CRITICAL PATH INC - 10-K Annual Report

Securities registered pursuant to Section 12(g) of the Act: Common Stock, Series C

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes x No o

Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K is not contained herein, and will not be contained, to the best of registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K. o

Indicate by check mark whether Registrant is an accelerated filer (as defined in Rule 12b-2 of the Act). Yes x No o

The aggregate market value of voting stock held by non-affiliates of the Registrant was approximately $77,690,340 as of June 28, 2002, based on the closing price of the Common Stock as reported on the Nasdaq National Market for that date.

There were 80,142,745 shares of the Registrant’s Common Stock issued and outstanding on March 15, 2003.

Items 10 (as to Section 16(a) Beneficial Ownership Reporting Compliance), 11, 12 and 13 of Part III incorporate by reference information from Critical Path, Inc.’s definitive Proxy Statement, to be filed with the Securities and Exchange Commission, in connection with the solicitation of proxies for the 2003 Annual Meeting of Shareholders scheduled to be held on May 29, 2003.

This Annual Report and the following disclosure contain forward-looking statements within the meaning of the “safe harbor” provisions of the Private Securities Litigation Reform Act of 1995, as amended and in effect from time to time. The words “anticipates,” “expects,” “intends,” “plans,” “believes,” “seek,” and “estimate” and similar expressions are intended to identify forward-looking statements. These are statements that relate to future periods and include statements regarding our future strategic, operational and financial plans, anticipated or projected revenues, expenses and operational growth, markets and potential customers for our products and services, plans related to sales strategies and global sales efforts, the anticipated benefits of our strategic alliances, growth of our competition, our ability to compete, investments in product development, the adequacy of our current facilities, our litigation strategy, use of future earnings, the features, benefits and performance of our current and future products and services, plans to reduce operating costs through continued expense reduction, anticipated effects of restructuring and retirement of debt, and our belief as to our ability to successfully emerge from the restructuring and refocusing of our operations, are subject to risks and uncertainties that could cause actual results to differ materially from those projected. Factors that might cause future results to differ materially from those projected in the forward-looking statements include, but are not limited to, difficulties of forecasting future results due to our limited operating history, failure to meet sales and revenue forecasts, evolving business strategy and the emerging nature of the market for our products and services, finalization of pending class action, derivative or other litigation, turnover within and integration of senior management, board of directors members and other key personnel, difficulties in our strategic plans to exit certain products and services offerings, failure to expand our sales and marketing activities, potential difficulties associated with strategic relationships, investments and uncollected bills, general economic conditions in markets in which we do business, risks associated with our international operations, foreign currency fluctuations, unplanned system interruptions and capacity constraints, software defects, risks associated with an inability to maintain continued compliance with Nasdaq National Market listing requirements and delisting actions by such market, and those discussed in “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and “Additional Factors That May Affect Future Operating Results” and elsewhere in this report. Readers are cautioned not to place undue reliance on these forward-looking statements. The forward-looking statements speak only as of the date hereof. We expressly disclaim any obligation to publicly release the results of any revisions to these forward- looking statements to reflect events or circumstances after the date of this filing.

All references to “Critical Path,” “we,” “our,” or the “Company” mean Critical Path, Inc. and its subsidiaries, except where it is clear from the context that such terms mean only the parent company and excludes subsidiaries.

This Annual Report on Form 10-K includes numerous trademarks and registered trademarks of Critical Path. Products or service names of other companies mentioned in this Annual Report on Form 10-K may be trademarks or registered trademarks of their respective owners.

Critical Path delivers digital communications software and services that enable enterprises, government agencies, wireless carriers, and service providers to rapidly deploy highly scalable solutions for messaging and identity management. Built upon an open, extensible software platform, these solutions help organizations expand the range of digital communications services they provide, while frequently reducing overall costs. Our messaging solutions, which are available both as licensed software and as hosted services, provide integrated access to a broad range of communication and collaboration applications from wireless devices, web browsers, desktop clients, and voice systems. This integration can provide new revenue opportunities for carriers and service providers and enables them to attract new subscribers, drive more usage, and retain subscribers longer. For enterprises and governments, our solutions are designed to reduce burdens on helpdesks, simplify the deployment of key security infrastructure, enable compliance with new regulatory mandates, and help reduce

We were incorporated in California in 1997. Our principal executive offices are located at 350 The Embarcadero, San Francisco, California 94105-1204. Our telephone number is (415) 541-2500 and our website is located at www.criticalpath.net. The information contained in our website does not form any part of this Annual Report on Form 10-K. However, we make available, free of charge and as soon as practicable, through our website, our annual reports, quarterly reports, reports on Form 8-K and any amendments to those reports filed or furnished pursuant to Section 13(a) or 15(d) of the Securities Exchange Act of 1934, as amended.

