UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, D.C. 20549

FORM 20-F/A

(Amendment No. 1)

(Mark One)

☐ REGISTRATION STATEMENT PURSUANT TO SECTION 12(b) OR 12(g) OF THE SECURITIES EXCHANGE ACT OF 1934

OR

☒ ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the fiscal year ended December 31, 2023

OR

☐ TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(D) OF THE SECURITIES EXCHANGE ACT OF 1934

OR

☐ SHELL COMPANY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

Commission File Number: 001-40772

Cellebrite DI Ltd.

(Exact name of Registrant as specified in its charter)

94 Shlomo Shmelzer Road Petah Tikva 4970602, Israel

(Address of principal executive offices)

Copy to:

Ayala Berler Shapira

94 Shlomo Shmelzer Road Petah Tikva 4970602, Israel

+972 (73) 394-8000

(Name, Telephone, Email and/or Facsimile number and Address of Company Contact Person)

Securities registered or to be registered pursuant to Section 12(b) of the Act:

Securities registered or to be registered pursuant to Section 12(g) of the Act: None

Securities for which there is a reporting obligation pursuant to Section 15(d) of the Act: None

Indicate the number of outstanding shares of each of the issuer’s classes of capital or common stock as of the close of the period covered by the annual report:

On March 11, 2024, the issuer had 205,297,065 ordinary shares, par value NIS 0.00001, outstanding.

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☐ No ☒

If this report is an annual or transition report, indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934. Yes ☐ No ☒

Indicate by check mark whether the registrant: (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒ No ☐

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files). Yes ☒ No ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, or a non-accelerated filer, or an emerging growth company. See definition of “accelerated filer,” “large accelerated filer,” and “emerging growth company” in Rule 12b-2 of the Exchange Act. (Check one):

If an emerging growth company that prepares its financial statements in accordance with U.S. GAAP, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards † provided pursuant to Section 13(a) of the Exchange Act. ☐

† The term “new or revised financial accounting standard” refers to any update issued by the Financial Accounting Standards Board to its Accounting Standards Codification after April 5, 2012.

Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☐

If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements. ☐

Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b). ☐

Indicate by check mark which basis of accounting the registrant has used to prepare the financial statements included in this filing:

If “Other” has been checked in response to the previous question indicate by check mark which financial statement item the registrant has elected to follow. Item 17 ☐ Item 18 ☐

If this is an annual report, indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes ☐ No ☒

EXPLANATORY NOTE

TABLE OF CONTENTS

PART I

ITEM 3. KEY INFORMATION

A. [Reserved]

B. Capitalization and Indebtedness

Not applicable.

C. Reasons for the Offer and Use of Proceeds

Not applicable.

D. Risk Factors

An investment in our securities involves a high degree of risk. You should carefully consider the risks described below before making an investment decision. Our business, prospects, financial condition, or operating results could be harmed by any of these risks, as well as other risks not known to us or that we consider immaterial as of the date of this Annual Report. The trading price of our securities could decline due to any of these risks, and, as a result, you may lose all or part of your investment.

Risks Related to Cellebrite’s Business and Industry

If we do not continue to develop new and technologically advanced solutions and enhance our products, our future revenue, financial and operating results would be negatively affected.

Cellebrite offers a comprehensive suite of digital investigative, or DI, solutions that includes a variety of solutions designed to help our customers collect, review, analyze and manage investigative data with respect to legally sanctioned investigations. We specialize in the creation of software based solutions that enable collection, decoding, decryption, analysis, reporting, review and management of data derived from digital sources manufactured or produced by a variety of original equipment manufacturers (“OEMs”) as well as the applications installed on such sources. Because OEMs and other software manufacturers are continuously changing their products, our success depends on our ability to design and develop new solutions and upgrades to our existing software solutions that keep up with these changes. To remain competitive, we must continue to develop new offerings, as well as features and enhancements to our existing solutions. Maintaining adequate research and development personnel and resources to meet the demands of the market is essential. However, there can be no assurance that we are able to design and develop adequate solutions and upgrades that will be compatible with products from OEMs and other software manufacturers. Such new solutions and upgrades, as well as the success of our business, are dependent on our product and research and development teams developing and executing on a roadmap that allows us to retain and increase our position in the market and the spending of our existing customers, in addition to attracting new customers. We may experience high turnover of our research and development personnel, resulting in a lack of managerial resources to guide our research and development, or a lack of other research and development resources. If we experience high turnover in our research and development personnel, we may miss or fail to execute on new offerings as well as existing solutions developments and strategic opportunities. Further, if we are unable to successfully deliver access capabilities via our Collect & Review solutions, we may not be able to provide our customers with the ability to lawfully access certain investigative or forensic data and, as such, our customers’ ability to carry out their mission will degrade. If our software is unable to collect, decode or encrypt data from certain digital devices, we may fail to continue to offer the same caliber of solutions as we have been able to offer in the past.

If we fail to sustain the caliber of our solutions as a result of our inability to update our software to keep up with the evolving security and encryption strategies in the industry or high turnover of our research and development personnel, the utilization of our solutions may decrease over time. Consequently, we may lose potential and actual market share. As a result, our reputation and the perception of the value of our solutions might be harmed and our financial and operating results will be negatively affected.

If law enforcement and other government agencies do not continue to purchase, accept and use our solutions, our revenue will be adversely affected.

Sales to law enforcement and government agencies accounted for more than 90% of our revenue in 2021, 2022 and 2023. At any point, due to external factors and opinions, whether or not related to our products’ performance, law enforcement and governments agencies may elect to no longer purchase our solutions. The key trends affecting the digital investigations market include, among other things, the explosive growth in the volume of digital data, the increases in data complexity and sophistication, the need for digital evidence management and analysis systems, and the lack of sufficient digital forensic professionals. If we are unable to meet these evolving needs, law enforcement and other government agencies may not continue to purchase, accept and use our solutions, and our revenue and financial condition will be adversely affected.

Our revenue, financial and operating results may also be impacted by changes in organizational structure within the public sector leading to complex decision-making processes or by a slowdown in the pace of adoption of investigation and justice acceleration related technologies in the public sector.

Real or perceived errors, failures, defects or bugs in our digital investigative (DI) solutions could adversely affect our results of operations, financial results, growth prospects and reputation.

Because we offer an end-to-end Case-To-Closure (C2C) Platform (“C2C Platform”), comprised of a suite of DI solutions, undetected errors, defects, failures or bugs may occur, especially when solutions or capabilities are first introduced or when new versions or other product or infrastructure updates are released. Despite frequent testing by us and regular software updates, errors, failures, or bugs may not be found in new software or releases until after they are implemented, and this could adversely affect our reputation and our customers’ willingness to buy solutions from us, and adversely affect market acceptance or perception of our solutions.

Many of our customers, especially those in law enforcement, use our solutions in applications that are of public interest or critical to their businesses or missions and may thus have a lower risk tolerance to defects in our solutions than to defects in other, less critical, software solutions. Errors or delays in releasing software updates or allegations of unsatisfactory performance or errors, defects or failures in released software could cause us, in the long run, to lose sales opportunities, increase our service costs, incur substantial software redesigning costs, lose customers or subject us to liability for damages and divert our resources from other tasks, any one of which could materially and adversely affect our business, results of operations and financial condition.

An error, failure or bug in any of our solutions used by our law enforcement customers could lead to interference with the administration of justice, for example by corrupting digital evidence rendering them inadmissible. Real or perceived errors, failures, or bugs in our solutions, or dissatisfaction with our solutions and outcomes, could result in customer terminations or non-renewals. In such an event, we may be required, or we may choose, for customer relations or other reasons, to expend additional resources in order to help correct any such errors, failures, or bugs.

A failure to maintain sales and marketing personnel productivity or hire, integrate and retain additional sales and marketing personnel has in the past and could in the future adversely affect our results of operations and growth prospects.

Our business requires intensive sales and marketing activities on a constant basis. Part of our strategy is to attract a larger number of law enforcement customers to use more of our solutions. Our sales and marketing personnel are essential to this effort and to attracting new customers and for the renewal and expansion of sales to existing customers generally. We require personnel with expertise in government contracting at federal, state and local levels in a variety of countries, and expertise in the private market, and with sufficient technological literacy to discuss our solutions’ features. There is a limited number of individuals with this experience and competition for them is intense. Furthermore, once hired it takes at least three months before a new sales force member is fully trained and operating at a level that meets our expectations, and training may take even longer when working remotely. While we invest significant time and resources in training new members of our sales force, we may not be able to achieve our target performance levels with new sales personnel, whether due to larger number of new hires, or lack of experience training sales personnel to operate in new jurisdictions or because of remote hiring and training process, among other reasons. Our failure to hire a sufficient number of qualified individuals, to successfully integrate new sales force members within the time periods we expect, and to contain sales force attrition rates may materially impact our financial and operational results as well as the growth of our business.

We face intense competition, including as a result of consolidation in our industry, which could increase the pricing pressure we face and cause us to lose market share, which would adversely affect our business, financial condition, and results of operations 

The markets for our solutions are highly competitive and are subject to rapid technological change and other pressures created by changes in our industry. We face varying levels of competition across our solution offerings. For more information, see “Part I, Item 4. Information on the Company—B. Business Overview—Competition.”

Many of our current and potential competitors are larger and/or may have substantially greater resources than we have and expect to have in the future. They may also be able to devote greater resources to the development of their current and future technologies or the promotion of their offerings or offer lower prices. Our current and potential competitors may also establish cooperative or strategic relationships among themselves or with third parties that may further enhance their brand and reputation, resources and offerings. Recently, there has been consolidation within our industry, which may increase competition, lead to pricing pressures and loss of market share and result in competitors with greater resources than us and harm our competitive position. Further, it is possible that domestic or foreign companies or governments, some with substantial experience in digital investigative solutions, public safety sector or law enforcement software and systems industry or greater financial resources than we possess, will seek to provide solutions that compete directly or indirectly with ours in the future. Any such foreign competitor, for example, could benefit from subsidies from, or other protective measures by, its home country.

Competition may increase and intensify in the future as the pace of technological change and adaptation quickens and as additional companies enter our markets, including those competitors who offer solutions similar to ours, but offer it through a different form of delivery. Numerous releases of competitive products have occurred in recent history and are expected to continue in the future. We may not be able to compete effectively with current competitors and potential entrants into our marketplace. We could lose market share if our current or prospective competitors: (i) develop technologies that are perceived to be substantially equivalent or superior to our technologies, (ii) introduce new competitive products or services, (iii) add new functionality to existing products and services, (iv) acquire competitive products and services, (v) reduce prices, or (vi) form strategic alliances or cooperative relationships with other companies. If other businesses were to engage in aggressive pricing policies with respect to competing products, as done in the past, or if the dynamics in our marketplace resulted in increasing bargaining power by the consumers of our solutions, we might need to lower the prices we charge for the solutions we offer, as we were forced in the past. This could result in lower revenue or reduced profit margins, either of which may materially adversely affect our business and operating results.

Finally, as we expand our offerings, we will face additional competition. For example, in the market for digital investigative solutions, there are numerous brands and solutions that compete for sales, with competition based upon brand recognition and loyalty, product packaging, quality and innovation, licensing models, price and convenience. Hence, changes in our image, packaging and licensing models that may be done for marketing and branding purposes could have a negative impact on our customers’ preference for us, which could adversely affect our ability to attract or retain customers. Overall, we believe our ability to compete successfully in delivering DI solutions at a competitive cost to customers does and will depend on a number of factors, which may change in the future due to increased competition, our ability to meet our customers’ needs and the frequency and availability of our offerings. If we are unable to compete successfully, our business, financial condition and results of operations could be adversely affected.

If our solutions are misused by customers, such customers may achieve sub-optimal results, which could lead to the perception that our solutions are low-quality.

Once purchased, our solutions are used by our customers, and if our customers do not use the solutions correctly or as intended, inadequate performance or outcomes may result. Our solutions are sometimes used by customers with smaller or less sophisticated IT departments, and professional practitioners, potentially resulting in such suite of solutions performing at a lower level than anticipated by the customer. Our customers rely on our solutions to assist them address important goals and challenges, and so the incorrect or improper use or configuration of our solutions may result in customer dissatisfaction, contract terminations or non-renewals, reduced customer payments, negative publicity, or legal claims against us.

Furthermore, although we offer extensive training options to users, if customer personnel do not opt to enroll in training, stay current on the use of our solutions or are not well trained in the use of our solutions, customers may open more support tickets, turn to our technical support more often, demand the attention of our customer satisfaction teams, or may defer the deployment of our solutions and solutions, may deploy them in a more limited manner than originally anticipated, or may not deploy them at all. If there is substantial turnover of customer personnel responsible for procurement and/or use of our solutions, our solutions may go unused or be adopted less broadly, and our ability to make additional sales may be substantially limited, which could negatively impact our business, results of operations, and growth prospects.

If we fail to manage future growth effectively, our business could be harmed.

For the last several years, we have experienced business growth. For example, our revenue has grown from $195 million in 2020 to $325 million in 2023, and our headcount has increased from 757 employees as of December 31, 2020 to 1,008 employees as of December 31, 2023. We operate in a growing market and have experienced, and may continue to experience, significant expansion of our operations. This growth has placed, and may continue to place, a strain on our employees, management systems, operational, financial, and other resources. As we have grown, we have increasingly managed larger and more complex deployments of our solutions with a broader base of government and private sector customers. As we continue to grow, we face challenges of integrating, developing, retaining, and motivating a growing employee base in various countries around the world. In the event of continued growth of our operations, our operational resources, including our information technology systems, our employee base, or our internal controls and procedures may not be adequate to support our operations. Managing our growth may require significant expenditures and allocation of valuable management resources, improving our operational, financial, and management processes and systems, and effectively expanding, training, and managing our employee base. If we fail to achieve the necessary level of efficiency in our organization as it grows, our business, financial condition, and results of operations would be harmed. As our organization continues to grow, we may find it increasingly difficult to maintain the benefits of our traditional company culture, including our ability to quickly respond to customers, and avoid a formal corporate structure. This could negatively affect our business performance or ability to hire or retain personnel in the near or long-term.

In addition, our growth may make it difficult to evaluate our future prospects. Our ability to forecast our future results of operations is subject to a number of uncertainties, including our ability to effectively plan for and model future growth. We may encounter risks and uncertainties frequently experienced by growing companies with global operations in rapidly changing industries. If we fail to achieve the necessary level of efficiency in our organization as it grows, or if we are not able to accurately forecast future growth and plan for it, our business, financial condition, and results of operations would be harmed.

Our business depends on our customers renewing their subscriptions and purchasing additional subscriptions or services from us. Any material decline in our dollar-based net retention rate would harm our future results of operations.

To continue to grow our business, it is important that our customers renew their subscriptions when existing contract terms expire and that we expand our commercial relationships with our existing customers. We offer our software solutions primarily through annual and multi-year subscription agreements. In order for us to improve our operating results, it is important that our customers will renew their existing subscription agreements, as well as purchase additional software solutions from us. Our customers have no obligation to renew their subscriptions, and may decide not to renew their subscriptions with a similar contract period, at the same prices and terms or with the same or a greater number of users. We have experienced growth by selling additional solutions to our existing customer base, but there can be no assurances that we will achieve similar growth rates in the future. In the past, some of our customers have elected not to renew their agreements with us, and it is difficult to accurately predict long-term customer retention and expansion rates. Our customer retention and expansion may decline or fluctuate as a result of a number of factors, including our customers’ satisfaction with our products, our product support, our prices and pricing plans, global economic conditions, the inflation and interest rate environment and increased costs, the prices of competing software products, reductions in our customers’ spending levels, user adoption of our solutions, utilization rates by our customers, new product releases and changes to the packaging of our product offerings. If our customers do not purchase additional subscriptions or renew their subscriptions, renew on less favorable terms or fail to add more users or units, our revenue may decline or grow less quickly than anticipated, which would harm our future results of operations. Furthermore, if our contractual subscription terms were to shorten, it could lead to increased volatility of, and diminished visibility into, future recurring revenue. If our sales of new or recurring subscriptions and software-related support service contracts decline from current levels, our revenue and revenue growth may decline, and our business will suffer.

We conduct a fairly low volume of our business via e-commerce, which may result in the purchase process being more difficult for customers compared to other businesses.

We do not sell our solutions to new customers using e-commerce methods. While customers can initiate contact with us using our website, the ultimate purchase in most cases is not made through our website and is made only after an interactive discussion with the customer. For example, our sales process may involve “know your customer” vetting and screening procedures which must take place prior to customer being approved. As a result, the purchase process can be lengthy compared to e-commerce transactions, and it is possible that the length of the process may discourage some customers from completing the transaction with us rather than a competitor which offers more seamless online sales.

