Dynatrace (DT) Risk Analysis

The markets for observability and related solutions are characterized by constant change and innovation, and we expect them to continue to rapidly evolve. Moreover, many of our customers operate in industries characterized by changing technologies and business models, which require them to develop and manage increasingly complex software application and IT infrastructure environments. Our future success, if any, will be based on our ability to consistently provide our customers with an end-to-end, near real-time view into the performance of their software applications and IT infrastructure, provide notification and prioritization of degradations and failures, perform root cause analysis of performance issues, and analyze the quality of their end users' experiences and the resulting impact on their businesses and brands. If we do not respond to the rapidly changing needs of our customers by developing and making available new solutions and solution enhancements that can address evolving customer needs on a timely basis, our competitive position and business prospects will be harmed, and our revenue growth and margins could decline. In addition, the process of developing new technology is complex and uncertain, and if we fail to accurately predict customers' changing needs and emerging technological trends, our business could be harmed. We believe that we must continue to dedicate significant resources to our research and development efforts, including significant resources to developing new solutions and solution enhancements before knowing whether the market will accept them. For example, we have made significant investments in our application security offering and in developing our GrailTM core technology, AutomationEngine, and AppEngine. We also expanded our Davis AI engine to create the observability industry's first solution that converged fact-based, causal and predictive AI insights with new generative AI capabilities. We also plan to evolve our AI capabilities to drive differentiation, with a focus on evolving into an agentic AI platform that can act autonomously to make decisions and take actions without human intervention. Our new solutions and solution enhancements could fail to attain sufficient market acceptance for many reasons, including: - delays in developing and releasing new solutions or enhancements to the market;- failures to accurately predict market or customer demands, priorities, and practices, including other technologies utilized by customers in their environments and competitors and partners that they prefer to work with;- the introduction or anticipated introduction of competing products by existing and emerging competitors;- the inability to execute our go-to-market strategy effectively, which depends on our sales and marketing teams and our partners to sell solutions for new markets and product categories;- delays or failures to provide updates to customers to maintain compatibility between Dynatrace and the various applications and platforms being used in the customers' applications and multicloud environments;- defects, errors, or failures in the design or performance of our new solutions or solution enhancements;- the perceived value of our solutions or enhancements relative to their cost; and - negative publicity about the performance or effectiveness of our solutions. In addition to developing new solutions or solution enhancements using internal resources, we may acquire technologies from a third party, or acquire another company. Any acquisition of this type could be unsuccessful for a variety of reasons, require significant management attention, disrupt our business, dilute stockholder value, and adversely affect our results of operations. For a description of some of the risks related to potential acquisitions, please see the risk below entitled "We may acquire other businesses, products, or technologies in the future which could require significant management attention, disrupt our business or result in operating difficulties, dilute stockholder value, and adversely affect our results of operations." To the extent that we are not able to continue to execute on our business model to timely and effectively develop or acquire and market applications to address these challenges and attain market acceptance, our business, operating results, and financial condition will be adversely affected. Further, we may make changes to our solutions that our customers do not value or find useful. We may also discontinue certain features, begin to charge for certain features that are currently free, or increase fees for any of our features or usage of our solutions. If our new solutions, enhancements, or pricing strategies do not achieve adequate acceptance in the market, our competitive position will be impaired, our revenue may decline or grow more slowly than expected and the negative impact on our operating results may be particularly acute, and we may not receive a return on our investment in the upfront research and development, sales and marketing, and other expenses that we incur in connection with new solutions or solution enhancements.