Restructuring Actions. In May 2002, we approved a restructuring plan to reduce our expense levels to be consistent with the then current business climate. In connection with the plan, a restructuring charge of $1.5 million was recognized in the second quarter of 2002. This charge was comprised of approximately $1.2 million in severance and related costs associated with the elimination of approximately 39 positions and $300,000 in facilities lease termination costs.

Most recently, in January 2003, we announced a restructuring initiative designed to further reduce our expense levels in an effort to achieve operating profitability assuming little revenue growth. The cost-reduction plan targets a reduction in operating expenses, excluding special charges, amortization and depreciation, of approximately $22 million annually. Quarterly operating expenses, excluding special charges, amortization and depreciation are targeted to be approximately $21 million to $22 million by mid-year 2003. The plan includes the consolidation of some office locations and a global workforce reduction of approximately 175 positions, or approximately 30% of the workforce. The headcount reduction is partially offset by outsourcing approximately 75 positions to lower cost service providers. We anticipate an aggregate charge of approximately $7.5 million resulting from the cost reduction plan, inclusive of cash and non-cash expenses. We expect to incur the charge through the first half of 2003.

Nasdaq Stock Market De-Listing Proceedings. On December 30, 2002, we announced that we had received notification from the Nasdaq National Market that we were out of compliance with the minimum bid price requirement of $1.00 a share set forth in Marketplace Rule 4450(a)(5) for the continued listing of its common stock on the Nasdaq National Market and that we had requested a hearing on the matter before the Nasdaq Listing Qualifications Panel. On January 30, 2003, we appeared before the panel to present a plan to re-establish compliance. In advance of the hearing, our board of directors approved a resolution to solicit shareholder approval for a reverse stock split of our common stock if needed, and we filed a preliminary proxy statement in anticipation of such action. Shortly thereafter, the Nasdaq Stock Market announced proposed rules changes providing for longer time periods for both delisting actions related to minimum bid price and for regaining compliance for continued listing. As a result of the hearing and recent rules changes proposed by Nasdaq, we have been granted additional time to regain compliance with the minimum bid price listing requirements pending review and approval of the rules by the SEC.

Management and Board Changes. In May 2002, David Hayden resigned as executive chairman and as a director. Following the resignation of Mr. Hayden, William McGlashan, Jr., our chief executive officer and a member of our board of directors, was named chairman of the board in June 2002. Later in June 2002, Klaus Esser, a general partner at private equity firm General Atlantic Partners and former chairman of Mannesmann AG, was appointed to our board of directors to fill the vacancy created by Mr. Hayden’s departure. In July 2002, William S. Cohen, former United States Secretary of Defense, joined our board of directors to fill the other remaining vacancy. In October 2002, Pierre Van Beneden terminated his employment as our president and Robert Allen Shipp was hired as his successor. In February 2003, Laureen DeBuono stepped down as our chief financial officer and Paul Bartlett, formerly our executive vice president of corporate development, was appointed as her successor. Also in February 2003, Mr. Esser resigned from our board of directors. That director vacancy was filled by the appointment of Wm. Christopher Gorog, chairman, president and chief executive officer of Roxio, Inc., in March 2003.

Global Messaging Alliance Formed with the Hewlett-Packard Company. In October 2002, we announced the formation of a global managed messaging service alliance with HP, in which we will outsource our data center operations to HP and jointly market a new managed messaging service. As part of the alliance, we will continue to provide messaging applications management services and product development, with both companies marketing and selling the hosted messaging service and providing integration services. Both companies began offering the new managed messaging service during the first quarter of 2003 with the data center migrations expected to be completed by the end of the second quarter of 2003.