Issues in the use of artificial intelligence (“AI”) (including machine learning) in our C2C Platform may result in reputational harm, liability or impact our financial results.

AI is enabled by or integrated into our C2C Platform. For example, Cellebrite Pathfinder solution, our principal investigative analytics tool, uses AI to allow customers to create unique search categories for reviewing text, video and image evidence. The evolution of AI, including the recent introduction of OpenAI and ChatGPT as well as competing AI engines, present opportunities for further efficiencies in DI. Failing to adopt such capabilities effectively with the C2C Platform may harm our ability to effectively compete in the market place. At the same time, as with many developing technologies, AI presents risks and challenges that could affect its further development, adoption, and use, and therefore our business. AI algorithms may be flawed and may present risks due to a lack of back-testing. Datasets in AI training, development, or operations may be insufficient, of poor quality, or reflect unwanted forms of bias. Inappropriate or controversial data practices by, or practices reflecting inherent biases of, data scientists, engineers, and end-users of our systems could impair the acceptance of AI solutions. If the recommendations, forecasts, or analyses that AI applications assist in producing are deficient or inaccurate, we could be subjected to competitive harm, potential legal liability, and brand or reputational harm. Some AI scenarios present ethical issues, for example, due to unintentional biases that may stem from the predictive nature of AI algorithms and we may enable or offer solutions that draw controversy due to their perceived or actual impact on society. Though our business practices are responsibly designed to meet our customers’ needs for products and services that use AI and to mitigate many of these risks, we could suffer reputational or competitive damage as a result of any inconsistencies in the application of the technology or ethical concerns all of which may generate negative publicity. We could also face regulatory or legal scrutiny, such as a result of potential procedural due process claims stemming from the use of the technology.

Existing or future legislation and regulations pertaining to AI, and AI-enabled products may apply to us or to our customers, and may make it more challenging, costly, or in some cases prohibitive for certain products or services to be offered or modified and subject us to regulatory and litigation risks and potential liabilities, which could adversely affect our business and results of operations.

We could also suffer reputational or competitive damage from negative publicity related to products and services that utilize AI or other regulated analytics, which could also adversely affect our business and results of operations.

Current or future privacy-related legislation and governmental regulations pertaining to AI, AI-enabled products and the use of video analytics may influence our current and prospective customers’ activities, as well as their expectations and needs in relation to our products and services and affect how our business is conducted or expose us to unfavorable developments resulting from changes in the regulatory landscape.

Certain governments or countries may decide to adopt new extensive standards or legislation for AI safety and security, that may render the use of such technologies challenging. For example, On October 30, 2023, the Biden administration issued an Executive Order to, among other things, establish such extensive new standards.

Compliance with these laws and regulations may be onerous and expensive, and may be inconsistent from jurisdiction to jurisdiction, further increasing the cost of compliance and the risk of liability. Any such increase in costs or increased risk of liability as a result of changes in these laws and regulations or in their interpretation could individually or in the aggregate make our products and services that use AI technologies less attractive to our customers, cause us to change or limit our business practices or affect our financial condition and operating results.

We may require additional capital to support the growth of our business, and this capital might not be available on acceptable terms, if at all.

As of December 31, 2023, we had cash and cash equivalents of $189.5 million, short-term deposits of $74.7 million and short term and long term marketable securities of $67.6 million. We could receive approximately up to an aggregate of $341 million from the exercise of outstanding Warrants, assuming the exercise in full of all our outstanding Warrants for cash. However, there is no assurance that the holders of the Warrants will elect to exercise any or all of the Warrants. We expect to meet our ongoing liquidity needs for at least the current year. However, we might require substantial additional financing in order to execute our inorganic growth strategy. Such financing might not be available on commercially reasonable terms, if at all. In particular, our ability to obtain financing for growth may depend in part on our ability to first enter into customer agreements sufficient to demonstrate such growth. If we are unable to obtain such financing, or secure sufficient customer agreements, on commercially reasonable terms, or at all, we will not be able to execute our growth strategy.

To the extent that we raise additional capital through the sale of equity or convertible debt securities, the ownership interest of our current security holders will be diluted, and the terms of those securities may include liquidation or other preferences that adversely affect the rights of our current holders of Ordinary Shares or Warrants. Debt financing and preferred equity financing, if available, may involve agreements that include covenants limiting or restricting our ability to take specific actions, such as incurring additional debt, making acquisitions or capital expenditures or declaring dividends. Debt financing could also have significant negative consequences for our business, results of operations and financial condition, including, among others, increasing our vulnerability to adverse economic and industry conditions, limiting our ability to obtain additional financing, requiring the dedication of a substantial portion of our cash flow from operations to service our indebtedness, thereby reducing the amount of our cash flow available for other purposes, limiting our flexibility in planning for, or reacting to, changes in our business, and placing us at a possible competitive disadvantage compared to less leveraged competitors or competitors that may have better access to capital resources.

If we raise additional funds through collaborations, strategic alliances or marketing, distribution or licensing arrangements with third parties, we may have to relinquish valuable rights to our technologies, future revenue streams, research programs or solutions, or grant licenses on terms that may not be favorable to us. If we are unable to raise additional funds through equity or debt financings or other arrangements when needed, we may be required to delay, limit, reduce or terminate our commercialization, research and development efforts or grant rights to third parties to market and/or develop solutions that we would otherwise prefer to market and develop ourselves.

Higher costs or unavailability of materials used to create our hardware product components could adversely affect our financial results.

We depend on certain suppliers for the delivery of components used in the assembly of our hardware product components. In particular, we use specialized adapters, which connect our software to mobile devices and computers being examined. If we become unable to obtain any components necessary for our hardware products, we may struggle to fulfill contracts and acquire new customers. We generally keep up to three quarters of inventory on hand for long lead-time components to mitigate this risk, which we believe would give us enough time to resolve shortage due to an issue with a particular supplier, but it might not be enough time to resolve a shortage that stems from resource scarcity. Any interruption of supply for any material components of our products could significantly delay the shipment of our products and have a material adverse effect on our revenue, profitability and financial condition. International or domestic geopolitical or other events, including the developing conflict between Israel and Hamas as well as the expanding regional conflict and ongoing disruptions from Houthi attacks in the Red Sea, the imposition of new or increased tariffs and/or quotas by the U.S. federal government on any of these raw materials or components, could adversely impact the supply and cost of these raw materials or components, and could adversely impact the profitability of our operations. Additionally, if we experience an unpredicted increase in customer demand, we might not be able to acquire enough materials to meet that demand in a timely manner and/or incur higher costs than expected due to increased demand.

Fluctuations in foreign currency exchange rates could materially affect our financial results.

Our financial statements are presented in U.S. dollars. Because some of our revenue, operating expenses, assets and liabilities are denominated in foreign currencies, we are subject to foreign exchange risks that could adversely affect our operations and reported results. To the extent that we incur expenses in one currency but earn revenue in another, any change in the values of those foreign currencies relative to the USD could cause our profits to decrease depending on the magnitude of the changes in foreign currencies, or our products to be less competitive against those of our competitors. To the extent that our foreign currency holdings and other assets denominated in a foreign currency are greater or less than our liabilities denominated in a foreign currency, we have foreign exchange exposure. More specifically, for current and potential international customers whose contracts are denominated in U.S. dollars, the relative change in local currency values creates relative fluctuations in our product pricing. These changes in international end customer costs may result in lost orders and reduce the competitiveness of our solutions in certain foreign markets. Additionally, intercompany sales to our non-U.S. dollar functional currency international subsidiaries are transacted in U.S. dollars which could increase our foreign exchange rate risk caused by foreign currency transaction gains and losses.

For non-U.S. dollar denominated sales, weakening of foreign currencies relative to the U.S. dollar generally leads us to raise international pricing, potentially reducing demand for our solutions. Should we decide not to raise local prices to fully offset the U.S. dollar’s strengthening, the U.S. dollar value of our foreign currency denominated sales and earnings would be adversely affected. Fluctuations in foreign currency could result in a change in the U.S. dollar value of our foreign denominated assets and liabilities including accounts receivable. Therefore, the U.S. dollar equivalent collected on a given sale could be less than the amount invoiced causing the sale to be less profitable than contemplated.

Approximately 51% of our expenses, primarily payroll and rent, are paid in Israeli new shekels (NIS). The U.S. dollar compared to the NIS experienced meaningful volatility over the last several years, which, if it continues to present the same behavior, could have an adverse impact on our expenses and profitability. Although we take steps to hedge our foreign currency exposures related to our NIS expenses, such measures may not adequately protect us from material adverse effects due to the impact of local conflicts, including the ongoing Israel-Hamas conflict and tensions in the Middle East, global inflation or from fluctuations in the relative values of the U.S. dollar and other foreign currencies in which we transact business, and may result in a financial loss.

The sales cycle for some of our solutions can be lengthy.

Most of our sales transactions involve a short sales cycle; however, larger transactions often involve a longer sales cycle and may require, for example, discussions about budget and funding and about which potential solution is most suitable to the customer. The larger the sale, the longer these consultations tend to last. If our sales efforts to a potential customer do not result in sufficient revenue to justify our time and investments, our business, financial condition and results of operations could be adversely affected. We are currently expanding our sales of the C2C Platform to customers, and the impact of these longer sales cycles could become more significant over time. Because of the long approval process that typically accompanies strategic initiatives or capital expenditures by our customers, our sales process may be prolonged, revenues delayed, with little or no control over any delays encountered by us.

Because most of our revenue is derived from subscriptions, which is recognized over the life of the subscription, near term declines in new or renewed agreements may not be reflected immediately in our operating results and may be difficult to discern.

Most of our revenue in each quarter is derived from subscription agreements entered into with our customers during previous quarters. Consequently, a decline in new or renewed agreements in any one quarter may not be fully reflected in our revenue for that quarter. Such declines, however, would negatively affect our revenue in future periods and the effect of significant downturns in sales of and market demand for our offerings, and potential changes in our rate of renewals or renewal terms, may not be fully reflected in our results of operations until future periods. Annual Recurring Revenue, or ARR, is a key performance metric we use that is based on contractual terms in existence as of the end of a reporting period and is subject to change resulting from a number of factors including, but not limited to, addition of new customers, changes in user counts, terminations or non-renewals, renewal terms as well as upsells and cross-sells. For all of these reasons, the amount of subscription revenue we actually recognize will differ from ARR at the end of a period in which it was recorded. In addition, we may be unable to adjust our cost structure rapidly, or at all, to take account of reduced revenue if demand for new or renewed agreements deteriorates. Our subscription model also makes it difficult for us to rapidly increase our total revenue through additional sales in any period, as revenue from new subscriptions, which has historically comprised the majority of our revenue, is recognized over the applicable term of the agreement.

If we are unable to retain qualified personnel and senior management, including Yossi Carmil, our Chief Executive Officer, and hire and retain additional qualified personnel, our business could suffer.

Our ability to compete in the highly competitive technology industry depends upon our ability to attract, motivate, and retain qualified personnel. We are highly dependent on the continued contributions and customer relationships of our management and particularly on the skills of Yossi Carmil, our Chief Executive Officer. Mr. Carmil has served as our Chief Executive Officer for 19 years, and has been instrumental to our growth over this period. We believe that Mr. Carmil’s experience and insights into our industry and our business would be difficult to replace. All of our executive officers and key personnel are at-will employees and may terminate their employment relationship with us at any time. The loss of the services of our key personnel and any of our other executive officers, and our inability to find suitable replacements, could result in a decline in sales, delays in product research and development, and harm to our business and operations.

Our success also depends on our ability to effectively source and staff people with the right mix of skills and experience to perform services for our customers, including our ability to transition personnel to new assignments on a timely basis. If we are unable to effectively utilize our personnel on a timely basis to fulfill the needs of our customers, our business could suffer.

We continue to face intense competition for qualified personnel, specifically personnel in sales, research and development. Larger companies with whom we compete will likely continue to invest more resources than we do on employee recruitment and are often able to offer more favorable compensation and incentive packages than we can. Further, many of the companies with which we compete for qualified personnel have greater resources than we have. We seek to retain and motivate existing personnel through our compensation practices, company culture, and career development opportunities. If we fail to attract new personnel or to retain our current personnel, our business and operations could be harmed.

Furthermore, retention is an industry-wide issue given the competitive technology labor market and as the millennial workforce continues to value multiple company experience over long tenure. There is a limited pool of qualified personnel and at present, such personnel are in short supply. For example, over the last ten years we have experienced an increase in competition for recruiting qualified research and development teams and engineers in Israel where we have a substantial presence and need for skilled employees. Furthermore, if we experience high turnover of our research and development personnel, a lack of managerial resources to guide our research and development, or a lack of other research and development resources, we may miss or fail to execute on new product development and strategic opportunities and consequently lose potential and actual market share. The success of our business is dependent on our research and development teams developing and executing on a product roadmap that allows us to retain and increase the spending of our existing customers and attract new customers. A failure to continue offering the same caliber of solutions and to effectively meet our customers’ needs due to a loss of key personnel could therefore adversely affect our business and results of operations.

Certain of our key employees participate in our equity plan and receive RSUs and/or options to purchase Ordinary Shares and/or are invited to participate in our 2021 Employee Share Purchase Plan (“ESPP”). Volatility in the trading price of Ordinary Shares may also affect our ability to attract and retain qualified personnel. Personnel may be more likely to leave us if the Ordinary Shares they own have significantly depreciated in value relative to the original purchase price of these shares or the exercise price of the options, or conversely, if the exercise price of the options that they hold are significantly above the trading price. Any of these factors could harm our business, financial condition, and results of operations.

The security of our operations and the integrity of our software solutions are critical to our operations and to maintaining the trust and confidence of our customers.

We have established practices and procedures intended to protect the security, integrity, availability and confidentiality of our systems and the integrity of the data our software solutions generates. However, there can be no assurance that such measures will prevent all malicious activities, including deliberate insertion of exploitative code, malware or cyberattacks, or inadvertent disclosures (including of personal data or confidential business information) or unauthorized access, from impacting our system and information. We monitor new technological developments and new threats, and consistently update our software as needed to enhance its security. However, there can be no assurance that our software updates can keep up with evolving security and encryption strategies in the industry, and, as a result, our software may be vulnerable to malicious attacks. We may also experience breaches of our security due to human error, malfeasance, system errors or vulnerabilities, or other irregularities. As the techniques used to obtain unauthorized access change frequently, we may be unable to anticipate these techniques or to implement adequate preventative measures. Although to date, malicious activities directed at us have not had a material impact on our business nor, to our knowledge, have they impacted the integrity of the data that our solutions extract from devices, future malicious activities could compromise our solutions and cause us to incur liabilities that may have a material adverse impact on our reputation and business. While we maintain insurance coverage that we believe is adequate for our business, such coverage may not cover all potential costs and expenses associated with incidents that may occur in the future.

We may be materially adversely affected by negative publicity related to our business and use of our products.

Publicly available information regarding Cellebrite has historically been limited, in part due to the sensitivity of our work with customers or contractual requirements limiting or preventing public disclosure of certain aspects of our work or relationships with certain customers. As our business has grown and as interest in Cellebrite and digital investigative technology overall has increased, we have attracted, and may continue to attract, attention from news and other outlets, which in turn can lead to negative political and public sentiment. For example, we have received and may continue to be subject to adverse press coverage of our digital forensics software, which has the potential to create negative public or political sentiment because of perceived data security, ethical and other concerns. Moreover, adverse press coverage and other negative publicity, whether or not driven by political or public sentiment, may also result in investigations by regulators, legislators and law enforcement officials or ultimately in legal claims. Due to the sensitive nature of our work and our confidentiality obligations and despite our ongoing efforts to provide increased transparency, where possible, into our business, operations, and product capabilities, we may be unable to or limited in our ability to respond to such harmful coverage, which could have a negative impact on our business. Responding to such coverage, claims, investigations and lawsuits, regardless of the ultimate outcome of the proceeding, can divert the time and effort of senior management from the management of our businesses. Addressing any adverse publicity, governmental scrutiny or enforcement or other legal proceedings is time consuming and expensive and, regardless of the factual basis for the assertions being made, can have a negative impact on our reputation, the morale and performance of our employees and our relationships with regulators. It may also have an adverse impact on our ability to take timely advantage of various business and market opportunities.