We have in the past been, and may in the future be, the target and victim of cybersecurity attacks, including email phishing and other types of attacks. In general, security incidents, breaches, and compromises have increased in sophistication and have become more prevalent across industries and may occur on our systems; on the systems of third parties that we use to host our solutions or SaaS solutions that we use in the operation of our business; on the systems or libraries of third parties that we use to develop our products; or on third-party hosting platforms on which our customers host their systems. These security incidents or compromises may be caused by, or result in, but are not limited to, security breaches, computer malware or malicious software, ransomware, phishing attacks, computer hacking, denial of service attacks, security system control failures in our own systems or vendor systems that we or our customers use, software vulnerabilities, social engineering, sabotage, malicious downloads, and the errors or malfeasance of our own or our customers' or vendors' employees. Although we have taken significant measures to detect, effectively remediate, and prevent future phishing and other attacks and security threats, we cannot be certain that our efforts will be effective to prevent and remediate all attacks and security threats. As a result, unauthorized access to, security breaches, incidents, or compromises of, or denial-of-service attacks against our platform could result in the unauthorized access to, or use of, and/or loss of, our data, as well as loss of IP, customer data, employee data, trade secrets, or other confidential or proprietary information. In particular, because we utilize a multi-tenant platform for our SaaS solution, any security breach, incident, or compromise could potentially affect a significant amount of our customers. The consequences of a security breach, incident, or compromise may be more severe if customers have chosen to configure our platform to collect and store confidential, personal, sensitive, or proprietary information. Our customers determine, through their configuration, the nature of the customer data processed by Dynatrace, and accordingly the content of the notices that they provide to data subjects as well as the consents that they obtain, if they do, in fact, obtain consent. As such, our risks are also affected by how our customers obtain consent or provide transparency to the individuals whose data is provided by the customer to Dynatrace. If our customers fail to comply with applicable law or fail to provide adequate notice or to obtain consent, we could be exposed to a risk of loss, litigation, or regulatory action, and possible liability, some or all of which may not be covered by insurance, and our ability to operate our business may be impaired. We and certain of our service providers have experienced and may in the future experience disruptions, outages, and other performance problems on our internal systems due to service attacks, unauthorized access, or other security related incidents or compromises affecting confidential or personal information. Any security breach, incident, or compromise or loss of system control caused by hacking, which involves efforts to gain unauthorized access to information or systems, or to cause intentional malfunctions or loss, modification, or corruption of data, software, hardware or other computer equipment and the transmission of computer malware could harm our business, operating results, and financial condition, and expose us to claims arising from loss or unauthorized disclosure of confidential or personal information or data and the related breach of our contracts with customers or others, or of privacy or data security laws. If an actual or perceived security incident, breach, or compromise occurs, the market perception of the effectiveness of our security controls could be harmed, our brand and reputation could be damaged, we could lose customers, and we could suffer financial exposure due to such events or in connection with remediation efforts, investigation costs, regulatory fines, including fines assessed under the European General Data Protection Regulation ("GDPR") or other privacy laws, private lawsuits, and changed security control, system architecture, and system protection measures. We have administrative, technical, and physical security measures in place, as well as policies and procedures in place to contractually require third parties to whom we transfer data to implement and maintain appropriate security measures. We also proactively employ multiple methods at different layers of our systems to defend against intrusion and attack and to protect our data. However, because the techniques used to obtain unauthorized access or to compromise or sabotage systems change frequently and generally are not identified until they are launched against or even penetrate a target, we may be unable to anticipate these techniques or to implement adequate preventative measures that will be sufficient to counter all current and emerging technology threats. We may therefore experience security breaches, incidents, or compromises that may remain undetected for extended periods of time. Vendors' or suppliers' software or systems may be susceptible or vulnerable to breaches and attacks, which could compromise our systems. A vendor or other supply chain-related breach or compromise could spread to our own systems or affect our operations or financial systems in material ways that we cannot yet anticipate. A majority of our employees have the ability to work either partially or fully remote. Certain security systems in homes or other remote workplaces may be less secure than those used in our offices, which may subject us to increased security risks, including cybersecurity-related events, and expose us to risks of data or financial loss and associated disruptions to our business operations. We may also be exposed to risks associated with the locations of remote workers, including exposure to compromised Internet infrastructure. If we are unable to effectively manage the cybersecurity and other risks of remote work, our business could be harmed or otherwise negatively impacted. Because data security is a critical competitive factor in our industry, we make statements in our privacy policies, our online product documentation, and in our marketing materials describing the security of our platform, including descriptions of certain security measures we employ or security features embedded within our offerings. In addition, our customer contracts include commitments related to security measures and data protection. Should any of these statements be untrue, become untrue, or be perceived to be untrue, even if through circumstances beyond our reasonable control, or if any of these security measures or features prove to be ineffective or are perceived to be ineffective, we may face claims (including claims of unfair or deceptive trade practices or breach of regulations, including GDPR) brought by the U.S. Federal Trade Commission, state, local, or foreign regulators (e.g., a European Union-based data protection authority) or private litigants, and breach of contract. While we believe that we maintain a sufficient amount of insurance to cover certain risks and incidents related to data security, our insurance coverage may not always cover all costs or losses. In addition, we cannot be certain that sufficient insurance will continue to be available to us on commercially acceptable terms in the future. Any large, successful claim that exceeds our insurance coverage or any changes in insurance availability and requirements could have a material adverse impact on our financial condition and reputation.