Acquisition of Japanese Joint Venture. On June 6, 2002, we acquired the remaining 60% ownership interest in our Japanese joint venture from Mitsui and Co. Ltd., NTT Communications Corporation and NEC Corporation for $3.0 million in cash and the assumption of $2.6 million in business restructuring and capital lease obligations. Following the acquisition, we began including the financial results of this new wholly-owned subsidiary, Critical Path Japan, in our own consolidated results.

Securities Class Action and Shareholder Derivative Litigation in Northern District of California. Beginning on February 2, 2001, a number of securities class action complaints were filed against us, and certain of our current and former officers and directors in the United States District Court for the Northern District of California. The complaints were filed as purported class actions by individuals who allege that they purchased our common stock during a purported class period and sought an unspecified amount in damages; the alleged class periods varied among the complaints. The complaints were consolidated into a single action which alleged that, during the period from September 26, 2000 to February 1, 2001, Critical Path and certain of our former officers made false or misleading statements of material fact about our financial statements, including our revenues, revenue recognition policies, business operations and prospects for the year 2000 and beyond. In addition, on September 24, 2001, certain former shareholders of PeerLogic, Inc. filed a putative class action in the Superior Court of the State of California alleging that Critical Path breached representations and warranties made in connection with the acquisition of PeerLogic. The complaint sought an unspecified amount in damages. We subsequently removed the PeerLogic action to the United States District Court for the Northern District of California. On November 8, 2001, we announced that we had reached an agreement to settle the principal class action cases. In February 2002, the court gave preliminary approval to the settlement of the principal class action litigation. In June 2002, the court entered its final approval of the settlement. In connection with the settlement, we agreed to issue warrants to purchase up to 850,000 shares of common stock at $10.00 per share, and recorded a change of $697,000 to operating expense related to the fair value of these warrants. We are currently finalizing the terms of the settlement of the derivative litigation associated with the same period. PeerLogic shareholders who opted out of the settlement have alleged damages in excess of $200 million and litigation is ongoing with respect to these claims.

Securities and Exchange Commission Investigation. In 2001, the Securities and Exchange Commission (SEC) investigated us and certain of our former officers, employees and directors with respect to non-specified accounting matters, financial reports, other public disclosures and trading activity in our securities. The SEC concluded its investigation of us in January 2002 with no imposition of fines or penalties and, without admitting or denying liability, we consented to a cease and desist order and an administrative order as to violation of certain non-fraud provisions of the federal securities laws. The investigation has resulted in charges being filed against four of our former officers and employees. We believe that investigation and potential prosecution of former officers and employees may continue; and while we continue to fully cooperate with any requests with respect to such investigation, we do not know the status of such investigation.

We believe digital communications, email, text messaging, instant messaging, collaborative calendaring, online document sharing, and multimedia have become mission-critical tools in today’s business environment. In many enterprises, employees from corporate offices through retail branches and factory floors receive company communications electronically. Distributed and virtual organizations are increasingly looking to online technologies to share information among employees, suppliers, partners, and customers in order to streamline operations and cut costs. Families are increasingly staying in touch with pictures and letters, sent

not on paper but through email. Mobile phones and wireless personal data assistants are converging, opening potential opportunities for instant access to information and services whether someone is at home, in the office, or half-way around the world.

Making it easier for people to manage time, relationships and resources can have a significant impact on increasing the demand for digital communications. Consumers and business users are beginning to see the benefits of being able to access their key information and applications from anywhere at anytime, whether it is by phone, wireless device, over the web, or from a desktop computer. However, taking advantage of the opportunities this presents can be challenging. We believe new approaches are required to keep services coordinated and manage who has access to these services and to all of the other applications, databases and systems required in today’s information technology environments. We believe consumers, businesses, government agencies, and telecommunications companies are all looking for ways to do more with less, leverage expertise in and outside of the organization, and to use advanced communications and management tools to make things easier.