Additionally, activist criticism of our relationships with customers could potentially engender dissatisfaction among potential and existing customers, investors, and employees with how we address political and social concerns in our business activities, such as ceasing to do business in certain jurisdictions. See “—Some of our solutions may be used by customers in a way that is, or that is perceived to be, incompatible with human rights. Any such perception could adversely affect our reputation, revenue and results of operations.” Conversely, being perceived as yielding to activism targeted at certain customers could damage our relationships with other customers, including governments and government agencies with which we do business, whose views may or may not be aligned with those of political and social activists. Actions we take in response to the activities of our customers, up to and including terminating our contracts or refusing a particular product use case could harm our brand and reputation. In either case, the resulting harm to our reputation could:

The direct and indirect effects of such factors, negative publicity, and the demands of responding to and addressing them, may have a material adverse effect on our businesses, financial condition and results of operations.

Risks Related to the Businesses of Cellebrite’s Customers

Our sales to government customers expose us to business volatility and risks, including government budgeting cycles and appropriations, early termination, audits, investigations, sanctions and penalties.

We generate most of our revenue from contracts with federal, state, provincial and local governments, and many of these government customers may terminate most of these contracts at any time, without cause. There is pressure on some governments and their agencies, both domestically and internationally, to reduce spending. Further, U.S. federal government contracts are subject to the approval of appropriations made by the U.S. Congress to fund the expenditures under these contracts. In particular, budget uncertainty, the risk of future budget cuts, the potential for U.S. Government shutdowns, the use of continuing resolutions, and the federal debt ceiling can adversely affect our industry and the funding for our solutions. If appropriations were delayed or a government shutdown were to occur and were to continue for an extended period of time, we could be at risk of disruptions to our business.

Similarly, our contracts with U.S. state and local governments, Canadian federal, provincial and local governments and other foreign governments and their agencies are generally subject to government funding authorizations. Additionally, government contracts are generally subject to audits and investigations which could result in various civil and criminal penalties and administrative sanctions, including termination of contracts, refund of a portion of fees received, forfeiture of profits, suspension of payments, fines and suspensions or debarment from future government business.

A decline in government budgets, changes in spending or budgetary priorities, or delays in contract awards may significantly and adversely affect our future revenue and limit our growth prospects.

We generated more than 90% of our revenue in 2021, 2022 and 2023 from contracts with governments and government agencies, and our results of operations could be adversely affected by government spending caps or changes in government budgetary priorities, as well as by delays in the government budget process, program starts, or the award of contracts or orders under existing contract vehicles. Further, these government clients may terminate most of these contracts at any time, without cause and face increased pressure to reduce spending, see “If law enforcement and other government agencies do not continue to purchase, accept and use our solutions, our revenue will be adversely affected.” We are materially dependent on acceptance of our solutions by law enforcement markets and government agencies, both domestic and international. If law enforcement and other government agencies do not continue to purchase, accept and use our solutions, our revenue will be adversely affected. Future spending and program authorizations may not increase or may decrease or shift to programs in areas in which we do not provide services or are less likely to be awarded contracts. Budgetary constraints for political or economic reasons, particularly in light of the Russia-Ukraine conflict, the Israel-Hamas conflict and tensions in the Middle East due to the widening regional conflict also cause our governmental customers to divert budget and as a result forgo using our solutions. We face these risks in every country in which we operate.

Revenues from the U.S. federal government customers comprised of 17% of our total revenue in 2023. Those contracts are conditioned upon the continuing availability of U.S. Congressional appropriations. The U.S. Congress usually appropriates funds on a fiscal year (FY) basis even though contract performance may extend over many years. Consequently, contracts are often partially funded initially and additional funds are committed only as Congress makes further appropriations over time. If we incur costs in excess of funds obligated on a contract or in advance of a contract award, we may be at risk of not being reimbursed for those costs unless and until additional funds are obligated under the contract or the contract is awarded and funded. Additionally, when the U.S. Congress does not complete a budget before the end of the fiscal year, government operations typically are funded through one or more continuing resolutions that authorize agencies of the U.S. federal government to continue to operate consistent with funding levels from the prior year’s appropriated amounts, but do not authorize new spending initiatives. When the U.S. federal government operates under a continuing resolution, contract awards may be delayed, canceled, or funded at lower levels, which could adversely impact our business, financial condition, and results of operations. If appropriations or continuing resolutions for the U.S. federal government departments and agencies with which we work or have prospective business are not made by September 30 (the last day of the federal fiscal year) of any given year, the lapse in appropriations may also have negative impacts on our ability to continue work and to recognize revenue from those customers, for so long as the lapse continues. In particular, when the U.S. Government operates under a continuing resolution, new contract and program starts are restricted and funding for our solutions may be unavailable, reduced or delayed. Shifting funding priorities or federal budget compromises, could also result in reductions in overall defense spending on an absolute or inflation-adjusted basis, which could adversely impact our business.

The U.S. federal government may also shift spending away from one or more of the federal agencies from which we derive much of our revenue, such as Immigration and Customs Enforcement, for budgetary or political reasons. A significant decline in overall U.S. federal government spending, a significant shift in spending priorities, the substantial reduction or elimination of particular law enforcement-related programs, or significant budget-related delays in contract or task order awards for large programs could adversely affect our future revenue and limit our growth prospects.

Evolving government procurement policies and increased emphasis on cost over performance could adversely affect our business.

A significant majority of our customers are in the public sector. The procurement process for government agencies can be more challenging than contracting in the private sector and can impose additional costs and complicate sales efforts. Further, changes in the political landscape or required procurement procedures that affect our target customers could be introduced prior to the completion of our sales cycle, making it more difficult or costly to finalize a contract with a new customer or expand or renew an existing customer relationship. For example, customers may require a competitive bidding process with extended response deadlines, review or appeal periods; or customers may need to secure funding, which could result in purchasing delays or cancellations; or customer attention may be diverted to other government matters, postponing the consideration of the purchase of our solutions. Such delays could harm our ability to provide our solutions efficiently and to grow or maintain our customer base. In addition, the majority of our government contracts include the right for government agencies to delay, curtail, renegotiate or terminate contracts and subcontracts at their convenience any time prior to their completion. Any decision by a government customer to exercise any of these rights in our contracts may result in a decline in our profits and revenue.

Changes in civil forfeiture laws may affect our customers’ ability to purchase our solutions.

Many of our law enforcement customers in the United States use funds seized through civil forfeiture proceedings to fund the purchase of our solutions. State civil forfeiture statutes permit state governments to seize property with limited judicial oversight, often based on a preponderance of the evidence that the property was connected to criminal activity even if the owner of the property is not subject to criminal charges. A one-justice U.S. Supreme Court opinion in March 2017 sharply criticized civil forfeiture as possibly violating the due process clause of the U.S. Constitution, although the U.S. Supreme Court in that instance declined to hear the case on procedural grounds. An adverse U.S. Supreme Court decision or changes in state legislation could impact our customers’ ability to seize funds or use seized funds to fund purchases. Changes in civil forfeiture statutes or regulations are outside of our control and could limit the amount of funds available to our customers, which could adversely affect the sale of our solutions.

Our revenue from private sector customers, and our operations in general, could be adversely affected by any weakening of economic conditions.

Our private sector customers may be more susceptible to weakening economic conditions than our public sector customers. Certain economies have experienced periods of downturn as a result of a multitude of factors, including, but not limited to, turmoil in the credit and financial markets, concerns regarding the stability and viability of major financial institutions, declines in gross domestic product, increases in unemployment, volatility in commodity prices and worldwide stock markets, higher interest rates, potential governmental shutdowns, natural catastrophes, the COVID-19 pandemic, warfare, the geopolitical turmoil between Russia and Ukraine, Israel and Hamas and the overall volatility and violence in the Middle East and North Africa, inflation, excessive government debt and disruptions to global trade or tariffs. The severity and length of time that a downturn in economic and financial market conditions may persist, as well as the timing, strength and sustainability of any recovery, are unknown and are beyond our control.

Any instability in the global economy affects countries in different ways, at different times and with varying severity, which makes the impact to our business complex and unpredictable. During such downturns, many customers may delay or reduce technology purchases. Contract negotiations may become more protracted or conditions could result in reductions in the sales of our software, hardware and solutions, longer sales cycles, pressure on our margins, difficulties in collection of accounts receivable or delayed payments, increased default risks associated with our accounts receivables, slower adoption of new technologies and increased price competition. While none of these delays has been significant, they may become significant in the future or transition from delays to outright cancellation. Additionally, a significant portion of our training activities are usually in person with on-premises training, and our on-the-ground on-premises deployment staff travel to our customers’ workplaces to demonstrate how to use our solutions.

In addition, deterioration of the global credit markets could adversely impact our ability to complete licensing transactions and services transactions. Any of these events, as well as a general weakening of, or declining corporate confidence in, the global economy, or a curtailment in corporate spending could delay or decrease our revenue and therefore have a material adverse effect on our business, operating results and financial condition.

Risks Related to Cellebrite’s Intellectual Property

Failure to adequately obtain, maintain, protect and enforce our intellectual property and other proprietary rights could adversely affect our business.

Our success and ability to compete depends in part on our ability to maintain, protect, enforce and defend our intellectual property and other proprietary rights. We rely upon a combination of copyright, trademark, patent and trade secret laws, as well as certain contractual provisions, to establish, maintain, protect and enforce our intellectual property and other proprietary rights. Despite our efforts, third parties may attempt to disclose, obtain, copy, or use our intellectual property or other proprietary information or technology without our authorization, and our efforts to protect our intellectual property and other proprietary rights may not prevent such unauthorized disclosure or use, misappropriation, infringement, reverse engineering or other violation of our intellectual property or other proprietary rights. Effective protection of our rights may not be available to us in every country in which our solutions are available. The laws of some countries may not be as protective of intellectual property and other proprietary rights as those in Israel or the United States, and mechanisms for enforcement of intellectual property and other proprietary rights may be inadequate. Additionally, the IP ownership and license rights of new technologies such as AI have not been fully addressed by U.S. courts interpreting current and new laws or regulations, and the use or adoption of such technologies in our products and services may expose us to potential intellectual property claims; breach of a data license, software license, or website terms of service allegations; claimed violations of privacy rights; and other tort claims. If such laws or regulations require increased transparency, it may impair protection of our trade secrets or other IP. Also, our involvement in standard setting activity or the need to obtain licenses from others may require us to license our intellectual property. Accordingly, despite our efforts, we may be unable to prevent third parties from using our intellectual property or other proprietary information or technology. The violation of our licensing agreements by transferring or allowing the use of our intellectual property, proprietary information or technology without a license may pose additional risks.

In addition, we may be the subject of intellectual property infringement or misappropriation claims, which could be very time-consuming and expensive to settle or litigate and could divert our management’s attention and other resources. These claims could also subject us to significant liability for damages if we are found to have infringed patents, copyrights, trademarks, or other intellectual property rights, or breached trademark co-existence agreements or other intellectual property licenses and could require us to cease using or to rebrand all or portions of our solutions.

Any of our intellectual property rights may be challenged, narrowed, invalidated, held unenforceable, or circumvented in litigation or other proceedings, including, where applicable, opposition, re-examination, inter partes review, post-grant review, interference, nullification and derivation proceedings, and equivalent proceedings in foreign jurisdictions, and such intellectual property or other proprietary rights may be lost or no longer provide us meaningful competitive advantages. Such proceedings may result in substantial cost and require significant time from our management, even if the eventual outcome is favorable to us.

While we currently have no outstanding issued patents, we seek patent protection and may in the future determine that we require additional patents in order to protect our software and processes, and we may be unable to obtain patent protection for the technology covered in our patent applications or such patent protection may not be obtained quickly enough to meet our business needs. Furthermore, the patent prosecution process is expensive, time-consuming, and complex, and we may not be able to prepare, file, prosecute, maintain, and enforce all necessary or desirable patent applications at a reasonable cost or in a timely manner. The scope of patent protection also can be reinterpreted after issuance and issued patents may be invalidated. Even if our patent applications do issue as patents, they may not issue in a form that is sufficiently broad to protect our technology, prevent competitors or other third parties from competing with us or otherwise provide us with any competitive advantage.

Third parties may legitimately and independently develop products, services, and technology similar to or duplicative of our products, services and technology. In addition to protection under intellectual property laws, we rely on confidentiality or license agreements that we generally enter into with our corporate partners, employees, consultants, advisors, vendors, and customers, and generally limit access to and distribution of our intellectual property and proprietary information. However, we cannot be certain that we have entered into such agreements with all parties who may have or have had access to our confidential information or that the agreements we have entered into will not be breached or challenged, or that such breaches will be detected. Furthermore, confidentiality and non-disclosure provisions can be difficult to enforce, and even if successfully enforced, may not be entirely effective. We cannot guarantee that any of the measures we have taken will prevent infringement, misappropriation, or other violation of our technology or other intellectual property or proprietary rights.

Moreover, we spend significant resources to monitor and protect our intellectual property and other proprietary rights from potential infringement, and in the future we may conclude that in at least some instances the benefits of protecting our intellectual property or other proprietary rights may be outweighed by the expense or distraction to our management. We may initiate claims or litigation against third parties for infringement, misappropriation, or other violation of our intellectual property or other proprietary rights or to establish the validity of our intellectual property or other proprietary rights. Any such litigation, whether or not it is resolved in our favor, could be time-consuming, result in significant expense to us and divert the efforts of our technical and management personnel. Furthermore, attempts to enforce our intellectual property rights against third parties could also provoke these third parties to assert their own intellectual property or other rights against us, or result in a holding that invalidates or narrows the scope of our rights, in whole or in part.

We may be subject to information technology system breaches, failures, or disruptions that could harm our operations, financial condition or reputation.

In the current environment, there are numerous and evolving risks to cybersecurity and privacy, including criminal hackers, hacktivists, state-sponsored intrusions, industrial espionage, employee malfeasance and human or technological error. Our technology systems may be damaged, disrupted, or compromised by malicious events, such as cyberattacks (including computer viruses, ransomware, and other malicious and destructive code, phishing attacks, and denial of service attacks), physical or electronic security breaches, natural disasters, fire, power loss, telecommunications failures, personnel misconduct, and human error. Cybersecurity threats employ a wide variety of methods and techniques, which may include the use of social engineering techniques or supply-chain attacks, are constantly evolving, and have become increasingly complex and sophisticated; all of which increase the difficulty of detecting and successfully defending against them. Furthermore, because the techniques used to obtain unauthorized access or sabotage systems change frequently and generally are not identified until after they are launched against a target, we may be unable to anticipate these techniques or implement adequate preventative measures.

In addition, security breaches at other companies and in government agencies have increased in frequency and sophistication in recent years. Other companies have also experienced cybersecurity incidents that implicate confidential and proprietary company data and/or the personal data of end users of AI applications integrated into their software offerings or used in their operations. Although we take steps designed to secure our information technology infrastructure and sensitive data and enhance our business continuity and disaster recovery capabilities, we can provide no assurance that our current information technology systems or any updates or upgrades thereto, including the integration of AI capabilities into our product offerings the current or future information technology systems, cloud service providers, software and hardware vendors, supply chain information technology systems that we use or may use in the future, are fully protected against third-party intrusions, viruses, hacker attacks, information or data theft or other similar cybersecurity risks. Further, a greater number of our employees are working remotely and accessing our IT systems and networks remotely since the COVID-19 pandemic, which may further increase our vulnerability to cybercrimes and cyberattacks and increase the stress on our technology infrastructure and systems. We carry data protection liability insurance against cyber-attacks (Media, Intellectual Property & Products Liability, Cyber Liability, and Commercial General Liability), with limits we deem adequate for the reimbursement for damage to our computers, equipment and networks and resulting disruption of our operations, this insurance may not be sufficient to cover all of our losses from any future breaches or failures of our IT systems, networks and services

We have experienced and expect to continue to experience actual or attempted cyber-attacks of our information technology systems or networks. Although prior known cyberattacks directed at us have not had a material impact on our financial results, and we are continuing to bolster our threat detection and mitigation processes and procedures, we cannot guarantee that past, future, or ongoing cyberattacks or other security breaches or incidents against us, if successful, will not have a material impact on our business or financial results, whether directly or indirectly. Because we have historically been targeted by cyberattacks and may continue to be an attractive target for cyberattacks, we also may have a heightened risk of unauthorized access to, and misappropriation of, our proprietary and competitively sensitive information. For instance, the risk of cyber-attacks increased in connection with the military actions associated with Russia’s invasion of Ukraine, as well as the Israel-Hamas conflict and widening regional conflict. In light of those and other geopolitical events, nation-state actors or their supporters may launch retaliatory cyber-attacks, or take other geopolitically motivated retaliatory actions that increase the likelihood of cyber-attacks and security breaches generally, which could disrupt our business operations, result in data compromise, or both. While we have security measures in place to protect our information and our customers’ information and to prevent data loss and other security breaches and incidents, we have not always been and may not in the future be able to do so. There can be no assurance that in the future we will be able to anticipate or prevent security breaches or incidents, or unauthorized access of our information technology systems.