The markets in which we compete are highly competitive, fragmented, evolving, complex, and defined by rapidly changing technology (including, without limitation, new and evolving uses of AI) and customer needs, and we expect competition to continue to increase in the future. A number of companies, some of which are larger and have more resources than we do, have developed or are developing products and services that currently, or in the future may, compete with some or all of our solutions. We have also been expanding the scope of our solutions to include new offerings and we increasingly compete with other companies in new and adjacent markets. Competition could result in increased pricing pressure, reduced profit margins, increased sales and marketing expenses and our failure to increase, or loss of, market share, any of which could adversely affect our business, operating results, and financial condition. We compete either directly or indirectly with infrastructure monitoring vendors, application performance monitoring ("APM") vendors, log management vendors, digital experience monitoring vendors, security vendors, open source and commercial open source vendors, point solutions from public cloud providers, and IT operations management and business intelligence providers with offerings that cover some portion of the capabilities that we provide. Further, to the extent that one of our competitors establishes or strengthens a cooperative relationship with, or acquires one or more software APM, data analytics, compliance, or network visibility vendors, it could adversely affect our ability to compete. We may also face competition from companies entering our market, which has a relatively low barrier to entry in some segments, including large technology companies that could expand their platforms or acquire one of our competitors. For example, Cisco acquired Splunk in 2024. Many existing and potential competitors enjoy substantial competitive advantages, such as: - greater brand recognition and longer operating histories;- longer-term and more extensive relationships with existing and potential customers, and access to larger customer bases, which often provide incumbency advantages;- broader global distribution and presence;- larger sales and marketing budgets and resources;- the ability to integrate or bundle competitive offerings with other products, offerings and services;- lower labor and development costs;- greater resources to make acquisitions;- larger and more mature IP portfolios; and - substantially greater financial, technical, management and other resources. Additionally, in certain circumstances, and particularly among large technology companies that have complex and large software application and IT infrastructure environments, customers may elect to build in-house solutions to address their observability and related needs. Any such in-house solutions could leverage open source software, and therefore be made generally available at little or no cost. These competitive pressures in our markets or our failure to compete effectively may result in fewer customers, price reductions, fewer orders, reduced revenue and gross profit, and loss of market share. Any failure to meet and address these factors could materially and adversely affect our business, operating results, and financial condition.

We believe that maintaining and enhancing the Dynatrace brand and increasing market awareness of our company and our solutions are critical to achieving broad market knowledge of our existing and future solutions. Increasing awareness is important to attract and retain customers, partners, and employees, particularly as we continue to introduce new capabilities and enhancements and expand internationally. In addition, independent industry analysts, such as Gartner and Forrester, often provide reviews of our solutions, as well as those of our competitors, and perception of our solutions in the marketplace may be significantly influenced by these reviews. We have no control over what these or other industry analysts report, and because industry analysts may influence current and potential customers, our brand could be harmed if they do not provide a positive review of our solutions or view us as a market leader. The successful promotion of the Dynatrace brand and the market's awareness of our solutions and platform will depend largely upon our ability to continue to offer and market enterprise-grade observability and related solutions, share our thought leadership, and continue to differentiate our solutions successfully from those of our competitors. We have invested, and expect to continue to invest, substantial resources to promote and maintain our brand and generate sales leads, both in the United States and internationally, but there is no guarantee that our awareness strategies will enhance the recognition of our brand or lead to increased sales. If our efforts to promote and maintain our brand are not cost effective or successful, our operating results and our ability to attract and retain customers, partners, and employees may be adversely affected. In addition, even if our brand recognition and customer loyalty increase, this may not result in increased sales of our solutions or higher revenue.

