorially in certain circumstances. The PIPL, CSL and DSL also specify rules for transferring personal information and the sui-generis category of ‘important data' out of the PRC. Compliance with security assessments, obtaining certifications of group privacy standards by designated agencies, or entering into standard contracts (in approved form) with overseas recipients (to be filed with a PRC government agency) are among the requirements for transfer of personal data. All businesses in China additionally require government approval to transfer any amount of ‘important data' generated within the PRC overseas. (‘Important data' is a special category of data regulated under the DSL that has a national security, economic security or public interest dimension to it, but which has yet to be extensively classified, leading to significant uncertainty as to the scope of application of this rule at the present time.) Chinese law also imposes restrictions on the disclosure of data to foreign judicial and law enforcement bodies, and the extent and modalities of the application of this rule remain highly uncertain. In addition to the CSL, the DSL and the PIPL, the relevant government authorities of the PRC have promulgated various regulations, draft regulations, guidelines and standards at both the national and provincial levels that are designed to provide further implemental guidance in accordance with the laws mentioned above. These laws and regulations continue to evolve, with an unpredictable impact on our operations in the PRC and related compliance costs. In addition, these laws and regulations are drafted broadly and thus leave significant discretion to the relevant PRC authorities, increasing the uncertainty about how they will be interpreted and enforced in practice. Although we make reasonable efforts to comply with all applicable data protection laws and regulations, our interpretations and such measures have been or may prove to be insufficient or incorrect. The effects of any applicable state, federal and international laws and regulations that are currently in effect or that may go into effect in the future, are significant and may require us to modify our data processing practices and policies and to incur substantial costs and potential liability in an effort to comply with such laws and regulations. Allegations of non-compliance, whether or not true, could be costly, time consuming, and cause reputational harm. In addition to government regulation, privacy advocates and industry groups may propose new and different self-regulatory standards. Because the interpretation and application of privacy and data protection laws continue to evolve, it is possible that these laws may be interpreted and applied in a manner that are inconsistent with one another or inconsistent with our existing data management practices or the features of our products and services. Any actual or perceived failure to comply with these and other data protection and privacy laws and regulations could result in regulatory scrutiny and increased exposure to the risk of litigation or the imposition of consent orders, resolution agreements, requirements to take particular actions with respect to training, policies or other activities, and civil and criminal penalties, including fines, which could harm our business. In addition, we or our third-party service providers could be required to fundamentally change our business activities and practices or modify our products and services, which could harm our business. Any of the foregoing could result in additional cost and liability to us, damage our reputation, inhibit sales, and harm our business.

The semiconductor IP industry is a relatively small and emerging industry. Our future growth will depend on the level of market acceptance of our third-party licensable IP model, the variety of IP offerings available on the market and the shift in customer preference away from in-house development of semiconductor IP technologies and SoC Integration Automation software. Furthermore, the third-party licensable IP model is highly dependent on the market adoption of new services and products, including in the automotive market, enterprise computing market, communications market, consumer electronics market, and industrial market. Such market adoption is important because the increased cost associated with ownership and maintenance of the more complex architectures in SoCs needed for the advanced services and products and time to market pressures on our customers may motivate companies to license third-party IP rather than design them in-house. The trends that would enable our growth are largely beyond our control. Semiconductor customers also may choose to adopt a multi-chip, off-the-shelf chip solution versus licensing or using highly integrated chipsets that embed our technologies or use our deployment software. If these market shifts do not materialize or third-party semiconductor IP does not achieve market acceptance, our business could be harmed.

Our ability to increase our customer base and achieve broader market acceptance of our products and platform capabilities will depend to a significant extent on our ability to expand our global sales and application engineering organization. We plan to continue expanding our sales force, both domestically and internationally. We also plan to dedicate significant resources to sales and marketing programs. All of these efforts will require us to invest significant financial and other resources. Our business will be harmed if our sales and marketing efforts do not generate significant increases in revenue or increases in revenue are smaller than anticipated. We may not achieve anticipated revenue growth from expanding our sales force if we are unable to hire, develop, integrate and retain talented and effective sales personnel, if our new and existing sales personnel, on the whole, are unable to achieve desired productivity levels in a reasonable period of time, or if our sales and marketing programs are not effective.