Any or all of these issues, or the perception that any of them have occurred, could negatively affect our ability to attract new customers, cause existing customers to terminate or not renew their agreements, hinder our ability to obtain and maintain required or desirable cybersecurity certifications, and result in reputational damage, any of which could materially adversely affect our results of operations, financial condition, and future prospects. Furthermore, there can be no assurance that any limitations of liability provisions in our license arrangements with customers or in our agreements with vendors, partners, or others would be enforceable, applicable, or adequate or would otherwise protect us from any such liabilities or damages with respect to any particular claim.

Some of our software and systems contain open source software, which may pose particular risks to our proprietary software and information technology systems.

We utilize open source software in the development and application of our software solutions, and we will use open source software in the future. Such open source software is generally licensed by its authors or other third parties under open source licenses and is typically freely accessible, usable, and modifiable. Pursuant to such open source licenses, we may be subject to certain conditions, including requirements that we offer our proprietary software that incorporates the open source software for no cost, that we make available source code for modifications or derivative works we create based upon, utilizing open source software, and that we license such modifications or derivative works under the terms of the particular open source license, or other license granting third-parties certain rights of further use. If we combine our proprietary software with open source software in a certain manner, we could, under certain provisions of the open source licenses, be required to release the source code of our proprietary software. In addition to risks related to license requirements, usage of open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide updates, warranties, support, indemnities, assurances of title, or controls on origin of the software, and are provided on an “as-is” basis. Likewise, some open source projects have known security and other vulnerabilities and architectural instabilities, or are otherwise subject to security attacks due to their wide availability, and are provided on an “as-is” basis.

In addition, open source license terms may be ambiguous and many of the risks associated with usage of open source software cannot be eliminated, and could, if not properly addressed, negatively affect our business. If we were found to have inappropriately used open source software, we may be required to re-engineer our products, or to take other remedial action that may divert resources away from our development efforts, any of which could adversely affect our business, results of operations, financial condition, and growth prospects. We may face claims from third parties claiming ownership of, or demanding the release or license of, the open source software or derivative works that we developed from such software (which could include our proprietary source code), or otherwise seeking to enforce the terms of the applicable open source license. These claims could result in litigation and could require us to purchase a costly license, publicly release the affected portions of our source code, or cease offering the implicated software unless and until we can re-engineer it to avoid infringement. In addition, if the open source software we use is no longer maintained by the relevant open source community, then it may be more difficult to make the necessary revisions to our software, including modifications to address security vulnerabilities, which could impact our ability to mitigate cybersecurity risks or fulfill our contractual obligations to our customers.

We also may be required to re-engineer solutions if the license terms for incorporated open source software change. The re-engineering process of some or all of our software could require significant additional research and development resources, and we may not be able to complete it successfully. Use of open source software may also present additional security risks because the public availability of such software may make it easier for hackers and other third parties to determine how to breach our website and systems that rely on open source software. These risks could be difficult to eliminate or manage and, if not addressed, could adversely affect our business, results of operations, and financial conditions.

Other companies may claim that we infringe their intellectual property, which could materially increase costs and materially harm our ability to generate future revenue and profits.

Claims of infringement (including misappropriation and/or other intellectual property violation) are common in the software industry and increasing related legal protections, including copyrights and patents, are applied to software solutions. Although most of our technology is proprietary in nature, we do include certain third party and open source software in our software solutions. In the case of third party software, we believe such software are licensed from the respective entity(ies) holding the intellectual property rights. While we believe that we have secured proper licenses for all material third-party intellectual property that is integrated into our solutions in a manner that requires a license, third parties have and may continue to assert infringement claims against us in the future, including the sometimes aggressive and opportunistic actions of non-practicing entities whose business model is to obtain patent-licensing revenue from operating companies such as us. Any such assertion, regardless of merit, may result in litigation or may require us to obtain a license for the intellectual property rights of third parties. Such licenses may not be available, or they may not be available on commercially reasonable terms. In addition, as we continue to develop software solutions and expand our portfolio using new technology and innovation, our exposure to threats of infringement may increase. Any infringement claims and related litigation could be time-consuming, expensive to settle or litigate, disruptive to our ability to generate revenue or enter into new market opportunities, could divert our management’s attention and other resources, and may result in significant liability for damages if we are found to have infringed third party rights, and/or significantly increased costs as a result of our defense against those claims or our attempt to license the intellectual property rights or rework or rebrand our solutions to avoid infringement of third party rights. Typically, our agreements with our partners and customers contain provisions which require us to indemnify them for damages sustained by them as a result of any intellectual property infringement claims involving our solutions. Any of the foregoing infringement claims and related litigation could have a significant adverse impact on our business and operating results as well as our ability to generate future revenue and profits.

Risks Related to Data Privacy and Human Rights

The use of certain of our solutions may be perceived as, or determined by the courts to be, in violation of privacy rights and related laws. Any such perception or determination could adversely affect our financial results and results of operations.

Because of the nature of certain of our DI solutions, including those used for digital investigations, the general public could perceive that the use of our solutions may result in violations of individual privacy rights. In addition, certain courts or regulatory authorities could determine that the use of our software solutions is done in violation of privacy laws. Any such determination or perception by potential customers, the general public, government entities or the judicial system could harm our reputation, may result in reduced usage or adoption rates of our C2C Platform by our customers and adversely affect our reputation, revenue, financial condition and results of operations. We have dedicated substantial resources to mitigate these risks by complying with applicable laws and requiring all licensees to comply with applicable laws including privacy laws, but we have been advised that even if we have no access to the data stored on or extracted from devices, we may still be held responsible and even liable for the manner in which our customer uses such data, including if the customer uses the data in a way that is a violation of privacy related laws or our license agreement.

Some of our solutions may be used by customers in a way that is, or that is perceived to be, incompatible with human rights. Any such perception could adversely affect our reputation, revenue and results of operations.

We strive to sell our solutions to customers who will use them in a lawful and ethical manner. See “— We may not enter into relationships with potential customers if we consider their activities to be inconsistent with our organizational mission or values.” For example, all customers are required to confirm, before activation, that they will only use our product for lawful uses, but Cellebrite cannot verify that this undertaking is accurate. Further, some of our government customers may use our solutions in a manner that is incompatible with, or perceived to be incompatible with, generally acceptable human rights standards, without our knowledge or permission. For example, in August 2020, a group of 61 petitioners, including a number of human rights activists, filed a petition before the District Court in Tel Aviv against various Israeli government entities and Cellebrite. The petition asked the District Court to exercise its power under the Defense Export Control Law to stop the exportation of our UFED solution to police forces in Hong Kong. Activists alleged that UFED was being used against pro-democracy protestors in Hong Kong and that this was resulting in human rights abuses. We have since adopted policies and procedures intended to prevent sales to customers in China and Hong Kong and have proactively stopped selling to Russia, Belarus and a number of other countries, but this petition as well as adverse media coverage and petitions relating to Russia, Bangladesh and Uganda may have negatively impacted our reputation. Our license agreements prohibit customers from using our solutions in a manner that violates applicable laws (including laws with respect to human rights and the rights of individuals) or in support of any illegal activity or to violate the rights of any third party, and generally require our customers to indemnify us for losses that we suffer due to their actions; however, we cannot provide any assurance that customers or others will not manage to circumvent our restrictions or that we will not be subject to claims from third parties alleging that their rights were violated as a result of our customers’ use of our products. In the future, other allegations of misuse by our customers may damage our reputation, even if we took no part in the misuse or take immediate action to sever ties with such customers.

We may not enter into relationships with potential customers if we consider their activities to be inconsistent with our organizational mission or values.

We generally do not knowingly enter into business with customers whose positions or actions we consider inconsistent with our mission to support law enforcement agencies acting in a legal manner. We developed and continue to evolve an ethical risk management framework, intended to assist us in managing the risk of human rights abuses by our customers when using our products. We use the ethical framework to determine in which countries or with which customers we will pursue new business by applying a set of standards and indicators, including regulatory restrictions such as sanctions and export controls and a number of widely accepted human rights related indexes such as the Corruption Perception Index, Democracy Index and Freedom House Index. This ethical risk management framework will continue and evolve over time and applies quantitative as well as qualitative measures to aid in our decision making. Based on this ethical framework, we may decide not to engage with new customers or extend or renew licenses and services to existing customers operating in those countries that we do not consider to meet our ethical standards and corporate values. For example, we have adopted policies and procedures intended to prevent sales to customers in Bangladesh, Belarus, China, Hong Kong, Macau, Russia, Venezuela, Oman, Uganda and a number of other countries, partially due to concerns regarding human rights abuses, data privacy and security, partially due to regulatory requirements, and partially due to other business considerations, and we may in the future decide not to do business in other countries or with other existing or potential customers for similar reasons.

Most of our customers require the hosting of their proprietary data within their own organization, and therefore most of our products, whether deployed on-premise or otherwise, are operated by our customers without our involvement other than with respect to troubleshooting and support from time to time. Also with respect to our SaaS-based products, while we may be involved in the operation and maintenance of the SaaS platform, we do not have visibility to our customers’ usage of our products. As a result, we rely on a range of public information sources, and largely depend on media and other reports, to learn if there is a claim made that our products are being used inconsistent with our organizational mission and values. Third party reports may be incomplete, unreliable or unavailable. In addition, a determination as to whether our products are being misused may involve subjective determinations or be the subject of differing opinions. We have in place certain safeguards that are intended to identify or prevent misuse of our products.

For example, the Company has an Ethics and Integrity Committee, which serves as an advisory body to the board. The committee is comprised of seven industry experts, which include ethics experts, legal experts, former members of the police force, former members of ministries of defense, technology experts, academic experts and community leaders. The role of the Ethics and Integrity Committee is to advise the board on matters pertaining to evolving international law, ethical considerations related to responsible business practices and requirements under law and regulations applied to the sale and use of our technologies.

Additionally, the license to use our products prohibits customers from using our solutions in violation of applicable laws (including laws with respect to human rights and the rights of individuals) or in support of any illegal activity or to violate the rights of any third party. We may terminate any license, among other things, in the event of a material breach that is not cured after 30 days’ notice. In addition, we may disable the use of the software, among other things, if it is used in violation of the license. A determination regarding whether a breach of our license will result in termination or other corrective action involves judgment and depends on the facts and circumstances of each case.

We cannot be sure that the foregoing safeguards will be sufficient to prevent circumvention of our restrictions or to identify misuse of our products or prevent any such misuse. Our decisions not to do business within these countries or with these customers may alter our expectations surrounding our long-term financial benefits and results, which may harm our growth prospects, business, and results of operations. Although we endeavor to do business with customers and governments that are aligned with our mission and values, we cannot predict how the activities and values of our government and private sector customers will evolve over time, and they may evolve in a manner inconsistent with our mission.

We occasionally have limited access to third-party data, and if our security measures are breached and unauthorized access to this data is obtained, our systems, data centers and our solutions may be perceived as not being secure, customers may curtail or stop using our solutions or service and we may incur significant legal and financial exposure and liabilities.

We do not generally have access to or store customer data nor have access to the data processed by customers using our solutions. Nevertheless, our personnel occasionally have brief and limited access to data, including personally identifiable information (“PII”), when they receive calls for technical support or when they maintain or operate the relevant solution. One instance where we may have brief access to data is when a customer calls for technical support, they sometimes grant our service operators remote access to their device, which may result in the brief sharing of data with the service operator. In rare cases the customer may share the data with the technical support for further bug fixing research and analysis. We have internal processes for deleting such data shortly after the completion of the customer support and ensuring bug fix is sustainable and consistent, but the data is still shared for these limited periods and could potentially be, or be perceived as, more vulnerable as a result. In addition, customers may use our investigative management solution, the Guardian, to store, share and review sensitive data, including PII, when they decide to store such data in our investigative management SaaS solution. In addition, we may have access to customer data, including PII, in connection with the provision of our Advanced Services in which we serve as an outsourced forensics lab for the extraction of data from devices that are sent to us by our customers. The Company has implemented several internal processes and measures for deleting data shortly after completion of related services (in the case of Advanced Services), and that are designed to ensure managed, limited, brief and secure access to customers data, done strictly on a need-to-service basis. The Company uses internationally recognized information security measures and complies with industry standards. Our Advanced Services are provided from a strictly dedicated platform that combines authentication, authorization, networking, and observability into a single point, as well as internal processes intended to control access, usage, storage and retention of data. However, any actual or perceived unauthorized access, use, disclosure or modification to this data, could result in our solutions and services being viewed as less secure, which could lead to liability and a significant adverse effect on our reputation and financial and operating results.

Risks Related to Legal Compliance and Regulatory Matters

We are subject to Israeli encryption laws that may be subject to future reform, and our failure to obtain or maintain related licenses in compliance with these laws could negatively impact our business.

The export of our solutions is subject to Israeli encryption control laws. Our export license under the Israeli encryption control regime prohibits us from exporting some of our products to customers in certain countries and require us to obtain the consent of the Ministry of Defense to export to customers in certain other countries. Our failure to comply with these requirements could subject us to financial and other penalties, which could materially adversely impact our revenue and profits, and harm our reputation.

Although Israel is not a party to the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies (the “Wassenaar Arrangement”), it has adopted the Wassenaar Arrangement List of Dual Use Goods and Technologies, and the goods and technologies listed therein are subject to Israeli export control laws and regulations. However, neither cryptography (that is subject to Israeli encryption laws) nor cryptanalytic technology is regulated under the Israeli export control regime, even if such cryptography or cryptanalytic capabilities would otherwise be placed within Part 2 of Chapter 5 of the Wassenaar Arrangement Dual Use List which relates to Information Security. In 2016, the Israeli Ministry of Defense published draft regulations proposing to cancel the existing encryption control regime and to bring Part 2 of Chapter 5 of the Wassenaar Arrangement into full force and effect in its place. Over the last several years, the Israeli Ministry of Defense has renewed this effort and has stated publicly its intention to push this reform forward. However, this initiative stalled in 2023 when the Ministry of Economy (the regulator for non-defense related dual use exports) refused to cooperate with it. If our solutions do become subject to the Wassenaar Arrangement dual use list as adopted by Israel, then some of them are likely to be controlled under either the Israeli Defense Export Control Law, 5767-2007 or the Import and Export Order (Export Control over Dual Use Goods, Services and Technology), 5766-2006, depending on the nature of the customer and end use. The application of these laws’ requirements to us and to our products could subject us to different licensing requirements and may require us to adapt our marketing, sales and export practices to accommodate these changed requirements. This reform could adversely impact our ability to quickly, efficiently and cost effectively market and sell our products, and could materially adversely impact our business, revenue and profit.

We are subject to export laws, regulations and governmental trade controls, and any noncompliance with these laws could negatively impact our operating results.

Various countries regulate the export and import of certain encryption solutions and technology including cryptography or cryptanalytic capabilities, including import permits and licensing requirements, and have enacted laws that could limit our ability to distribute our solutions or could limit our customers’ ability to use our solutions in those countries. Any new export restrictions, new import restrictions, new legislation, changes in economic sanctions, or shifting approaches in the enforcement or scope of existing regulations, or in the countries, persons, or technologies targeted by such regulations, could result in decreased use of our products by existing customers with non-U.S. operations, declining adoption of our products by new customers with non-U.S. operations, limitation of our expansion into new markets, and decreased revenue and potential revenue growth.

Our activities or products could be subject to certain economic sanctions laws including the laws of Israel and the United States. We have adopted policies and procedures that are intended to restrict sales to countries subject to comprehensive U.S. and Israeli sanctions and to designated entities and individuals. Our solutions and technologies could be exported or re-exported to, or eventually be used by, these sanctioned targets due to circumvention of restrictions by customers, resellers or others, despite the contractual undertakings they are bound by that prohibit them from exporting or reselling to any unauthorized customer, and any such export, re-export or use, could have negative consequences, including government investigations, penalties and reputational harm. Any change in export regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our solutions by, or in our decreased ability to export or sell our solutions to, existing or potential customers with international operations. Any decreased use of our solutions or limitation on our ability to export or sell our solutions would likely adversely affect our business, financial condition and results of operations.