We operate in over 35 countries around the world and, as a multinational corporation, we are subject to income and non-income taxes, including payroll, sales, use, value-added, net worth, property, and goods and services taxes, in both the United States and various non-U.S. jurisdictions. Our effective tax rate has fluctuated in the past and is likely to fluctuate in the future. Our effective tax rate is affected by the allocation of revenues and expenses to different jurisdictions and the timing of recognizing revenues and expenses. In addition, in the ordinary course of our global business, there are many intercompany transactions and calculations where the ultimate tax determination is uncertain. The amount of taxes that we pay is subject to our interpretation of applicable tax laws in the jurisdictions in which we file and changes to tax laws. Significant judgment is required in determining our worldwide provision for income taxes and other tax liabilities, and in determining the realizability of tax attributes such as foreign tax credits and domestic deferred tax assets. For example, during the year ended March 31, 2025, we completed an intra-entity asset transfer of the global economic rights of our IP to Switzerland which resulted in the recognition of a discrete tax benefit and related deferred tax asset of $320.9 million (as discussed in Note 9 to our audited consolidated financial statements and the "Management's Discussion and Analysis" section of our Annual Report). From time to time, we are subject to regular tax audits, examinations, and reviews in the ordinary course of business. While we believe that our tax estimates, assumptions, and judgments are reasonable and we have complied with all applicable income tax laws, there can be no assurance that a governing tax authority will not have a different interpretation and require us to pay additional taxes. If any amounts that we ultimately pay to a tax authority differ materially from amounts that we previously recorded or if we experience any unanticipated tax consequences, it could negatively affect our financial results and operations for the period at issue and on an ongoing basis. We do not collect sales and use, value added, and similar taxes in all jurisdictions in which we have sales, based on our belief that such taxes are not applicable in certain of those jurisdictions. Sales and use, value added, and similar tax laws and rates vary greatly by jurisdiction. Certain jurisdictions in which we do not collect such taxes may assert that such taxes are applicable, which could result in tax assessments, penalties, and interest, and we may be required to collect such taxes in the future. Such tax assessments, penalties, and interest or future requirements may adversely affect our results of operations. Tax laws, rules, and regulations are constantly under review by persons involved in the legislative process and by tax authorities. Changes to tax laws (which may have retroactive application) could adversely affect us or holders of our common stock. For example, changes in tax laws, rules, regulations, treaties, rates, changing interpretation of existing laws or regulations, the impact of accounting for share-based compensation, the impact of accounting for business combinations, changes in our international organization, and changes in overall levels of income before tax, can increase our or our stockholders' tax liability. In recent years, many changes have been made to applicable tax laws and changes are likely to continue to occur in the future. The OECD reached agreement among various countries to implement a minimum 15% tax rate on certain multinational enterprises, commonly referred to as Pillar Two. Many countries continue to announce changes in their tax laws and regulations based on the Pillar Two proposals. For fiscal year 2026, we expect to meet the Transitional Country-by-Country ("CbCR") Safe Harbor rules for most, if not all, the jurisdictions that have adopted the rules. Based on the guidance available thus far, we do not expect this legislation to have a material impact on our condensed consolidated financial statements, but we will continue to evaluate it as additional guidance and clarification becomes available.