Our revenue, gross margin, and ability to achieve and maintain profitability depend significantly on general economic conditions and the demand for products in the markets in which our customers compete. Weaknesses in the global economy and financial markets and any adverse changes in general domestic and global economic conditions that may occur in the future, including any recession, economic slowdown or disruption of credit markets, may lead to, lower demand for products that incorporate our solutions, including in the automotive market, enterprise computing market, communications market, consumer electronics market, and industrial market. A decline in end-user demand can affect our customers' demand for our products, the ability of our customers to obtain credit and otherwise meet their payment obligations and the likelihood of customers canceling or deferring existing orders. Our business could be harmed by such actions. Because we conduct business, have offices in and derive revenue from customers in China, our business performance may be affected by increased political tensions and changes in China's political, social and economic environment. For example, political instability resulting from changes in the relationship between the United States and China could negatively impact our business. Any significant armed conflict related to this matter is expected to materially and adversely damage our business. Moreover, the role of the Chinese government in the Chinese economy is significant. Chinese policies toward economic liberalization, and laws and policies affecting technology companies, foreign investment, currency exchange rates, taxes and other matters could change, resulting in greater restrictions on our ability and our suppliers' ability to do business and operate facilities in China. If any of these changes were to occur, our business could be harmed, and our stock price could decline. Any disruption in the credit markets could also impede our access to capital. If we have limited access to additional financing sources, we may be required to defer capital expenditure or seek other sources of liquidity, which may not be available to us on acceptable terms or at all. All of these factors related to global economic conditions, which are beyond our control, could harm our business. We maintain the majority of our cash and cash equivalents in accounts with major U.S. and multi-national financial institutions, and our deposits at certain of these institutions exceed insured limits. Market conditions can impact the viability of these institutions. In the event of failure of any of the financial institutions where we maintain our cash and cash equivalents, there can be no assurance that we would be able to access uninsured funds in a timely manner or at all. Any inability to access or delay in accessing these funds could adversely affect our business and financial position.