For wireless carriers and service providers, these new opportunities can come at a time when existing services are rapidly becoming commodities and heavy spending on new infrastructure has yet to pay off. To reverse shrinking margins, telecommunications companies are searching for ways to boost average revenue per user, attract and retain subscribers, and cut deployment costs. For many, this means moving beyond basic consumer connectivity to offer richer, more differentiated services that take advantage of existing networks. In addition, demand from small- to medium-sized businesses for immediately effective communications offerings is providing opportunities for carriers and service providers to diversify into new markets.

We believe large enterprises are faced with similar needs to deliver a broader range of communications and information services while driving down the cost of operating such services and ensuring that privacy and security are maintained. Many organizations are discovering that traditional groupware, which is oriented towards concentrated workgroups of a desktop users who all need the same capabilities, lacks the scalability, flexibility, and ease of customization and integration with existing systems desired in today’s more mobile and distributed environment.

Providing access to information, including messaging, that crosses internal as well as external organizational boundaries often depends upon having accurate, reliable information about each user’s identity, preferences, and rights to particularly resources. However, such information is usually scattered throughout disparate data systems, making it difficult to keep up-to-date. We believe that consolidating and integrating this data not only makes it easier to deliver advanced messaging and information services, but also plays a key role in reducing costs of operations, freeing up helpdesk and IT resources for other projects, and putting in place more reliable data security, enforcement, and compliance procedures.

We deliver digital communications software and services that are designed to enable enterprises, government agencies, wireless carriers, and service providers to rapidly deploy highly scalable solutions for messaging and identity management. Built upon an open, extensible software platform, these solutions help organizations expand the range of digital communications services they provide, while frequently reducing overall costs. Our messaging solutions, which are available both as licensed software and as hosted services, provide integrated access to a broad range of communication and collaboration applications from wireless devices, web browsers, desktop clients, and voice systems. This integration can provide new revenue opportunities for carriers and service providers designed to enable them to attract new subscribers, drive more usage, and retain subscribers longer. For enterprises and governments, our solutions are designed to reduce burdens on helpdesks, simplify the deployment of key security infrastructure, enable easier compliance with new regulatory mandates, and help reduce the cost and effort of deploying modern messaging services to distributed organizations, mobile users, deskless workers, suppliers and customers.

Our modular, standards-based messaging software provides integrated, customizable services and rich applications that are accessible from a broad range of client devices. We design our software to integrate easily with current and future environments that can simplify and accelerate deployment and protect investments.

With high scalability and reliability that has succeeded in many of the most demanding carrier, government and enterprise environments around the globe, our messaging solutions can enable organizations to take greater advantage of existing hardware, leverage in-house and third-party communications applications, use less storage space, and consume fewer helpdesk and IT resources.

Our messaging solutions take advantage of our industry-leading identity management technology to help reduce costs of operations by allowing class of service data, single sign-on passwords, personalized user preferences and other user information to be stored in a centralized profiles for efficient use and administration. This allows service levels and branding to be customized to the needs of particular groups of users, new services to be added incrementally, and user information to be integrated with third-party applications, databases and reporting systems.

Our identity management solutions are designed to extend these benefits of lower helpdesk costs, increased security and easier implementation of regulatory compliance to an organization’s applications, databases, directories and systems. Identity data, such as names, user ids, passwords, email addresses and phone numbers, that are scattered throughout disparate data systems in an organization are consolidated according to highly customizable business rules into a consistent, accurate profile of each user. Then, using customer-specified policies, appropriate portions of this clean identity data are automatically distributed to all applications and systems that depend upon having accurate, up-to-date information about each user. This reduces the need for manual processes, reducing errors and delays that can add costs and make organizations less secure.

In addition to providing licensed software for installation on customers’ premises, we also offer our messaging solutions as hosted services. This is intended to allow our customers the ability to deploy our solutions in a manner best suited for their needs. Our licensed software and professional consultants enable customers to integrate our products into their other applications and systems and offer a wide range of options for customization.

Our hosted services, delivered and managed in conjunction with the Hewlett-Packard Company, are designed to enable customers to outsource implementation and operation to proven messaging experts. This can allow information technology staff to focus on other efforts, reduce upfront expenses and accelerate deployments as well as provide heightened levels of service at a predictable monthly cost. Our hosted services can also be used as a backup for internal mail systems, enabling rapid restoration of mission-critical email connectivity in the event of a failure of a primary mail system.