We are subject to U.S. federal, state, and international laws, regulations, and standards relating to the collection, use, disclosure, retention, security, transfer, and other processing of personal data. The legal and regulatory frameworks for privacy, data protection and security issues worldwide are rapidly evolving and as a result, implementation standards, potential fines, enforcement practices, and litigation risks are likely to remain uncertain for the foreseeable future. - In the United States, state legislatures continue to propose and pass comprehensive privacy legislation, including data breach notification laws, personal data privacy laws, and consumer protection laws. For example, the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act, gives California residents rights to access and delete their personal information, opt out of certain personal information sharing, and receive detailed information about how their personal information is used. The CCPA also provides for civil penalties for violations, as well as a private right of action for data breaches that is expected to increase data breach litigation. The CCPA has prompted a number of proposals for new federal and state-level privacy legislation, and in some states, efforts to pass comprehensive privacy laws have been successful. To date, numerous other states have enacted laws that impose privacy obligations that are similar to the CCPA and we also anticipate that more states will pass similar legislation. The existence of comprehensive privacy laws in different states in the country will add additional complexity, variation in requirements, restrictions, and potential legal risk, require additional investment of resources in compliance programs, impact strategies and the availability of previously useful data, and has resulted in and will result in increased compliance costs and/or changes in business practices and policies. - Outside of the United States, virtually every jurisdiction in which we operate has established its own privacy, data protection and/or data security legal framework with which we or our customers must comply, including, but not limited to, the European Union ("EU"). ?In the EU, data protection laws are stringent and continue to evolve, resulting in possible significant operational costs for internal compliance and risk to our business. The EU has adopted the GDPR, which imposes robust obligations upon covered companies, including heightened notice and consent requirements, greater rights of data subjects (e.g., the "right to be forgotten"), increased accountability measures, additional data breach notification and data security requirements, requirements for engaging third-party processors, and increased fines for non-compliance. Serious breaches of the GDPR (and similar data protection regulations in the United Kingdom) may result in monetary penalties of up to €20 million (or £17.5 million in the UK) or 4% of worldwide annual revenue, whichever is greater, for violations. In addition to the GDPR, other European legislative proposals and current laws and regulations apply to cookies and similar tracking technologies, electronic communications, and marketing, with an increased focus on online behavioral advertising. ?Many jurisdictions outside of Europe where we do business directly or through resellers today and may seek to expand our business in the future, are also considering or have enacted comprehensive data protection legislation, cybersecurity legislation, or both. These include Australia, Brazil, China, Japan, Mexico, Saudi Arabia, Singapore, and United Arab Emirates. - We are subject to various data transfer rules related to our ability to transfer data from one country to another. This may limit our ability to transfer certain data or require us to guarantee a certain level of protection when transferring data from one country to another. - We are also subject to data localization laws in certain countries that may, for example, require personal information of citizens to be collected, stored, and modified only within that country. These and similar regulations may interfere with our intended business activities, inhibit our ability to expand into those markets, require modifications to our offerings or services, or prohibit us from continuing to offer services in those markets without significant additional costs. - Current or future laws, regulations, and ethical considerations related to the use of AI technology may impact our ability to provide insights from data and use certain data to develop our offerings. Our company has significant experience with AI and we have incorporated it within our offerings for several years. While we focus on using AI in a responsible, ethical, and legal manner, our use of AI and the impact of laws, regulations, and ethical considerations for AI generally, and as they apply to our customers, may also require us to develop new or different systems and processes to test for accuracy, bias, and other variables and could increase our burden and cost of research and development in this area. The use of certain AI technology can give rise to IP risks, including compromises to proprietary IP and IP infringement. Additionally, we expect to see increasing government and supranational regulation related to AI use and ethics, which may also significantly increase the burden and cost of research, development and compliance in this area. The rapid evolution of AI will require the application of significant resources to design, develop, test and maintain our products and services to help ensure that AI is implemented in accordance with applicable law and regulation and in a socially responsible manner and to minimize any real or perceived unintended harmful impacts. Our vendors may in turn incorporate AI tools into their own offerings, and the providers of