Differing regulatory and legal requirements and the possible enactment of additional regulations or restrictions on the use, import, export or re-export of our solutions or the provision of services, could delay, restrict, or prevent the sale or use of our solutions in some jurisdictions. If we or our business partners or counterparties, including licensors and licensees, prime contractors, subcontractors, sublicensors, vendors, customers, shipping partners, or contractors, fail to obtain appropriate import, export, or re-export licenses or permits, notwithstanding regulatory requirements or contractual commitments to do so, or if we fail to secure such contractual commitments where necessary, we may also be adversely affected, through reputational harm as well as other negative consequences, including government investigations and penalties.

These laws and regulations are subject to change over time and thus we must continue to monitor and dedicate resources to ensure continued compliance. Although we take precautions to prevent our software from being provided in violation of such laws, the software could be provided inadvertently in violation of such laws, despite the precautions we take. Non-compliance with applicable regulations or requirements could, depending on the severity of the violation, subject us to investigations, sanctions, enforcement actions, disgorgement of profits, fines, damages, civil and criminal penalties, or injunctions. If any of the foregoing actions are imposed on us, or if we do not prevail in any possible civil or criminal litigation, in each case, for sufficiently serious violations, our business, operating results, and financial condition could be materially adversely affected. We may also be adversely affected through penalties, reputational harm, loss of access to certain markets, or otherwise. In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees. Enforcement actions and penalties could harm our business, operating results and financial condition.

Our business is subject to complex and evolving U.S. and non-U.S. laws and regulations regarding privacy, data protection and security, technology protection, AI and other matters. Many of these laws and regulations are subject to change and uncertain interpretation, and could result in claims, changes to our business practices, monetary penalties, increased cost of operations, or otherwise harm our business.

Our products are mostly used as an on-premise solution and are generally operated by our customers without our involvement. Nevertheless, our service operators occasionally have brief and limited access to customer data, including PII, when they receive calls for technical support, or in operating our SaaS-based solutions, such as the Guardian solution. In addition, we may extract files containing customer data, including PII, in connection with the provision of our Advanced Services in which we serve as an outsourced lab for the extraction of data from devices that are sent to us by our customers. In all of those situations, we do not access or view customer data, maintain such data securely with limited access, and delete all such data following the confirmation that the data has been received by the customer (with the exception of Guardian where data is stored or removed by the customers in their sole discretion). As a result, for the purposes of the European General Data Protection Regulation (“GDPR”) and the UK equivalent legislation, we believe that we are not considered to be a controller and serve as a processor in a limited number of circumstances, within the meaning of those terms. For more information, see “—We may be subject to information technology system breaches, failures, or disruptions that could harm our operations, financial condition or reputation.”

Given the global nature of our operations, we are subject to a variety of local, state, national, and international laws and directives and regulations in the United States and abroad related to privacy and data protection, data security, data storage, retention, transfer and deletion, technology protection, machine learning, AI and personal information. International data protection, data security, privacy, and other laws and regulations can impose different obligations or be more restrictive than those in the United States. These U.S. federal and state and foreign laws and regulations, which, depending on the regime, may be enforced by private parties or government entities, are constantly evolving and can be subject to significant change, and they are likely to continue to develop and evolve for the foreseeable future. In addition, the application, interpretation, and enforcement of these laws and regulations are often uncertain, particularly in the new and rapidly evolving software and technology industry in which we operate, and may be interpreted and applied inconsistently from country to country and inconsistently with our current policies and practices.

A number of proposals are pending before U.S. federal, state, and foreign legislative and regulatory bodies that could significantly affect our business. For example, despite recent developments including an in-principle agreement between the United States and European Commission and a subsequent Executive Order directing the steps that the United States will take to implement the U.S. commitments under the new European Union - U.S. Data Privacy Framework, new legal challenges to the mechanisms allowing companies to transfer personal data from the European Economic Area to certain other jurisdictions, including the United States, could emerge resulting in further limitations on the ability to transfer data across borders. Moreover, the following laws and regulations have taken, or will take, effect, creating further interpretive uncertainties for Cellebrite:

Certain other state laws in the United States impose similar privacy obligations and all 50 states have laws including obligations to provide notification of certain security breaches to affected individuals, state officials and others. For example, on March 2, 2021, Virginia enacted the Virginia Consumer Data Protection Act (“VCDPA”), creating the second truly comprehensive U.S. state privacy law, which became effective on January 1, 2023 (the same day as CPRA went into effect). Further, there currently are also a number of proposals related to data privacy or security pending before federal, state, and foreign legislative and regulatory bodies, including in a number of states considering consumer protection laws similar to the CCPA and VCDPA. For example, Colorado adopted the Colorado Privacy Act (“CPA”) in June 2021 which went into effect on July 1, 2023. Utah adopted the Utah Consumer Privacy Act (“UCPA”) in March 2022 which went into effect on December 31, 2023. Additionally, Connecticut enacted the Connecticut Act Concerning Personal Data Privacy and Online Monitoring (“CTDPA”) in May 2022 which went into effect on July 1, 2023. Additional states continue to enact and propose new legislation relating to privacy and data security.

Each of these legislative actions may add additional complexity, variation in requirements, restrictions and potential legal risk, require additional investment in resources to compliance programs, and could impact strategies and availability of previously useful data and could result in increased compliance costs and/or changes in business practices and policies. These developments may require us to review and amend the legal mechanisms by which we make and, or, receive personal data transfers from other countries to Israel. As data protection regulators issue further guidance on personal data export mechanisms, including circumstances where the standard contractual clauses cannot be used, and/or start taking enforcement action, we could suffer additional costs, complaints and/or regulatory investigations or fines, and/or if we are otherwise unable to transfer personal data between and among countries and regions in which we operate, it could affect the manner in which we provide our services, the geographical location or segregation of our relevant systems and operations, and could adversely affect our financial results.

As we continue to innovate and improve our offerings by leveraging AI, our business model may be affected by global trends and laws that regulate the use of AI and machine learning. Such laws or regulations not only may cause us to modify our data handling practices, which could be costly or burdensome, but it also may impact our ability to use certain data for developing our products or impede customers regulated by such laws and regulations to adopt our products. In addition, we may become subject to new or heightened legal, ethical or other challenges arising out of the perceived or actual impact of AI on human rights, intellectual property, privacy and employment, among other issues, and we may experience brand or reputational harm, legal liability or increased costs associated with those issues. For more information, see “—Issues in the use of artificial intelligence (“AI”) (including machine learning) in our C2C Platform may result in reputational harm, liability or impact our financial results.”

These existing and proposed laws and regulations can be costly to comply with and can make our DI suite of solutions less effective or valuable, delay or impede the development of new solutions, result in negative publicity, increase our operating costs, require us to modify our data handling practices, limit our operations, impose substantial fines and penalties, require significant management time and attention, or put our data or technology at risk. Any failure or perceived failure by us or our suite of solutions to comply with U.S., EU, UK or other foreign laws, regulations, directives, policies, industry standards, or legal obligations relating to privacy, data protection, or information security, or any security incident that results in loss of or the unauthorized access to, or acquisition, use, release, or transfer of, personal information, personal data, or other customer or sensitive data or information may result in governmental investigations, inquiries, enforcement actions and prosecutions, private claims and litigation, indemnification or other contractual obligations, other remedies, including fines or demands that we modify or cease existing business practices, or adverse publicity, and related costs and liabilities, which could significantly and adversely affect our business, reputation and results of operations.

We may in the future become involved in legal, regulatory, or administrative inquiries and proceedings, and unfavorable outcomes in litigation or other of these matters could negatively impact our business, financial conditions, and results of operations.

From time to time, we receive formal and informal inquiries from governmental agencies and regulators regarding our compliance with laws and regulations or otherwise relating to our business or transactions. We may also become subject to claims, lawsuits, proceedings and inquiries which could involve labor and employment disputes, discrimination and harassment allegations, commercial disputes, intellectual property rights (including patent, trademark, copyright, trade secret, and other proprietary rights), class actions, general contract, tort, or defamation, data privacy rights, antitrust concerns, common law fraud, government regulation, compliance, alleged federal and state securities and “blue sky” law violations or other investor related questions. Derivative claims, lawsuits, and proceedings, which may, from time to time, be asserted against our directors by our shareholders, could involve breach of fiduciary duty, breach of duty of loyalty, failure of oversight, corporate waste claims, and other matters. For example, a former consultant has brought a number of claims against the Company and a number of our directors and officers. These claims can lead to reputational harm and diversion of resources and management’s attention from our primary business operations. In addition, our business and results may be adversely affected by the outcome of currently pending and any future legal, regulatory, and/or administrative claims or proceedings, including through monetary damages or injunctive relief. In addition, over the last several years, lawsuits have been filed against cyber-related companies by large multinationals that claim that their terms of use or intellectual property have been violated and breached by the activities of the cyber companies. While we are not a cyber company, such a risk could potentially also apply to us and our solutions.

The number and significance of our legal disputes and inquiries may increase as we continue to grow larger, as our business has expanded in customer count and as our DI suite of solutions become more complex. Additionally, if customers fail to pay us under the terms of our agreements, we may be adversely affected due to the cost of enforcing the terms of our contracts through litigation. Litigation or other proceedings can be expensive and time consuming and can divert our resources and management’s attention from our primary business operations. The results of our litigation also cannot be predicted with certainty. If we are unable to prevail in litigation, we could incur payments of substantial monetary damages or fines, or undesirable changes to our DI suite of solutions or business practices, and accordingly, our business, financial condition, or results of operations could be materially and adversely affected. Furthermore, if we accrue a loss contingency for pending litigation and determine that it is probable, any disclosures, estimates, and reserves we reflect in our financial statements with regard to these matters may not reflect the ultimate disposition or financial impact of litigation or other such matters. These proceedings could also result in negative publicity, which could harm customer and public perception of our business, regardless of whether the allegations are valid or whether we are ultimately found liable.

Although we have limitation of liability provisions in our standard software licensing and service agreement terms and conditions, these provisions may not be enforceable in some circumstances, may vary in levels of protection across our agreements, or may not fully or effectively protect us from such claims and related liabilities and costs. We generally provide a warranty for our software and hardware solutions in our agreements. In the event that there is a failure of warranties in such agreements, we are generally obligated to replace or correct the product to conform to the warranty provision as set forth in the applicable agreement, or, if we are unable to do so, the customer is entitled to seek a refund of the purchase price of the product and service. The sale and support of our solutions also entail the risk of product liability claims. We maintain errors and omissions insurance to protect against certain claims associated with the use of our solutions, but our insurance coverage may not adequately cover any claim asserted against us. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation and divert management’s time and other resources.

Failure to comply with laws, regulations, or contractual provisions applicable to our business could cause us to lose government customers or our ability to contract with the U.S. and other governments.

The majority of our customers are government and state owned agencies, each with their own specific guidelines and compliance requirements for their government contracts. For example, our U.S. government business is subject to specific procurement regulations with numerous compliance requirements. In particular, we must comply with laws, regulations, and contractual provisions relating to the formation, administration, and performance of government contracts and inclusion on government contract vehicles, which affect how we and our partners do business with government agencies. These requirements, although customary in government contracting in the U.S., increase our performance and compliance costs. These costs may increase in the future, thereby reducing our margins, which could have an adverse effect on our financial condition.

Moreover, in the U.S., government contracts are subject to oversight audits by government representatives. Such audits could result in adjustments to our contracts. As an example, for contracts covered by the Cost Accounting Standards, any costs found to be improperly allocated to a specific contract may not be allowed, and such costs already reimbursed may have to be refunded. In addition, as a result of actual or perceived non-compliance with government contracting laws, regulations, or contractual provisions, we may be subject to other audits and internal investigations which may prove costly to our business financially and divert management’s attention and time. Among the causes for debarment are violations of various laws or policies, including those related to procurement integrity, export control, U.S. government security regulations, employment practices, protection of criminal justice data, protection of the environment, accuracy of records, proper recording of costs, foreign corruption, Trade Agreements Act, Buy America Act, and the False Claims Act. Contracts with the federal U.S. government may be terminated for convenience by the government at any time. Furthermore, regulatory requirements imposed by governments other than the United States may be more stringent and non-compliance may subject us as well as to investigations, proceedings, sanctions, or other consequences from those governments, as well as, in some cases, allow such governments to terminate contracts for convenience at any time. These consequences remain uncertain because of the dynamic nature of governmental action and responses.

The laws and regulations applicable to each of our contracts may impose other added costs on our business, and failure to comply with these or other applicable regulations and requirements, including non-compliance in the past, could lead to claims for damages from our channel partners, penalties, and termination of contracts and suspension or debarment from government contracting for a period of time with government agencies. Any such damages, penalties, disruption, or limitation in our ability to do business with a government could adversely impact, and could have a material adverse effect on, our business, results of operations, financial condition, public perception, and growth prospects.

New laws and/or law interpretations, as well as changing regulations, create the risk that we may not comply with those laws and regulations and the costs to comply could materially adversely affect our business.

We are subject to a variety of laws and regulations in Israel and abroad that involve matters central to our business, including privacy, data protection and personal information, rights of publicity, content, intellectual property, advertising, marketing, distribution, data security, data retention and deletion, electronic contracts and other communications, competition, consumer protection, telecommunications, product liability, taxation, labor and employment, economic or other trade prohibitions or sanctions, securities law compliance, and online payment services. The introduction of new solutions, expansion of our business to certain jurisdictions, or other actions that we may take may subject us to additional laws, regulations, or other government scrutiny. In addition, foreign data protection, privacy, content, competition, and other laws and regulations can impose different obligations or be more restrictive than those in Israel or the United States. These laws and regulations, which in some cases can be enforced by private parties in addition to government entities, are constantly evolving and can be subject to significant change. As a result, the application, interpretation, and enforcement of these laws and regulations are often uncertain and may be interpreted and applied inconsistently from country to country and inconsistently with our current policies and practices. New laws and regulations (or new interpretations of existing laws and regulations) may require us to incur substantial costs, expose us to unanticipated civil or criminal liability, or cause us to change our business practices. The costs of compliance with these laws and regulation are high and are likely to increase in the future. Additionally, these laws and regulations, or any associated inquiries or investigations or other government actions, may delay or impede the development of new solutions, result in negative publicity, require significant management time and attention, and subject us to remedies that may harm our business, including fines or demands or orders that we modify or cease existing business practices.

We are subject to anti-corruption, anti-bribery, and similar laws, and non-compliance with such laws can subject us to criminal penalties or significant fines, harm our reputation, and significantly adversely affect our business, financial condition, results of operations, and growth prospects.

We are and will be subject to anti-corruption, anti-bribery, anti-money laundering and financial and economic sanctions laws and regulations in various jurisdictions in which we conduct or in the future may conduct activities, including the FCPA, the U.K. Bribery Act 2010, and other domestic or foreign anti-corruption laws and regulations. The FCPA and the U.K. Bribery Act 2010 prohibit us and our officers, directors, employees and business partners acting on our behalf, including agents and intermediaries, from corruptly offering, promising, authorizing or providing anything of value to a “foreign official” for the purposes of influencing official decisions or obtaining or retaining business or otherwise obtaining favorable treatment. The FCPA also requires companies to make and keep books, records and accounts that accurately reflect transactions and dispositions of assets and to maintain a system of adequate internal accounting controls. The U.K. Bribery Act also prohibits non-governmental “commercial” bribery and soliciting or accepting bribes. A violation of these laws or regulations could materially adversely affect our business, results of operations, financial condition and reputation.

Non-compliance with anti-corruption, anti-bribery, or similar laws could subject us to whistleblower complaints, adverse media coverage, investigations, and severe administrative, civil and criminal penalties, collateral consequences, remedial measures and legal expenses, all of which could materially and adversely affect our business, results of operations, financial condition and reputation. In addition, changes in economic sanctions laws in the future could adversely impact our business and an investment in our securities.

Risks Relating to Cellebrite’s Incorporation and Location in Israel

Our main offices and operations are located in Israel and, therefore, our results may be adversely affected by political, economic and military instability in Israel or external responses to such instability.

Our main offices, and many of our employees, including many of our management members, operate from our offices that are located in Israel, and many of our employees, officers and directors are residents of Israel. In addition, we have a small assembly facility in Israel. Accordingly, political, economic, and military conditions in Israel and the surrounding region may directly affect our business and operations, as discussed below.