Our messaging solutions, available both as licensed software and as hosted services, enable carriers and service providers to market a wide breadth of integrated and messaging services that can increase revenues from consumers and business users. Our customizable messaging applications can be accessed from a wide variety of devices, providing differentiation that helps attract new subscribers, drive additional voice and data traffic, boost average revenue per user, and increase loyalty and retention. Extensive interfaces for integrating with third-party applications and systems help protect existing investments and allow for easier adaptation to future needs. In addition, as a result of scalability and reliability as well as streamlined account manageability, our messaging solutions help carriers and service providers cut both capital and operating costs.


	•	Email – Provides reliable email services that are accessible via wireless devices, the web, and desktop email clients such as Microsoft® Outlook®. Proven in deployments by many major carriers and service providers around the world, including several with installations serving more than 10 million subscribers, we are recognized for scalability and reliability, advanced functionality and integrated anti-virus/anti-spam protection.


	•	Mobile Messaging – Assists wireless carriers to create new revenue opportunities and higher volumes of traffic through integrated email, text messaging, instant messaging and notification services, all accessible via wireless, web and voice-enabled devices as well as standards-based desktop clients. Allows premium services to be delivered over SMS and WAP Push, including rich content, weather, sports, games and high-volume interactive voting.

	•	Personal Information Management – Allows both carriers and service providers to deliver an integrated suite of personal information services including email, calendar, address book, alerts and file sharing via wireless, voice, web and desktop clients. Centralizes and synchronizes personal data across applications and devices to accelerate and simplify deployments, drive usage and consumption of data traffic, increase loyalty and reduce customer churn.

	•	Premium Multimedia Messaging Service (MMS) Enhancements – Allows wireless carriers to extend MMS solutions from our strategic alliances to stimulate higher consumption of data-intensive media, generate greater demand by exposing MMS media to potential new subscribers over the Internet, and improve quality of service. Provides key technology components required for multimedia messaging, including a highly scalable messaging server, centralized address book and sharable multimedia file storage.

	•	Unified Communications – Allows wireless carriers and service providers to offer premium services that combine our rich digital messaging applications with voicemail and faxmail from other companies with whom we have strategic alliances. Provide highly scalable, centralized message store for all types of messages that support customizable classes of service and allows easy integration of third-party services with our broad family of messaging and identity management solutions.

	•	Hosted Messaging – Allows carriers and service providers to offer consumer and business subscribers an extensive suite of messaging services, including email, calendaring, centralized address books, shared files, dynamic alerts and synchronization, with minimal capital expenses or deployment difficulties. Delivered in concert with Hewlett Packard, we combine our effective messaging technology with HP’s experience in world-class infrastructure services to deliver reliable and secure messaging services that offer full customization of branding and selection from a wide range of options. Predictable monthly costs, reliability and professional billing, provisioning and reporting provide hassle-free operations that scale smoothly as the number and needs of subscribers grow.

Our messaging solutions for enterprises and governments, available both as licensed software and as hosted services, can provide a flexible, modern foundation for delivering rich, collaborative messaging services to mobile and distributed workforces at lower cost of ownership than traditional groupware. Our software works in conjunction with existing on-premise messaging systems, allowing organizations to provide the most appropriate level of service and functionality to each set of users while reducing administrative burdens and overall costs. In addition, with built-in support for portal integration, our messaging solutions help organizations extend communications beyond corporate walls to strengthen relationships with customers and partners.

The following is a list of our messaging solutions for enterprises and governments:


	•	Enterprise Messaging Suite – Allows enterprises and governments potentially to reduce overall messaging costs and extend messaging capabilities to remote and geographically dispersed employees, as well as to business partners, suppliers and customers. This suite is designed to provide a streamlined, integrated platform for strategic messaging and collaboration services, such as mobile access, portal integration and web services. Includes integrated email, centralized address books, calendaring, file sharing, dynamic alerts, and synchronization accessible via traditional standards-based desktop clients, wireless devices, voice systems and web browsers. Interoperates with existing messaging systems, allowing incremental deployment and ensuring that each group of users is provided the most appropriate set of features at the lowest cost.