these AI tools may not meet existing or rapidly evolving regulatory or industry standards, including with respect to privacy and data security. Further, bad actors around the world use increasingly sophisticated methods, including the use of AI, to engage in illegal activities involving the theft and misuse of personal information, confidential information and IP. These factors may also impose burdensome and costly requirements on our ability and our customers' ability to utilize data in innovative ways. For example, the EU has adopted the AI Act and in the United States, new AI-related laws and rulemakings are underway or being proposed at the federal, state, and local levels. AI is evolving rapidly and if our use of AI and data were to draw controversy, it could harm our reputation and give rise to legal or regulatory action. The regulatory framework both in the United States and internationally governing the collection, processing, storage, use and sharing of certain information, particularly financial and other personal information, is rapidly evolving and is likely to continue to be subject to uncertainty and varying interpretations. It is possible that these laws may be interpreted and applied in a manner that is inconsistent with laws in other jurisdictions or which our existing data management practices or the features of our services and platform capabilities. We therefore cannot yet fully determine the impact these or future laws, rules, regulations, and industry standards may have on our business or operations. In addition to the laws and regulations to which we are subject regarding the collection, processing, storage, use, and sharing of certain information, our contracts with customers include specific obligations regarding the protection of confidentiality and the permitted uses of personally identifiable and other proprietary information. We also publicly post documentation regarding our practices concerning the collection, processing, use, and disclosure of data. Although we endeavor to comply with our published policies and documentation and the various laws and regulations that we are subject to, we may at times fail to do so or be alleged to have failed to do so. Any failure or perceived failure by us, or any third parties with which we do business, to comply with our posted privacy policies and product documentation or privacy laws or regulations, changing consumer expectations, evolving laws, rules, and regulations, industry standards, or contractual obligations to which we or such third parties are or may become subject, may result in actions or other claims against us by governmental entities or private actors, the expenditure of substantial costs, time and other resources or the imposition of significant fines, penalties or other liabilities, which could, individually or in the aggregate, materially and adversely affect our business, financial condition, and results of operations. In addition, any such action, particularly to the extent we were found to be guilty of violations or otherwise liable for damages, would damage our reputation and adversely affect our business, financial condition, and results of operations. Additionally, our customers may be subject to differing privacy laws, rules, and legislation, which may mean that they require us to be bound by varying contractual requirements applicable to certain other jurisdictions. Adherence to such contractual requirements may impact our collection, use, processing, storage, sharing, and disclosure of various types of information, including financial information and other personal information, and may mean we become bound by, or voluntarily comply with, self-regulatory or other industry standards relating to these matters that may further change as laws, rules, and regulations evolve. Complying with these requirements and changing our policies and practices may be onerous and costly, and we may not be able to respond quickly or effectively to regulatory, legislative, and other developments. These changes may in turn impair our ability to offer our existing or planned features, products, and services and/or increase our cost of doing business. As we expand our customer base, these requirements may vary from customer to customer, further increasing the cost of compliance and doing business.

As our business has grown, we have become increasingly subject to the risks arising from adverse changes in the domestic and global economies. Uncertainty in the macroeconomic environment and associated global economic conditions, as well as geopolitical disruption, have and may continue to result in extreme volatility in credit, equity, and foreign currency markets. These conditions, including changes in inflationary pressures, increased tariffs, rising interest rates, lower consumer confidence or uneven or lower spending, volatile capital markets, financial and credit market fluctuations, trade wars or trade conflicts, political turmoil, natural catastrophes, epidemics, warfare (including the ongoing conflicts in Ukraine, and in Israel and surrounding areas), and terrorist attacks on the United States or elsewhere, may also adversely affect the buying patterns of our customers and prospective customers, including the size of transactions and length of sales cycles, which would adversely affect our overall pipeline as well as our revenue growth expectations. For example, we have seen lengthening sales cycles, which may affect our future revenues and results of operations. In addition, increased economic uncertainty in the United States and abroad could lead to periods of economic slowdown or recession, continued inflation and higher interest rates, and the occurrence of such events, or public perception that any of these events may occur, could result in a general decrease in spending on technology or other business interruptions. We