In recent years, Israel has been engaged in sporadic armed conflicts with terrorist and military groups. Some of these hostilities were accompanied by missiles being fired from the Gaza Strip against civilian targets in various parts of Israel, including areas in which our assembly facility, some of our employees and some of our consultants are located. Iran has also threatened Israel and may be developing nuclear weapons.

In October 2023, Hamas terrorists infiltrated Israel’s southern border from the Gaza Strip and conducted a series of attacks on civilian and military targets. Hamas also launched extensive rocket attacks on Israeli population and industrial centers located along Israel’s border with the Gaza Strip and in other areas within the State of Israel. These attacks resulted in extensive deaths, injuries and kidnapping of civilians and soldiers. Following the attack, Israel’s security cabinet declared war against Hamas and a military campaign against these terrorist organizations commenced in parallel to their continued rocket and terror attacks.

The intensity and duration of Israel’s current war against Hamas is difficult to predict, as are such war’s economic implications on the Company’s business and operations and on Israel's economy in general. These events may be intertwined with wider macroeconomic indications of a deterioration of Israel’s economic standing, which may have a material adverse effect on the Company and its ability to effectively conduct its operations. For example, the Houthi militia, which controls parts of Yemen, has launched a number of attacks on marine vessels traversing the Red Sea, which marine vessels were thought to either be en route to Israel or to be partly owned by Israeli businessmen. The Red Sea is a vital maritime route for international trade traveling to and from Israel, and such attacks may have an adverse effect on supply chains to and from Israel.

In connection with the Israeli security cabinet’s declaration of war against Hamas and possible hostilities with other organizations, several hundred thousand Israeli military reservists were drafted to perform immediate military service. Israeli citizens are obligated to perform several days, and in some cases more, of annual military reserve duty each year until they reach the age of 40 (or older, for reservists who are military officers or who have certain occupations) and, in the event of a military conflict and/or national civil emergencies, may be called to active duty. Certain of our employees and consultants in Israel, in addition to employees of our service providers located in Israel, have been called, and additional employees may be called, for service in the current or future wars or other armed conflicts with Hamas, Hezbollah and other enemy countries or terrorist organizations, and such persons may be absent for extended periods of time. As a result, our operations may be disrupted by such absences, which disruption may materially and adversely affect our business and results of operations. Additionally, the absence of employees of our Israeli suppliers due to their military service in the current or future wars or other armed conflicts may disrupt their operations, which in turn may materially and adversely affect our ability to deliver or provide products and services to customers.

In addition, since the commencement of war with Hamas, there have been continued hostilities along Israel’s northern border with Lebanon (with the Hezbollah terror organization) and southern border (with the Houthi movement in Yemen). It is possible that hostilities with Hezbollah in Lebanon will escalate, and that other terrorist organizations, including Palestinian military organizations in the West Bank as well as other hostile countries, such as Iran, will join the hostilities. Such clashes may escalate in the future into a greater regional conflict or war. In the event that our facilities are damaged as a result of hostile actions, or hostilities otherwise disrupt our ongoing operations, our ability to deliver or provide products and services in a timely manner or at all to meet our contractual obligations towards customers and vendors could be materially and adversely affected.

The intensity, duration and outcome of the ongoing conflict is uncertain and its continuation or escalation may have a material adverse effect on our business and operations. Further, escalation of the Israel-Hamas conflict and tension in the Middle East and North Africa may require us to change our operations in response to wartime impacts, which may be expensive, time-consuming and disruptive to our operations. If the Israel-Hamas conflict further escalates, additional restrictions and other governmental actions could increase the severity of the impact on our operations in Israel and could materially adversely affect our business. A severe disruption to our business may result in significant lost sales and may require substantial recovery time and expenditures to resume operations. Additionally, to the extent the Israel-Hamas or Israel-Hezbollah conflict causes loss of infrastructure and utilities services, such as energy, transportation or telecommunications, we could experience increased costs and other negative financial impacts. If such disruptions result in delays or cancellations of customer subscriptions or the assembly of our hardware product components or shipment of our products, our business, operating results and financial condition could be materially adversely affected.

Our commercial insurance does not cover losses that may occur as a result of events associated with war and terrorism. Although the Israeli government currently covers the reinstatement value of direct damages that are caused by terrorist attacks or acts of war, there are no assurances that this government coverage will be maintained or that it will sufficiently cover our potential damages. Any losses or damages incurred by us could have a material adverse effect on our business. Any armed conflicts or political instability in the region would likely negatively affect business conditions and could harm our results of operations.

The events described above may be intertwined with wider macroeconomic indications of a deterioration of Israel’s economic standing that may involve a downgrade in Israel's credit rating by rating agencies (such as the recent downgrade by Moody’s of its credit rating of Israel from A1 to A2, as well as the downgrade of its outlook rating from “stable” to “negative”), which may have a material adverse effect on the Company and its ability to effectively conduct its operations.

In addition, in January 2024 the International Court of Justice, or ICJ, issued an interim ruling in a case filed by South Africa against Israel in December 2023, making allegations of genocide amid and in connection with the war in Gaza, and ordered Israel, among other things, to take measures to prevent genocidal acts, prevent and punish incitement to genocide, and take steps to provide basic services and humanitarian aid to civilians in Gaza. There are concerns that companies and businesses will terminate, and may have already terminated, certain commercial relationships with Israeli companies following the ICJ decision. In the past, the State of Israel and Israeli companies have been subjected to economic boycotts by specific countries and/or organizations. While some of these are eliminating these constraints, others may impose restrictions on doing business with Israel and Israeli companies if hostilities in Israel or political instability continues or increases. In addition, there have been increased efforts by activists to cause companies and consumers to boycott Israeli goods based on Israeli government policies. Such actions, particularly if they become more widespread, may adversely impact our ability to sell our solutions and therefore may have an adverse impact on our operating results, financial condition or the expansion of our business.

Lastly, political conditions within Israel may affect our operations. Israel has held five general elections between 2019 and 2022, and prior to October 2023, the Israeli government pursued extensive changes to Israel’s judicial system, which sparked extensive political debate and unrest. In response to such initiative, many individuals, organizations and institutions, both within and outside of Israel, voiced concerns that the proposed changes may negatively impact the business environment in Israel including due to reluctance of foreign investors to invest or transact business in Israel, as well as to increased currency fluctuations, downgrades in credit rating, increased interest rates, increased volatility in security markets and other changes in macroeconomic conditions. To date, these initiatives have been substantially put on hold. If such changes to Israel’s judicial system are again pursued by the government and approved by the parliament, this may have an adverse effect on our business, our results of operations and our ability to raise additional funds, if deemed necessary by our management and board of directors.

It may be difficult to enforce a U.S. judgment against us, our officers and directors or the experts named in this Annual Report in Israel or the United States, or to assert U.S. securities laws claims in Israel or serve process on our officers and directors or experts.

Most of our directors or officers are not residents of the United States and most of their and our assets are located outside the United States. Service of process upon us or our non-U.S. resident directors and officers and enforcement of judgments obtained in the United States against us or our non-U.S. our directors and executive officers may be difficult to obtain within the United States. We have been informed by our legal counsel in Israel that it may be difficult to assert claims under U.S. securities laws in original actions instituted in Israel or obtain a judgment based on the civil liability provisions of U.S. federal securities laws. Israeli courts may refuse to hear a claim based on a violation of U.S. securities laws against us or our non-U.S. officers and directors because Israel may not be the most appropriate forum to bring such a claim. In addition, even if an Israeli court agrees to hear a claim, it may determine that Israeli law and not U.S. law is applicable to the claim. If U.S. law is found to be applicable, the content of applicable U.S. law must be proved as a fact, typically through an expert witness, which can be a time-consuming and costly process. Certain matters of procedure will also be governed by Israeli law. There is little binding case law in Israel addressing the matters described above. Israeli courts might not enforce judgments rendered outside of Israel, which may make it difficult to collect on judgments rendered outside of Israel against us or our non-U.S. officers and directors.

Moreover, an Israeli court will not enforce a non-Israeli judgment if it was given in a state whose laws do not provide for the enforcement of judgments of Israeli courts (subject to exceptional cases), if its enforcement is likely to prejudice the sovereignty or security of the State of Israel, if it was obtained by fraud or in the absence of due process, if it is at variance with another valid judgment that was given in the same matter between the same parties, or if a suit in the same matter between the same parties was pending before a court or tribunal in Israel at the time the foreign action was brought.

The rights and responsibilities of our shareholders are governed by Israeli law, which may differ in some respects from the rights and responsibilities of shareholders of U.S. corporations.

We are incorporated under Israeli law. The rights and responsibilities of holders of Ordinary Shares are governed by our amended and restated articles of association (the “Amended Articles”) and the Israeli Companies Law (the “Companies Law”). These rights and responsibilities differ in some respects from the rights and responsibilities of shareholders in typical U.S. corporations. In particular, pursuant to the Companies Law, each shareholder of an Israeli company has to act in good faith and in a customary manner in exercising his, her or its rights and fulfilling his, her or its obligations toward the Company and other shareholders and to refrain from abusing his, her or its power in the Company, including, among other things, in voting at the general meeting of shareholders, on one of the following: (i) amendments to a company’s articles of association, (ii) increases in a company’s authorized share capital, (iii) mergers and (iv) certain transactions requiring shareholders’ approval under the Companies Law. In addition, a controlling shareholder of an Israeli company or a shareholder who knows that it possesses the power to determine the outcome of a shareholder vote or who has the power according to the Amended Articles to appoint or prevent the appointment of a director or officer in the Company, or has other powers toward the Company according to the Amended Articles, has a duty of fairness toward the Company. However, Israeli law does not define the substance of this duty of fairness. There is little case law available to assist in understanding the implications of these provisions that govern shareholder behavior.

Provisions in the Amended Articles may have the effect of discouraging lawsuits against us and our directors and officers.

Under the Amended Articles, the competent courts of Tel Aviv, Israel are the exclusive forum for (i) any derivative action or proceeding brought on behalf of Cellebrite, (ii) any action asserting a claim of breach of fiduciary duty or a claim of breach of the duty of loyalty owed by any of Cellebrite’s directors, officers or other employees or our shareholders, or (iii) any action asserting a claim arising pursuant to any provision of the Companies Law or the Israeli Securities Law.

Additionally, unless Cellebrite consents in writing to the selection of an alternative forum, the U.S. federal courts shall be the exclusive forum for the resolution of any complaint asserting a cause of action arising under the Securities Act of 1933, as amended (the “Securities Act”) against us or any of our directors, officers, other employees or agents. Section 22 of the Securities Act, however, creates concurrent jurisdiction for U.S. federal and state courts over all suits brought to enforce any duty or liability created by the Securities Act or the rules and regulations thereunder. Accordingly, there is uncertainty as to whether a court would enforce such provisions, and the enforceability of similar choice of forum provisions in other companies’ charter documents has been challenged in legal proceedings. While Delaware and certain U.S. courts have determined that such exclusive forum provisions are facially valid, a shareholder may nevertheless seek to bring a claim in a venue other than those designated in the exclusive forum provisions, and there can be no assurance that such provisions will be enforced by a court in those other jurisdictions. Any person or entity purchasing or otherwise acquiring any interest in our securities shall be deemed to have notice of and consented to these provisions; however, we note that investors cannot waive compliance with the federal securities laws and the rules and regulations thereunder.

Section 27 of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), creates exclusive federal jurisdiction over all suits brought to enforce any duty or liability created by the Exchange Act or the rules and regulations thereunder. Accordingly, notwithstanding the foregoing, the Amended Articles provide that the exclusive forum provision will not apply to suits brought to enforce a duty or liability created by the Exchange Act or any other claim for which the federal courts have exclusive jurisdiction.

These exclusive forum provisions may limit a shareholders ability to bring a claim in a judicial forum of its choosing for disputes with us or our directors or other employees which may discourage lawsuits against us, our directors, officers and employees.

Risks Relating to an Investment in our Securities

Future issuances of Ordinary Shares by us or resales of our Ordinary Shares may cause the market price of the Ordinary Shares to drop significantly, even if Cellebrite’s business is doing well.

Concurrently with the Closing of the Merger, the Sponsor entered into the Investor Rights Agreement, which provided the Sponsor and the other parties thereto with customary demand registration rights and piggy-back registration rights with respect to registration statements filed by Cellebrite. See the section of this Annual Report titled “Part I, Item 7. Major Shareholders and Related Party Transactions — Related Party Transactions.” In accordance with this and certain obligations relating to the PIPE Investment, we filed a registration statement for the resale of 171,729,210 Ordinary Shares, 9,666,667 Warrants and 29,666,667 Ordinary Shares underlying Warrants, which was declared effective on October 6, 2021.

We have also historically used, and continue to use, our Ordinary Shares as a means of both rewarding our employees, non-employee directors, and consultants and aligning their interests with those of our shareholders. As of December 31, 2023, 23,888,325 Ordinary Shares were subject to outstanding awards (consisting of outstanding options to purchase 15,728,176 Ordinary Shares and 8,160,149 Ordinary Shares underlying unvested restricted share units (“RSUs”)) granted to our and our affiliates’ respective employees, non-employee directors, consultants and former employees under our equity incentive plans. Additionally, 25,218,083 Ordinary Shares were available for future grant under the 2021 Plan and 994,055 Ordinary Shares were available for grant under our equity incentive plans or for future purchase under our ESPP, subject to increase under the evergreens terms of certain of those plans. All of the underlying Ordinary Shares are registered on Form S-8 for immediate sale or resale. Thus, Ordinary Shares granted or issued under our equity incentive plans will, subject to vesting provisions, lock-up restrictions, and applicable Rule 144 volume limitations, be available for sale in the open market immediately upon registration.

An additional 15,000,000 Ordinary Shares may be issued upon achievement of certain triggering events (if at any time during the five-year period after the closing of the Merger the price of Ordinary Shares is greater than or equal to $12.50, $15.00 and $17.50, respectively, over any 20 trading-days within any 30 trading-day period.) or upon a Change of Control (as defined in the Merger Agreement) before the five (5) year anniversary of the closing of the Merger.

In a registered offering of securities pursuant to the Securities Act (including via the registration statement on Form S-8) or otherwise in accordance with Rule 144 under the Securities Act, the Cellebrite employees and other shareholders may sell large amounts of Ordinary Shares in the open market or in privately negotiated transactions, which could have the effect of increasing the volatility in the trading price of the Ordinary Shares or putting significant downward pressure on the price of the Ordinary Shares. Further, sales of Ordinary Shares upon expiration of the applicable lockup period could encourage short sales by market participants. Generally, short selling means selling a security, contract or commodity not owned by the seller. The seller is committed to eventually purchase the financial instrument previously sold. Short sales are used to capitalize on an expected decline in the security’s price. As such, short sales of Ordinary Shares could have a tendency to depress the price of the Ordinary Shares, which could increase the potential for short sales.

We cannot predict the size of future issuances by us or resales by others of Ordinary Shares or the effect, if any, that such future issuances and sales of Ordinary Shares will have on the market price of the Ordinary Shares. Sales of substantial amounts of Ordinary Shares (including those shares issued in connection with the Merger), or the perception that such sales could occur, may materially and adversely affect prevailing market prices of Ordinary Shares.

As a “foreign private issuer” under applicable securities laws and regulations, Cellebrite is permitted to, and may, file less or different information with the U.S. Securities and Exchange Commission (the “SEC”) than a company incorporated in the United States, and will follow certain home country governance practices in lieu of certain Nasdaq requirements applicable to U.S. issuers.

Cellebrite is considered a “foreign private issuer” under the Exchange Act and is therefore exempt from certain rules under the Exchange Act. Moreover, Cellebrite is not required to file periodic reports and financial statements with the SEC as frequently or within the same time frames as U.S. issuers with securities registered under the Exchange Act, and is not subject to the rules prescribing the furnishing and content of proxy statements (including the requirement applicable to emerging growth companies to disclose the compensation of its Chief Executive Officer and the other two most highly compensated executive officers on an individual, rather than an aggregate, basis). Cellebrite is not required to comply with Regulation FD, which imposes restrictions on the selective disclosure of material information to shareholders. In addition, Cellebrite’s officers, directors and principal shareholders are exempt from the reporting and short-swing profit recovery provisions of Section 16 of the Exchange Act and the related rules under the Exchange Act with respect to their purchases and sales of Cellebrite’s equity securities. Accordingly, if you own Cellebrite’s securities, you may receive less or different information about Cellebrite than that you would receive about a U.S. issuer.