	•	Managed Messaging – Allows enterprises and governments to offer users an extensive suite of messaging services, including email, calendaring, centralized address books, shared files, dynamic alerts and synchronization, that co-exist and interoperate with existing messaging systems. This allows messaging to be extended quickly and easily to underserved users and to geographically distributed groups with minimal capital expenses or deployment headaches. Delivered in concert with HP, we combine our effective messaging technology with HP’s experience in world-class infrastructure services to deliver reliable and secure messaging services that offer full customization of branding and selection from a wide range of options. Predictable monthly costs, 24x7 reliability and professional billing, provisioning and reporting enable hassle-free operations that scale smoothly as the number and needs of users grow. Our Managed Messaging solution can also be used as a backup for internal email systems, providing rapid restoration and disaster recovery in the event of a primary systems failure.

Identity Management Solutions for Enterprises, Governments, Carriers and Service Providers

Our identity management solutions assist enterprises, governments, carriers and service providers in reducing information technology helpdesk and operational costs, provide a foundation for robust security infrastructure and simplify regulatory compliance. Our technology is designed to enable customers to have systematic control over authentication, authorization, access controls, profile management, provisioning, and de-provisioning. In addition, it helps ensure that users’ identities are kept consistent and accurate, that access to systems can be quickly granted, and just as quickly revoked, and that user profiles can be managed and leveraged across distributed, often global, infrastructure. With our solutions, customers can deploy new applications faster and grow or reduce their user populations without compromising service quality.


	•	Data & Directory Integration – Allows organizations to cut costs and improve the accuracy of information by consolidating critical data that is typically scattered throughout various business data systems into centralized profiles of each user. In addition, it allows business rules for updating this data to be established and enforced so that accurate, current information can be distributed to all appropriate applications and systems. This enables applications such as whitepages directories to be deployed easily and reliably and for operating system infrastructure such as Microsoft’s Active Directory to be integrated with services from other vendors.

	•	Profile Management – Allows organizations to cut costs and decrease deployment time for new applications and services by centralizing the administration of user profiles containing identity information. Such accurate user data is crucial for security infrastructure such as single sign-on, PKI, web access control, and consistent personalization of applications.

	•	User Provisioning – Allows organizations to cut costs of administering user accounts and to increase information security by consolidating user profiles and centralizing processes for provisioning and de-provisioning user accounts across applications and systems. Allow employees, contractors, partners and customers to be granted access to crucial information resources, or have access removed, quickly and accurately.

	•	Password Synchronization – Allows organizations to improve security and reduce helpdesk calls by deploying a single password for each user across multiple applications and systems. Administrators can update passwords for all of a user’s applications, databases and operating systems from a central location. Automating such labor-intensive tasks reduces errors and frees up helpdesk staff for other activities, leading to cost savings.

All of our solutions, licensed as well as hosted, are built upon an integrated technology base called the Critical Path Communications Platform. It is designed for high scalability and reliability as well as easy integration, deployment and extensibility.


	•	Broad family of integrated messaging applications that work closely together to share and intelligently process data for use by both consumers and business users.

	•	Identity management that consolidates and integrates user identity information scattered throughout business data systems into centralized, consistent profiles that streamline user account management, enable personalization of communications services, and simplify deployment of security infrastructure.

	•	Anywhere, anytime mobility that enables applications and services to be accessed through a broad range of wireless, web and voice devices as well as with standards-based clients such as Microsoft Outlook.

	•	Modular, extensible design that allows integrated solutions as well as individual components to be deployed incrementally to best meet customers’ needs.

	•	Open, standards-based technology that simplifies integration with current and future infrastructure and third-party applications, minimizing deployment costs and future-proofing investments.

	•	Immense scalability and proven reliability. Our platform is used in demanding carrier, service provider, enterprise, and government environments domestically and internationally, including multiple installations that serve over 10 million users each.

	•	Lowest total cost of ownership at scale. Our efficient use of resources, even in large installations allows customers to take greater advantage of their existing hardware, use less storage space, and require less information technology professionals’ time.