cannot predict the timing, strength, or duration of any economic slowdown, instability, or recovery, generally or within the technology industry. If macroeconomic or geopolitical conditions deteriorate or if the pace of recovery slows or is uneven, our overall results of operations could be adversely affected. We continue to invest in our international operations. There are significant risks with overseas investments, and our growth prospects in these regions are uncertain. Increased volatility, further declines in the European credit, equity, and foreign currency markets or geopolitical disruptions (including ongoing conflicts in Ukraine, and in Israel and surrounding areas) could cause delays in or cancellations of orders or have other negative impacts on our business operations in Europe (where a significant amount of our research and development operations are concentrated) and other regions throughout the world. If tensions between the United States, members of NATO and other countries continue to escalate and create global security concerns, it may result in an increased adverse impact on regional and global economies and increase the likelihood of cyber-attacks. Increased tariff rates could adversely affect our customers' and suppliers' businesses and in turn impact our business, while the imposition of taxes that target U.S. service providers such as us could directly increase the prices that our customers pay and adversely affect our business. Deterioration of economic or geopolitical conditions in the countries in which we do business could also cause slower or impaired collections on accounts receivable. In addition, we could experience delays in the payment obligations of our worldwide reseller customers if they experience weakness in the end-user market, which would increase our credit risk exposure and harm our financial condition. In addition, changes or uncertainties in U.S. trade policies toward foreign countries could create unfavorable economic conditions that may adversely affect our operations and growth. In 2022, we suspended all business in Russia and Belarus. Although we do not have material operations in Ukraine, Russia, or Belarus, geopolitical instability in the region, new sanctions, and enhanced export controls has and may continue to impact our ability to sell or export our platform in Ukraine, Russia, Belarus and surrounding countries. Similarly, our operations in Israel and the surrounding areas are not material to our business results, though geopolitical instability in the region may impact our ability to sell or export our platform there. While we do not believe the overall impact to be material to our business results, if these conflicts and the scope of sanctions expand further or persist for an extended period of time, our business could be harmed.

Revenue from customers located outside of the United States represented 56% of our total revenue for the three months ended June 30, 2025. As of March 31, 2025, approximately 68% of our employees were located outside of the United States. As a result, our global sales and operations are subject to a number of risks and additional costs, including the following: - increased expenses associated with international sales and operations, including establishing and maintaining office space and equipment for our international operations;- fluctuations in exchange rates between the U.S. dollar and other currencies in the markets where we do business, and other controls, regulations, and orders that might restrict our ability to repatriate cash;- volatility, uncertainties, and recessionary pressures in the global economy or in the economies of the countries in which we operate;- difficulties in penetrating new markets due to existing competition or local lack of recognition of the Dynatrace brand;- risks associated with trade restrictions and additional legal requirements, including the exportation of our technology or source code that is required in many of the countries in which we operate;- greater risk of unexpected changes in regulatory rules, regulations and practices, tariffs and tax laws and treaties;- compliance with U.S. and foreign import and export control and economic sanctions laws and regulations, including the Export Administration Regulations administered by the U.S. Department of Commerce's Bureau of Industry and Security and the executive orders and laws implemented by the U.S. Department of the Treasury's Office of Foreign Asset Controls;- compliance with anti-bribery laws, including the U.S. Foreign Corrupt Practices Act ("FCPA") and the U.K. Anti-Bribery Act, and a heightened risk of unfair or corrupt business practices in certain geographies, and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, or irregularities in, financial statements;- compliance with privacy, data protection, and data security laws of many countries and jurisdictions, including the EU's GDPR and the CCPA;- limited or uncertain protection of IP rights in some countries and the risks and costs associated with monitoring and enforcing IP rights abroad;- greater difficulty in enforcing contracts and managing collections in certain jurisdictions, as well as longer collection periods;- management communication and integration problems resulting from cultural and geographic dispersion;- difficulties hiring local staff, differing employer/employee relationships, and the potential need for country-specific benefits, programs, and systems;- social, economic, and political instability, epidemics and pandemics, terrorist attacks, wars, geopolitical conflicts, disputes and security concerns in general; and - potentially adverse tax consequences. These and other factors could harm our ability to generate future global revenue and, consequently, materially impact our business, results of operations, and financial condition.