We derived 62.3% of our revenue for the year ended December 31, 2024 from sales to customers outside of the United States. In particular, we derived 29.2% of our revenue for the year ended December 31, 2024 from customers located in China. For the six months ended June 30, 2025, 59.9% of our revenue was derived from sales to customers outside of the United States and 25.0% of our revenue was derived from customers located in China. We expect our revenue from China to decrease due to the applicable U.S. government trade restrictions. As a result, the economic, political, legal and social conditions in China could harm our business. In addition, we have offices globally with our sales and research and development being conducted in offices located in the San Francisco Bay Area, Texas, France, Poland, China, South Korea, and Japan. Moreover, conducting business outside the United States subjects us to a number of additional risks and challenges, including: ¦Changes in a specific country's or region's political, regulatory or economic conditions. ¦Imposition of or changes to export control regulations, tariff policy and other barriers, restrictions and regional stability measures, such as the tariffs announced in 2025 by the United States, in particular with respect to China but also announced tariffs such as the tariffs on countries in the European Union, and any retaliatory tariffs or measures, including countermeasures by China, countries in the European Union, or other countries, that could negatively impact trade between, or increase the cost of operating in, or increase the cost of or negatively impact the demand for our products or our customers' products in, the countries in which we do business. ¦A pandemic, epidemic or other outbreak of an infectious disease, which may cause us or our distributors, vendors and/or customers to temporarily suspend our or their respective operations in the affected city or country or completely. ¦Compliance with a wide variety of domestic and foreign laws and regulations (including those of municipalities or provinces where we have operations) and unexpected changes in those laws, export and trade controls, and regulatory requirements, including uncertainties regarding taxes, social insurance contributions and other payroll taxes and fees to governmental entities, tariffs, quotas, export controls, export licenses and other trade barriers. ¦Unanticipated restrictions on our ability to sell to foreign customers where sales of products and the provision of services may require export licenses or are prohibited by government action, unfavorable foreign exchange controls and currency exchange rates. ¦Potential for substantial penalties and litigation related to violations of a wide variety of laws, treaties and regulations, including labor regulations, export control and anti-corruption regulations (including the U.S. Foreign Corrupt Practices Act and the U.K. Bribery Act). ¦Difficulties and costs of staffing and managing international operations across different geographic areas, time zones and cultures. ¦Changes in diplomatic and trade relationships and uncertainties around the current U.S. administration's policies, including tariffs and reciprocal tariffs, create a highly unpredictable and volatile business environment, a potential increased likelihood of recession, potential slowdown in capital markets, and potential impacts to the valuation of the U.S. dollar and other currencies. ¦Potential political, legal and economic instability, armed conflict, and civil unrest in the countries in which we and our customers are located. ¦Difficulty and costs of maintaining effective data security particularly as state-sponsored threats and cyber espionage incidents increase. ¦Inadequate protection of our intellectual property. ¦Nationalization and the uncertain impact on the perception or reputation of our products or services in foreign markets. ¦Restrictions on the transfer of funds to and from foreign countries, including withholding taxes and other potentially negative tax consequences. ¦Unfavorable and/or changing foreign tax treaties and policies. ¦Increased exposure to general market and economic conditions inside and outside of the United States. ¦Currency exchange rate fluctuations and the resulting effect on our revenue and expenses, and the cost and risk of entering into hedging transactions if we choose to do so in the future. ¦Increased regulatory uncertainties with respect to our wholly foreign-owned enterprise operating in China and any joint ventures we may form or contribute IP or other resources to in the future. ¦Trends such as global and regional inflation, supply shortages and supply chain disruptions, geopolitical tensions, wars or conflicts and retaliatory actions and regulations affecting or relating to regions such as but not limited to Ukraine, Russia, Eastern Europe, Israel and Iran and the Middle East, or in the Greater China region, may lead to the deterioration of our immediate customers' and/or end market customers' ability and/or willingness to purchase, use, develop, market or sell products or solutions that incorporate or are made while using our products. These factors, individually or in combination, could impair our ability to effectively operate one or more of our foreign facilities or deliver our semiconductor IP or SoC Integration Automation software solutions, result in unexpected and material expenses, or cause an unexpected decline in the demand for our products in certain countries or regions. Our failure to manage the risks and challenges associated with our international business and operations could harm our business.

License agreements for our interconnect IP are generally treated as ratable revenue, with revenue being recognized evenly over the license term. In recent periods we have made and will continue to make certain changes to SoC Integration Automation software agreements that result in ratable recognition of the related license revenue over the contract term. Still, significant portions of our anticipated future revenue depend upon our success in attracting new customers, or continuing or expanding our relationships with existing customers, and revenue recognized from licensing arrangements varies from period to period, depending on the number and size of deals closed during a quarter, and is difficult to predict. In addition, as we expand our business into new markets, our licensing deals may be smaller in volume but greater in value in volume, which may further fluctuate our licensing revenue quarter to quarter. Our ability to succeed in our licensing efforts will depend on a variety of factors, including the market positioning, performance, delivery, quality, breadth and depth of our current and future IP interconnect and other solutions as well as our sales and marketing skills. Our failure to obtain future licensing customers would impede our future revenue growth and could materially harm our business. As a result of these and other factors, you should not rely on the results of any prior quarterly or annual periods, or any historical trends reflected in such results, as indications of our future revenue or operating performance. Fluctuations in our revenue and operating results could cause our stock price to decline and, as a result, you may lose some or all of your investment.