The components of the Critical Path Communications Platform provide a wide range of integrated, customizable solutions. The key parts of the platform, multi-device access, integrated messaging applications and centralized identity management services, are delivered through the following products:

The Access components in the Critical Path Communications Platform manage connectivity of web, wireless, and voice devices to applications. They enable dynamic presentation of customized user interfaces, provide connectivity to external systems, and manage data synchronization.


	•	Critical Path Presentation Server – Standards-based, carrier-class application server that enables the delivery of tightly integrated collaborative applications into a highly customized and personalized interface that differentiates offerings, stimulates usage and provides extensibility for future services. The Presentation Server provides single sign-on, an integrated user interface, dynamic tailoring according to classes of service selected, access via web, wireless and voice devices for our applications. In addition, it enables the integration of third-party applications, providing a common interface for centrally configuring access to virtually any communications service that can be presented on a web or wireless device.

	•	Critical Path Short Message Service (SMS) Access Server – Network-independent, feature-rich gateway between SMS text messaging and Simple Mail Transfer Protocol (SMTP) Internet email. Provides a bridge that connects the various incompatible SMS operator systems to create a single, common environment for delivering enhanced services to drive traffic and create new revenue opportunities. Provides access to our email and address book applications from SMS phones and


		enables third-party applications to send and receive text messages for offering premium content and services such as weather, sports, games, and high-volume online voting.

Our integrated messaging applications work together to share data in order to deliver an improved user experience and provide intelligent processing of messages. For example, a meeting in someone’s calendar can automatically trigger an alert that is dynamically routed to the user via email, wireless, or instant message, depending upon the time of day, subject, or other user-configured attributes. After reading the alert, the user can send instant messages to co-workers listed in his or her personal address book, the same one used by our other messaging applications. By providing these capabilities on an integrated basis reduce complexity of deployments, we can simplify on-going support and reduce the total cost of ownership.


	•	Critical Path Messaging Server – Highly scalable and robust messaging subsystem, offering a wide range of access (web, SMTP, POP3 and IMAP4) with the ability to handle millions of users across a large number of domains at low operating costs. Industry-leading scalability enables more users to be supported on as little as one- fourth as much hardware as competing products. Can be deployed in many different configurations, from single-server deployments up through redundant, globally-distributed installations.

	•	Critical Path Personal Address Book Server – Centralized repository for all contact information used by our messaging applications with support for integrating with third-party applications such as voice dialing. Gives users continuous access to private and shared address information, allowing important phone numbers or email addresses to be quickly obtained from desktop email clients in the office, web browsers at home, or from wireless phones while on the road. Having a single place to keep contact information stimulates greater usage, improves loyalty and simplifies deployment.

	•	Critical Path Calendar Server – Standards-based calendaring application that helps both basic and advanced users effectively manage schedules and tasks. Sophisticated collaboration features enable group scheduling and allow shared access to calendars and task lists, stimulating higher usage, loyalty and retention. Supports traditional desktop synchronization, SyncML and extensible notification capabilities.

	•	Critical Path Internet File Server – Online file storage with support for both private access and secure sharing for enterprise collaboration as well as premium carrier applications such as MMS Photo/ Media Albums that stimulate usage and expose Web-based audiences to the benefits of MMS. Provides web, wireless or voice interfaces as well as access via WebDAV-compliant desktop clients such as Microsoft Windows clients.

	•	Critical Path Notification Server – Automatically generates alerts based on user-specified events in Critical Path and third-party applications. Routes and delivers alert messages via SMS, WAP Push, email, or instant messaging over AOL®, Yahoo!®, MSN®, or Critical Path Instant Messaging. Provides a premium end-user service that increases the value of information stored in other applications.

	•	Critical Path Instant Messaging and Presence Server – Secure instant messaging with presence detection, encryption, wireless phone/ PC interoperability and support for the latest industry standards that enables carriers to build communities of subscribers to drive airtime and increase loyalty.

Our identity management products organize and manage user identity information, such as names, user ids, passwords, email addresses, and telephone numbers, for applications, databases, directories and operating systems. They offer high scalability, supporting hundreds of millions of entries and attributes with a single deployment.