We have transacted in foreign currencies and expect to transact in foreign currencies in the future. In addition, we maintain assets and liabilities that are denominated in currencies other than the functional operating currencies of our global entities. Accordingly, changes in the value of foreign currencies relative to the U.S. dollar will affect our revenue and operating results due to transactional and translational remeasurement that is reflected in our earnings. As a result of such foreign currency exchange rate fluctuations, which have been prevalent over recent periods, it could be more difficult to detect underlying trends in our business and results of operations. In addition, to the extent that fluctuations in currency exchange rates cause our results of operations to differ from our expectations or the expectations of our investors, the trading price of our common stock could be adversely affected. We do not currently maintain a program to hedge transactional exposures in foreign currencies. However, in the future, we may use derivative instruments, such as foreign currency forward and option contracts, to hedge certain exposures to fluctuations in foreign currency exchange rates. The use of such hedging activities may not offset any or more than a portion of the adverse financial effects of unfavorable movements in foreign exchange rates over the limited time the hedges are in place. Moreover, the use of hedging instruments may introduce additional risks if we are unable to structure effective hedges with such instruments.

In addition to our sales force, we rely on partners, including our strategic partners, to increase our sales and distribution of our software and services. We also have independent software vendor partners whose integrations may increase the breadth of the ecosystem in which our solutions can operate, and the size of the market that our solutions can address. We also have partnerships with GSIs, including Accenture, Atos, Deloitte, DXC, and Kyndryl, and hyperscalers such as AWS, GCP, and Azure, on which many of our customers depend, and through which our customers may be able to procure and deploy our solutions. We are dependent on these partner relationships to contribute to enabling our sales growth. We expect that our future growth will be increasingly dependent on the success of our partners and our partner relationships, and if those partnerships do not provide such benefits, our ability to grow our business will be harmed. If we are unable to scale our partner relationships effectively, or if our partners are unable to serve our customers effectively, we may need to expand our services organization, which could adversely affect our results of operations. Our agreements with our partners are generally non-exclusive, meaning our partners may offer products from several different companies to their customers or have their products or technologies also interoperate with products and technologies of other companies, including products that compete with our offerings. Moreover, some of our partners also compete with us, and if our partners do not effectively market and sell our offerings, choose to use greater efforts to market and sell their own products or those of our competitors or fail to meet the needs of our customers, our ability to grow our business and sell our offerings will be harmed. Many of our customers are also customers of hyperscalers such as AWS, GCP, and Azure. If our solutions fail to interoperate effectively with the hyperscalers' products, or if our partnerships with one or more of these hyperscalers are not successful or are terminated, our ability to sell additional products or offerings to these customers and our ability to grow our business will be harmed. Furthermore, our partners may cease marketing our offerings with limited or no notice and with little or no penalty, and new partners could require extensive training and may take several months or more to achieve productivity. The loss of a substantial number of our partners, our possible inability to replace them or our failure to recruit additional partners could harm our results of operations. Our partner structure could also subject us to lawsuits or reputational harm if, for example, a partner misrepresents the functionality of our offerings to customers or violates applicable laws or our corporate policies.

As the market for our solutions matures, or as new or existing competitors introduce new products, offerings, or services that compete with ours, or if tariffs or tax changes increase the effective price that customers pay for our solutions, we may experience pricing pressure and be unable to renew our agreements with existing customers or attract new customers at prices that are consistent with our current pricing model and operating budget. If this were to occur, it is possible that we would have to change our pricing model or reduce our prices, which could harm our revenue, gross margin, and operating results. Pricing decisions may also impact the mix of adoption among our licensing and subscription models, and negatively impact our overall revenue. Moreover, large global accounts, which we expect will account for a large portion of our business in the future, may demand substantial price concessions. If we are, for any reason, required to reduce our prices, our revenue, gross margin, profitability, financial position, and cash flow may be adversely affected.