In addition, as a “foreign private issuer” whose securities are listed on Nasdaq, Cellebrite is permitted to follow certain home country corporate governance practices in lieu of certain Nasdaq requirements. A “foreign private issuer” must disclose in its annual reports filed with the SEC each Nasdaq requirement with which it does not comply, followed by a description of its applicable home country practice. Cellebrite currently intends to follow the corporate governance requirements of Nasdaq. However, Cellebrite cannot make any assurances that it will continue to follow such corporate governance requirements in the future, and may therefore in the future, rely on available Nasdaq exemptions that would allow Cellebrite to follow its home country practice. Unlike the requirements of Nasdaq, there are currently no mandatory corporate governance requirements in Israel that would require Cellebrite to (i) have a majority of its board of directors be independent, (ii) establish a nominating/governance committee, or (iii) hold regular executive sessions where only independent directors may be present. Such Israeli home country practices may afford less protection to holders of Cellebrite securities.

Cellebrite currently relies on this “foreign private issuer exemption” only with respect to the quorum requirement for shareholder meetings and the requirement regarding distribution of annual and interim reports. For more information, see “Part II, Item 16G. Corporate Governance.” Cellebrite otherwise complies with and intends to continue to comply with the rules generally applicable to U.S. domestic companies listed on Nasdaq. In addition, with respect to SEC rules, Cellebrite expects to issue interim quarterly financial information publicly and to furnish them to the SEC under cover of Form 6-K. Cellebrite may, however, in the future decide to rely upon the “foreign private issuer exemption” for purposes of opting out of some or all of the other Nasdaq corporate governance rules.

Cellebrite could lose its status as a “foreign private issuer” under applicable securities laws and regulations if more than 50% of Cellebrite’s outstanding voting securities become directly or indirectly held of record by U.S. holders and any one of the following is true: (i) the majority of Cellebrite’s directors or executive officers are U.S. citizens or residents; (ii) more than 50% of Cellebrite’s assets are located in the United States; or (iii) Cellebrite’s business is administered principally in the United States. If Cellebrite loses its status as a “foreign private issuer” in the future, it will no longer be exempt from the rules described above and, among other things, will be required to file periodic reports and annual and quarterly financial statements as if it were a company incorporated in the United States. If this were to happen, Cellebrite would likely incur substantial costs in fulfilling these additional regulatory requirements and members of Cellebrite’s management would likely have to divert time and resources from other responsibilities to ensuring these additional regulatory requirements are fulfilled.

Cellebrite is an “emerging growth company” and as a result of the reduced disclosure and governance requirements applicable to emerging growth companies, our securities may be less attractive to investors.

Cellebrite is an “emerging growth company,” as defined in the JOBS Act, and it intends to take advantage of certain exemptions from various reporting requirements that are applicable to other public companies that are not emerging growth companies including, but not limited to, not being required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act. Cellebrite cannot predict if investors will find its securities less attractive because it will rely on these exemptions, including delaying adoption of new or revised accounting standards until such time as those standards apply to private companies and, to the extent that Cellebrite ceases to be a foreign private issuer, reduced disclosure obligations regarding executive compensation. If some investors find Ordinary Shares or Warrants less attractive as a result, there may be a less active trading market and the trading prices of such securities may be more volatile. Cellebrite may take advantage of these reporting exemptions until it is no longer an “emerging growth company.” Cellebrite will remain an “emerging growth company” until the earlier of (1) the last day of the fiscal year (a) following the fifth anniversary of the completion of the IPO, (b) in which it has total annual gross revenue of at least $1.07 billion, or (c) in which it is deemed to be a large accelerated filer, which means the market value of Ordinary Shares that is held by non-affiliates exceeds $700 million as of the last day of the second fiscal quarter of such fiscal year, and (2) the date on which it has issued more than $1.0 billion in non-convertible debt during the prior three-year period.

Our largest shareholder, SUNCORPORATION, is a Japanese public company and currently a holder of 47.04% of Cellebrite’s outstanding shares.

As of December 31, 2023, SUNCORPORATION (TSE JASDAQ: 6736), a Japanese public company, beneficially owns 47.04% of our Ordinary Shares. Therefore, SUNCORPORATION has significant influence on the outcome of all decisions at our shareholders’ meetings including:

SUNCORPORATION’s decisions as to how it votes its Ordinary Shares may be contrary to the expectations or preferences of our other shareholders. The influence exerted by SUNCORPORATION may limit the ability of our shareholders to influence corporate matters and could also discourage other companies from pursuing any potential merger, takeover, or other change of control transactions with us. Further, SUNCORPORATION is a controlling shareholder which may in the future control elections to our board of directors and, therefore may have significant influence over our business and policies.

Risks Related to Ownership of the Ordinary Shares

Our share price has been and will likely continue to be volatile, and shareholders may lose all or part of their investment.

Cellebrite shareholders have sold and may continue to sell their shares in the public market. The sales of significant amounts of our shares, or the perception in the market that this will occur, may decrease the market price of our shares. For more information, see “Risks Relating to an Investment in our Securities— Future issuances of Ordinary Shares by us or resales of our Ordinary Shares may cause the market price of the Ordinary Shares to drop significantly, even if Cellebrite’s business is doing well.”

Our share price may also be volatile for other reasons, including:

In addition, the stock markets have experienced extreme price and volume fluctuations. Broad market and industry factors may materially harm the market price of our ordinary shares, regardless of our operating performance. In the past, following periods of volatility in the market price of a company’s securities, securities class action litigation has often been instituted against that company. Such lawsuits could result in substantial costs and divert management’s attention and resources, which could adversely affect our business.

The U.S. Internal Revenue Service (“IRS”) may not agree that Cellebrite should be treated as a non-U.S. corporation for U.S. federal income tax purposes.

Although Cellebrite is incorporated and tax resident in Israel, the IRS may assert that it should be treated as a U.S. corporation (and therefore a U.S. tax resident) for U.S. federal income tax purposes pursuant to Section 7874 (“Section 7874”) of the Internal Revenue Code of 1986, as amended (the “Code”). For U.S. federal income tax purposes, a corporation is generally considered a U.S. ”domestic” corporation (or U.S. tax resident) if it is organized in the United States, and a corporation is generally considered a “foreign” corporation (or non-U.S. tax resident) if it is not a U.S. corporation. Because Cellebrite is an entity incorporated and tax resident in Israel, it would generally be classified as a foreign corporation (or non-U.S. tax resident) under these rules. Section 7874 provides an exception under which a foreign incorporated and foreign tax resident entity may, in certain circumstances, be treated as a U.S. corporation for U.S. federal income tax purposes.

As more fully described in the section titled “Material U.S. Federal Income Tax Considerations — U.S. Federal Income Tax Treatment of Cellebrite — Tax Residence of Cellebrite for U.S. Federal Income Tax Purposes”, based on the terms of the Merger and the rules for determining share ownership under Section 7874 and the Section 7874 Regulations, Cellebrite has not been and is not intended to be treated as a U.S. corporation for U.S. federal income tax purposes under Section 7874 since the Merger. However, the application of Section 7874 is complex, is subject to detailed regulations (the application of which is uncertain in various respects, could be impacted by changes in such U.S. Treasury regulations with possible retroactive effect), and is subject to certain factual uncertainties. Accordingly, potential application of Section 7874 is inherently uncertain and there can be no assurance that the IRS will not challenge the status of Cellebrite as a foreign corporation under Section 7874 or that such challenge would not be sustained by a court.

If the IRS were to successfully challenge Cellebrite’s status as a foreign corporation for U.S. federal income tax purposes under Section 7874, Cellebrite and certain Cellebrite shareholders would be subject to significant adverse tax consequences, including a higher effective corporate income tax rate on Cellebrite and future withholding taxes on certain Cellebrite shareholders, depending on the application of any income tax treaty that might apply to reduce such withholding taxes. In particular, holders of Ordinary Shares and Warrants would be treated as holders of stock and warrants of a U.S. corporation.

See “Part I, Item 10. Additional Information—E. Material Taxation— Material U.S. Federal Income Tax Considerations—U.S. Federal Income Tax Treatment of Cellebrite—Tax Residence of Cellebrite for U.S. Federal Income Tax Purposes” for a more detailed discussion of the application of Section 7874 to the Merger. Investors in Cellebrite should consult their own advisors regarding the application of Section 7874 to the Merger.

Section 7874 may limit the ability of TWC to use certain tax attributes, increase Cellebrite’s U.S. affiliates’ U.S. taxable income or have other adverse consequences to Cellebrite and Cellebrite’s shareholders.

Following the acquisition of a U.S. corporation by a foreign corporation, Section 7874 can limit the ability of the acquired U.S. corporation and its U.S. affiliates to use U.S. tax attributes (including net operating losses and certain tax credits) to offset U.S. taxable income resulting from certain transactions, as well as result in certain other adverse tax consequences, even if the acquiring foreign corporation is respected as a foreign corporation for purposes of Section 7874. In general, if a foreign corporation acquires, directly or indirectly, substantially all of the properties held directly or indirectly by a U.S. corporation and after the acquisition, the former shareholders of the acquired U.S. corporation hold at least 60% (by either vote or value) but less than 80% (by vote and value) of the shares of the foreign acquiring corporation by reason of holding shares in the acquired U.S. corporation, subject to other requirements, certain adverse tax consequences under Section 7874 may apply.

If these rules apply to the Merger, Cellebrite and certain of Cellebrite’s shareholders may be subject to adverse tax consequences including, but not limited to, restrictions on the use of tax attributes with respect to “inversion gain” recognized over a 10-year period following the transaction, disqualification of dividends paid from preferential “qualified dividend income” rates and the requirement that any U.S. corporation owned by Cellebrite include as “base erosion payments” that may be subject to a minimum U.S. federal income tax any amounts treated as reductions in gross income paid to certain related foreign persons. Furthermore, certain “disqualified individuals” (including officers and directors of a U.S. corporation) may be subject to an excise tax on certain stock-based compensation held thereby at a rate of 20%.

As more fully described in the section titled “Material U.S. Federal Income Tax Considerations — U.S. Federal Income Tax Treatment of Cellebrite — Utilization of TWC’s Tax Attributes and Certain Other Adverse Tax Consequences to Cellebrite and Cellebrite’s Shareholders,” based on the terms of the Merger and the rules for determining share ownership under Section 7874 and the Section 7874 Regulations, Cellebrite is not intended to be subject to these rules under Section 7874 after the Merger. The above determination, however, is subject to detailed regulations (the application of which is uncertain in various respects and could be impacted by future changes in such U.S. Treasury regulations, with possible retroactive effect) and is subject to certain factual uncertainties. Accordingly, there can be no assurance that the IRS will not challenge whether Cellebrite is subject to the above rules or that such a challenge would not be sustained by a court.

However, even if Cellebrite is not subject to the above adverse consequences under Section 7874, Cellebrite may be limited in using its equity to engage in future acquisitions of U.S. corporations over a 36-month period following the Merger. If Cellebrite were to be treated as acquiring substantially all of the assets of a U.S. corporation within a 36-month period after the Merger, the Section 7874 Regulations (as defined in “Material U.S. Federal Income Tax Considerations — U.S. Federal Income Tax Treatment of Cellebrite — Tax Residence of Cellebrite for U.S. Federal Income Tax Purposes”) would exclude certain shares of Cellebrite attributable to the Merger for purposes of determining the Section 7874 Percentage of that subsequent acquisition, making it more likely that Section 7874 will apply to such subsequent acquisition.

See “Part I, Item 10. Additional Information—E. Material Taxation — Material U.S. Federal Income Tax Considerations — Material U.S. Federal Income Tax Treatment of Cellebrite —Utilization of TWC’s Tax Attributes and Certain Other Adverse Tax Consequences to Cellebrite and Cellebrite’s Shareholders” for a more detailed discussion of the application of Section 7874 to the Merger. Investors in Cellebrite should consult their own advisors regarding the application of Section 7874 to the Merger.

Risks Related to the Israeli Tax Treatment of Cellebrite and the Merger

If we do not qualify for Israeli tax benefits, our effective tax rate on our business income and the Israeli withholding tax on distributions of dividends by us to our shareholders may be higher than expected.

Cellebrite believes that it is currently entitled to claim certain tax benefits in Israel, including reduced corporate tax rates, reduced withholding tax rates with respect to dividend distributions and higher depreciation rates. These tax benefits require us to satisfy each tax year certain conditions that included in the provisions of Israeli tax laws. There can be no assurances that we will qualify for such tax benefits in any given year. If we do not qualify for such tax benefits, the effective Israeli tax rate on our business income and the withholding tax rate with respect to dividend that we will distribute to our shareholders may be higher than we expect.

We may be required to pay Israeli taxes, including by way of withholding from our shareholders, as a result of the transactions contemplated by the Merger Agreement, and if we do not receive the Transaction Tax Ruling exempting the Indemnified TWC Parties from certain taxes we may be required to indemnify the Indemnified TWC Parties for such Israeli withholding tax liability.

Pursuant to the Merger Agreement we have filed an application to receive the Transaction Tax Ruling (which was bifurcated to three separate applications) from the Israel Tax Authority, which seeks to determine (i) that none of the Indemnified TWC Parties (as defined in the Merger Agreement) are subject to Israeli tax with respect to receipt of Ordinary Shares and/or Warrants, (ii) the tax treatment of the issuance of the Price Adjustment Shares and the Additional Dividend (as defined in the Merger Agreement) for Israeli Tax purposes and (iii) that the Capital Restructuring (as defined in the Merger Agreement) is not subject to Israeli withholding Tax. We received a signed ruling regarding the Capital Restructuring and the distribution of funds from the trust account to the Company, as well as a signed ruling regarding the Additional Dividend. We withdrew the ruling applications with regards to the tax treatment of the issuance of the Price Adjustment Shares and the exemption of the Indemnified TWC Parties from Israeli tax with respect to receipt of Ordinary Shares and/or Warrants.

We made an irrevocable written undertaking to fully indemnify and hold harmless (on a grossed up basis, to account for their related tax liability and for their Cellebrite holdings) the Indemnified TWC Parties from any Israeli tax actually incurred by such Indemnified TWC Parties which should have been exempted by the Transaction Tax Ruling (including from all costs and expenses, including reasonable attorney costs, associated with such tax, including in defending such matters). If an indemnification event will occur, our business results may be adversely affected.

General Risk Factors

Joint ventures, partnerships, and strategic alliances may have a material adverse effect on our business, results of operations and prospects.

We intend to continue to enter into joint ventures, partnerships, and strategic alliances as part of our long-term business strategy. Joint ventures, partnerships, strategic alliances, and other similar arrangements involve significant investments of both time and resources, and there can be no assurances that they will be successful. They may present significant challenges and risks, including that they may not advance our business strategy, we may get an unsatisfactory return on our investment or lose some or all of our investment, they may distract management and divert resources from our core business, they may expose us to unexpected liabilities, or we may choose a partner that does not cooperate as we expect them to and that fails to meet its obligations or that has economic, business, or legal interests or goals that are inconsistent with ours. For example, we partner with various resellers who coordinate the provision of our solutions to the end customers. Also, for example, there is risk for termination of strategic or technology partnerships that complement or compose part of our DI offering; such terminations may impact our ability to successfully compete in the market. We believe these arrangements can offer strategic advantages, but they increase our dependence on third parties to achieve our objectives.

Entry into certain joint ventures, partnerships, or strategic alliances now or in the future may be subject to government regulation, including review by U.S. or foreign government entities related to foreign direct investment. If a joint venture or similar arrangement were subject to regulatory review, such regulatory review might limit our ability to enter into the desired strategic alliance and thus our ability to carry out our long-term business strategy.

As our joint ventures, partnerships, and strategic alliances come to an end or terminate, we have been, in some cases, unable to renew or replace them on comparable terms, or at all. Each of our agreements with resellers have terms of just one year, and so these agreements are frequently up for renewal or termination. When we enter into joint ventures, partnerships, and strategic alliances, our partners may be required to undertake some portion of sales, marketing, implementation solutions, engineering solutions, or software configuration that we would otherwise provide. In such cases, our partner may be less successful than we would have otherwise been absent the arrangement. In the event we enter into an arrangement with a particular partner, we may be less likely (or unable) to work with one or more direct competitors of our partner with which we would have worked absent the arrangement. We may have interests that are different from our partners and/or which may affect our ability to successfully collaborate with a given partner. Similarly, one or more of our partners in a joint venture, partnership, or strategic alliance may independently suffer a bankruptcy or other economic hardship that negatively affects its ability to continue as a going concern or successfully perform on its obligation under the arrangement. In addition, customer satisfaction with our solutions provided in connection with these arrangements may be less favorable than anticipated, negatively impacting anticipated revenue growth, margins and results of operations of arrangements in question. Further, some of our partners offer competing solutions or work with our competitors and some strategic partners have in the past and others may in the future be acquired by our competitors, resulting in the termination of the partnership. As a result of these and other factors, many of the companies with which we have joint ventures, partnerships, or strategic alliances may choose to pursue alternative technologies and develop alternative solutions in addition to or in lieu of our solutions, either on their own or in collaboration with others, including our competitors. If we are unsuccessful in establishing or maintaining our relationships with these partners, our ability to compete in a given marketplace or to grow our revenue would be impaired, and our results of operations may suffer. Even if we are successful in establishing and maintaining these relationships with our partners, we cannot assure you that these relationships will result in increased customer usage of our DI suite of solutions or increased revenue.

Further, winding down joint ventures, partnerships, or other strategic alliances can result in additional costs, litigation, and negative publicity. Any of these events could adversely affect our business, financial condition, results of operations, and growth prospects.

We may acquire or invest in companies and technologies, which may divert our management’s attention, and result in additional dilution to our shareholders. We may be unable to integrate acquired businesses and technologies successfully or achieve the expected benefits of such acquisitions or investments.

As part of our business strategy, we have engaged in strategic transactions in the past and expect to evaluate and consider potential strategic transactions, including acquisitions of, or investments in, businesses, technologies, products, services and other assets in the future. Past acquisitions or any future acquisition, investment or business relationship in some cases have and may in the future result in unforeseen risks, operating difficulties and expenditures, including but not limited to the following:

The occurrence of any of these risks could have a material adverse effect on our business, results of operations, and financial condition. Moreover, we cannot assure you that we would not be exposed to unknown liabilities.

Our international operations expose us to business, political and economic risks that could cause our operating results to suffer.

We intend to continue to make efforts to increase our international operations and anticipate that international sales will continue to account for a significant portion of our revenue. These international operations are subject to certain risks and costs, including the difficulty and expense of administering business and compliance abroad, differences in business practices, compliance with domestic and foreign laws (including without limitation domestic and international import and export laws and regulations and the U.S. Foreign Corrupt Practices Act (“FCPA”), including potential violations by acts of agents or other intermediaries), costs related to localizing solutions for foreign markets, costs related to translating and distributing software solutions in a timely manner, costs related to increased financial accounting and reporting burdens and complexities, longer sales and collection cycles for accounts receivables, failure of laws or courts to protect our intellectual property rights adequately, local competition, and economic or political instability and uncertainties, including inflation, recession, interest rate fluctuations and actual or anticipated military or geopolitical conflicts. In addition, regulatory limitations regarding the repatriation of earnings may adversely affect the transfer of cash earned from foreign operations.

Significant international sales may also expose us to greater risk from political and economic instability, unexpected changes in Israeli, U.S. or other governmental policies concerning import and export of goods and technology, regulatory requirements, tariffs and other trade barriers. Economic downturns and geopolitical challenges in the Americas, EMEA or certain other parts of the world critical to our operations could cause our customers in or outside of those locations to reevaluate decisions to purchase our solutions or to delay or reduce their technology purchasing decisions, which could adversely impact our results of operations. Regional conflicts, such as Russia’s invasion of Ukraine, and measures taken in response thereto have created global security concerns that could have a lasting adverse impact on regional and global economies, and in turn, on our customers’ decision to purchase our products. Additionally, international earnings may be subject to taxation by more than one jurisdiction, which may materially adversely affect our effective tax rate. Finally, international expansion may be difficult, time consuming, and costly. These risks and their potential impacts may be exacerbated by to prolonged economic uncertainties of downturns. As a result, if revenue from international operations do not offset the expenses of establishing and maintaining foreign operations, our business, operating results and financial condition will suffer.

If our goodwill or intangible assets become impaired, we may be required to record a significant charge to earnings.

We have acquired and may acquire other companies and intangible assets, and we may not realize all the economic benefit from those acquisitions, which could cause an impairment of goodwill or intangibles. We review our amortizable intangible assets for impairment when events or changes in circumstances indicate the carrying value may not be recoverable. We test goodwill for impairment at least annually. If such goodwill is deemed to be impaired, an impairment loss equal to the amount by which the carrying amount exceeds the fair value of the assets would be recognized. Events which might indicate impairment include, but are not limited to, declines in stock price market capitalization or cash flows, adverse cost factors, deteriorating financial performance, strategic decisions made in response to economic, market and competitive conditions, the impact of the economic environment on us and our customer base, and/or relevant events such as changes in management, key personnel, litigation or customers.

We may be required to record a significant charge in our financial statements during the period in which any impairment of our goodwill or intangible assets is determined, which would negatively affect our results of operations.

Our provision for income taxes and effective income tax rate may vary significantly and may adversely affect our results of operations and cash resources.

Significant judgment is required in determining our provision for income taxes. Various internal and external factors may have favorable or unfavorable effects on our future provision for income taxes, income taxes receivable, and our effective income tax rate. These factors include, but are not limited to, changes in tax laws, regulations and/or rates, results of audits by tax authorities, changing interpretations of existing tax laws or regulations, changes in estimates of prior years’ items, the impact of transactions we complete, future levels of research and development spending, changes in the valuation of our deferred tax assets and liabilities, transfer pricing adjustments, changes in the overall mix of income among the different jurisdictions in which we operate, and changes in overall levels of income before taxes. Furthermore, new accounting pronouncements or new interpretations of existing accounting pronouncements, and/or any internal restructuring initiatives we may implement from time to time to streamline our operations, can have a material impact on our effective income tax rate.

Tax examinations are often complex as tax authorities may disagree with the treatment of items reported by us and our transfer pricing methodology based upon our limited risk distributor model, the result of which could have a material adverse effect on our financial condition and results of operations. Although we believe our estimates are reasonable, the ultimate outcome with respect to the taxes we owe may differ from the amounts recorded in our financial statements, and this difference may materially affect our financial position and financial results in the period or periods for which such determination is made.

Our pricing structures for our solutions may change from time to time.

In some cases we offer our solutions at a higher price point than many of our competitors, and this may change in the future. We have changed our pricing models in the past and expect that we may further change them from time to time in the future, including as a result of competition, global economic conditions, general reductions in our customers’ spending levels, pricing studies, or changes in how our solutions are broadly offered or consumed. Similarly, as we introduce new solutions, or as a result of the evolution of our existing solutions, we may have difficulty determining the appropriate price structure for our solutions. In addition, as new and existing competitors introduce new solutions that compete with ours, or revise their pricing structures, we may be unable to attract new customers at the same price or based on the same pricing model as we have used historically. Moreover, as we continue to target selling our solutions to larger organizations, these larger organizations may demand substantial price concessions. In addition, we may need to change pricing policies to accommodate government pricing guidelines for our contracts with federal, state, local, and foreign governments and government agencies. If we are unable to modify or develop pricing models and strategies that are attractive to existing and prospective customers, while enabling us to significantly grow our sales and revenue relative to our associated costs and expenses in a reasonable period of time, our business, financial condition, and results of operations may be adversely impacted.

If we fail to maintain an effective system of internal controls, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.

As a public company, we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, and the rules and regulations of the listing standards of Nasdaq. We expect that the requirements of these rules and regulations will continue to increase our legal, accounting, and financial compliance costs, make some activities more difficult, time-consuming, and costly, and place significant strain on our personnel, systems, and resources. The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. We are continuing to develop and refine our disclosure controls and other procedures that are designed to ensure that information required to be disclosed by us in the reports that we will file with the SEC is recorded, processed, summarized, and reported within the time periods specified in SEC rules and forms and that information required to be disclosed in reports under the Exchange Act is accumulated and communicated to our principal executive and financial officers. We may also need to improve our internal control over financial reporting. Some members of our management team have limited or no experience managing a publicly traded company, interacting with public company investors, and complying with the increasingly complex laws pertaining to public companies, and we have limited accounting and financial reporting personnel and other resources with which to address our internal controls and related procedures, including complying with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act that we will eventually be required to include in our annual reports filed with the SEC. We may need to hire and successfully integrate additional accounting and financial staff with appropriate company experience and technical accounting knowledge. In order to maintain and improve the effectiveness of our disclosure controls and procedures and internal control over financial reporting, we have expended, and anticipate that we will continue to expend, significant resources, including accounting-related costs and significant management oversight.

Our current controls and any new controls that we develop may become inadequate because of changes in conditions in our business. Further, we may identify in the future deficiencies in our controls. Any failure to develop or maintain effective controls or any difficulties encountered in their implementation or improvement could harm our results of operations or cause us to fail to meet our reporting obligations and may result in a restatement of our financial statements for prior periods. Any failure to implement and maintain effective internal control over financial reporting also could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports. Ineffective disclosure controls and procedures and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which could have a negative effect on the trading price of our securities. In addition, if we are unable to continue to meet these requirements, we may not be able to remain listed on The Nasdaq Stock Market LLC.

Our independent registered public accounting firm is not required to attest to the effectiveness of our internal control over financial reporting until after we are no longer an “emerging growth company” as defined in the JOBS Act. At such time, our independent registered public accounting firm may issue a report that is adverse in the event it is not satisfied with the level at which our internal control over financial reporting is documented, designed, or operating. Any failure to maintain effective disclosure controls and internal control over financial reporting could have a material and adverse effect on our business and results of operations and could cause a decline in the price of our securities.

If our estimates or judgments relating to our critical accounting policies prove to be incorrect, our results of operations could be adversely affected.

The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in our consolidated financial statements and accompanying notes appearing elsewhere in this Annual Report. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as discussed in “Part II, Item 5. Operating and Financial Review and Prospects—E. Critical Accounting Estimates.” The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities, and equity, and the amount of revenue and expenses. Significant estimates and judgments involve: revenue recognition; contract acquisition costs; valuation of our ordinary shares, Price Adjustment Shares and share-based compensation; fair values of assets acquired and liabilities assumed in connection with the Merger; and income taxes. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below the expectations of securities analysts and investors, resulting in a decline in the market price of our securities.

ITEM 7. MAJOR SHAREHOLDERS AND RELATED PARTY TRANSACTIONS

The following table sets forth information relating to the beneficial ownership of our Ordinary Shares by: 

The SEC has defined “beneficial ownership” of a security to mean the possession, directly or indirectly, of voting power and/or investment power over such security. A shareholder is also deemed to be, as of any date, the beneficial owner of all securities that such shareholder has the right to acquire within 60 days after that date through (i) the exercise of any option, warrant or right, (ii) the conversion of a security, (iii) the power to revoke a trust, discretionary account or similar arrangement, or (iv) the automatic termination of a trust, discretionary account or similar arrangement. In computing the number of shares beneficially owned by a person and the percentage ownership of that person, Ordinary Shares subject to options or other rights (as set forth above) held by that person that are currently exercisable, or will become exercisable within 60 days thereafter, are deemed outstanding, while such shares are not deemed outstanding for purposes of computing percentage ownership of any other person. Each person named in the table has sole voting and investment power with respect to all of the Ordinary Shares shown as beneficially owned by such person, except as otherwise indicated in the table or footnotes below.

The percentage of Ordinary Shares beneficially owned is computed on the basis of 205,297,065 Ordinary Shares outstanding as of March 11, 2024.

Unless otherwise indicated, we believe that all persons named in the table below have sole voting and investment power with respect to all Ordinary Shares beneficially owned by them. To our knowledge, no Ordinary Shares beneficially owned by any executive officer, or director have been pledged as security. All of our shareholders, including the shareholders listed below, have the same voting rights attached to their Ordinary Shares. Unless otherwise noted below, each shareholder’s address is 94 Shlomo Shmelzer Road, Petah Tikva 4970602, Israel.

Option Holdings

Pursuant to SEC rules, the following table provides information as of March 11, 2024 regarding all options to purchase our ordinary shares (including options exercisable and unexercisable) held by our Chief Executive Officer Yossi Carmil, who is our only executive officer or director who owned more than 1% of our ordinary shares outstanding as of that date.

Registered Holders

Based on a review of the information provided to us by our transfer agent, as of December 31, 2023, there were 7 registered holders of our shares in the United States, including Cede & Co., the nominee of the Depository Trust Company, together holding approximately 42.5% of our outstanding Ordinary Shares. The number of record holders in the United States is not representative of the number of beneficial holders, nor is it representative of where such beneficial holders are resident, since many of these ordinary shares were held by brokers or other nominees.

B. RELATED PARTY TRANSACTIONS

The below is a description of all reportable related party transactions since January 1, 2023:

Distribution Agreement with SUNCORPORATION

We expect to enter into a new distribution agreement with SUNCORPORATION, which will replace a previous distribution agreement which expired on March 1, 2024.

Under the proposed Distribution Agreement, SUNCORPORATION will be the non-exclusive distributor for the promotion, marketing and sale of our mobile solutions in Japan. The proposed Distribution Agreement was approved by the audit committee on February 11, 2024 following the determination of the audit committee that the Distribution Agreement is not deemed to be an "extraordinary transaction" under the Companies Law.

Restricted Sponsor Shares and Price Adjustment Shares

As set forth in the Merger Agreement, 7,500,000 Ordinary Shares issued to TWC Tech Holdings II, LLC, out of a total of 13,500,000 shares, are Restricted Sponsor Shares and will vest in 3 tranches of 3,000,000, 3,000,000 and 1,500,000, upon achievement of the triggering events (as defined in the Merger Agreement); if at any time during the Price Adjustment Period the price of Ordinary Shares will be greater than or equal to $12.50, $15.00 and $30.00, respectively, over any twenty trading days within any thirty trading day period. In the event of a post-Closing change of control transaction involving the Company, any Restricted Sponsor Shares not previously vested will vest and will be entitled to participate in the change of control transaction. The probability of such event was considered by the Company. Upon the expiration of the Price Adjustment Period (a period of seven years from the closing date of the Merger), any unvested shares that have not vested as of such time will be forfeited. The Company security holders shall be entitled to vote their unvested Restricted Sponsor Shares and receive dividends and other distribution, and to have all other economic rights, in each case, with respect to such Restricted Sponsor Shares while they remain unvested.

As set forth in the Merger Agreement, holders of the Ordinary Shares and vested RSUs, in each case as of immediately prior to the Effective Time, are eligible to receive up to 15,000,000 Ordinary Shares that will vest in 3 tranches of 5,000,000 upon achievement of the triggering events (if at any time during the Price Adjustment Period the price of Ordinary Shares will be greater than or equal to $12.50, $15.00 and $17.50, respectively, over any 20 trading-days within any 30 trading-day period.) or upon a Change of Control (as defined in Merger Agreement) before the five (5) year anniversary of the Closing Date.

Investors Rights Agreement

Pursuant to the Merger Agreement, certain TWC stockholders who received Ordinary Shares and certain Cellebrite shareholders (collectively “Cellebrite Equityholders”) and Cellebrite entered into the Investor Rights Agreement, pursuant to which, among other things, Cellebrite agreed to file a registration statement within 30 days of the Effective Time to register for resale under the Securities Act (x) the Ordinary Shares and the Warrants issued or issuable pursuant to the Merger Agreement (including the Ordinary Shares underlying the Warrants, any and all earned Price Adjustment Shares (as defined in the Merger Agreement), and the Ordinary Shares issued pursuant to the Share Purchase Agreement) and (y) certain Ordinary Shares held by Cellebrite Equityholders which were subject to registration rights pursuant to other registration rights agreements in existence prior to the date thereof. The Company filed registration statement on Form F-1 on September 27, 2021, which became effective on October 6, 2021. The Investor Rights Agreement also permits underwritten takedowns and provides for customary “piggyback” registration rights. Cellebrite agreed to indemnify the Sponsor and certain of the Sponsor’s related persons from certain liabilities arising from the Merger Agreement, the transactions agreements relating to the Merger, and the transactions and filings contemplated thereby, subject to certain limitations set forth in the Investor Rights Agreement.

Indemnification Agreements

We have entered into indemnification agreements with our directors and executive officers. See “Part I, Item 6. Directors, Senior Management and Employees—C. Board Practices—Approval of Related Party Transactions under Israeli Law—Exculpation, Insurance and Indemnification of Office Holders” for additional information.

C. INTERESTS OF EXPERTS AND COUNSEL

Not applicable.

PART III

Item 19. EXHIBITS

SIGNATURES

The registrant hereby certifies that it meets all of the requirements for filing on Form 20-F/A and that it has duly caused and authorized the undersigned to sign this annual report on its behalf.

47