	•	Critical Path Meta-Directory Server – Consolidates user identity information that is scattered among disparate data systems and integrates it according to highly customizable business rules into a consistent, accurate profile for each user. Then, using customer-specified policies, appropriate portions of this clean identity data are automatically distributed to all applications and systems that depend upon having accurate, up-to-date information about each user. This reduces errors and delays that drive up helpdesk costs. Our Meta-Directory is unique in its breadth of pre-built connectors and its support for industry-standard languages such as Java, Perl, XML and DSML, as well as key mainframe and database systems. This frees customers from having to learn proprietary scripting languages and enables them to deploy identity management solutions more rapidly with significantly lower upfront and ongoing costs

	•	Critical Path Directory Server – Provides a highly scalable, central repository for user profile information and other data shared by multiple systems and applications. This high volume LDAP directory is deployed in numerous critical environments, including security infrastructure for enterprise intranets and extranets, online banking services, Internet postal services, telecommunications carriers and government services. Optional hot-standby support provides automatic failover and disaster recovery.

We offer messaging and identity management solutions to enterprises, wireless carriers and telecommunications providers, broadband companies and service providers, and government agencies and postal authorities.


	•	Enterprises. In the face of ever-tightening budgets, enterprises are looking for ways to cut capital expenses and operational costs. In addition, as work forces become more distributed and change more frequently, the need to keep track of employees, contractors, partners and customers and to communicate with them electronically is growing. Our identity management offerings help enterprises cut helpdesk costs and strengthen security infrastructure (particularly for single sign-on and access control for Web-based portals) with solutions for data and directory integration, user profile management, user provisioning and password synchronization. In addition, Critical Path’s messaging solutions, available as licensed software and as hosted services, enable enterprises to reduce the cost of delivering new generations of messaging services while co-existing with Microsoft Exchange and other existing systems.

	•	Wireless Carriers and Telecommunications Providers. After years of investment in new infrastructure and spectrum licenses combined with falling margins for traditional offerings, wireless carriers are extremely focused on driving more revenue on their existing networks. As a result, they are looking for ways to deliver differentiated services that will spur consumption of data and voice traffic, enable new premiums to be charged, attract new subscribers and retain subscribers longer. We offer a broad range of rich, integrated messaging and collaboration applications – available as licensed software and hosted services – that work together to share and process data. With a proven ability to scale up to more than 10 million subscribers per installation and a dedication to open standards that provides extensibility and investment protection, our software enables carriers to deliver a wide range of customized services, such as email, personal information management, premium MMS and SMS services, and unified communications, to both consumers and business users from a single platform.

	•	Broadband Companies and Service Providers. Broadband providers such as cable, satellite and DSL operators are constantly looking to offer differentiated services that can take advantage of the high bandwidth they are providing to their subscribers. Our flexible messaging solutions – available both as licensed software and as hosted services – enable multimedia content to be integrated with rich messaging and collaboration applications to create premium services that attract new subscribers,


		increase loyalty and retain subscribers longer. The extensibility and ease of deployment of our software enables providers to reliably and incrementally roll out new services as their business expands. Our industry-leading scalability handles growing subscriber bases smoothly, and our ability to offer the services either as licensed software or as hosted services gives providers the flexibility to choose the delivery method that best suits their business.

	•	Government Agencies and Postal Authorities. Governments and postal authorities are increasingly becoming providers of digital services, both internally for employees, contractors and suppliers as well as externally to citizens and residents. Delivering services on a national scale to highly distributed users depends upon having strongly-managed identities and robust communications. Our identity management solutions enable agencies to create centralized repositories of identity information for keeping track of which users are allowed access to which services, particularly for Web-based infrastructure. Our messaging solutions are used worldwide, particularly by postal authorities, to provide “email for life.” These messaging solutions, available as licensed software as well as hosted services, can enable agencies to reduce significantly, the cost of providing email, personal information management and collaboration services to users across the country and around the world.

A key element of our sales strategy is to expand distribution channels through strategic reseller or joint sales relationships. These alliances provide access to a greater range of markets and customers by increasing the breadth of offerings that incorporate our products and services.

Current strategic alliances fall into three primary categories: solutions integrators, systems integrators and solution providers:


	•	Solutions Integrators – We are allied with a select group of companies who act as both a system integrator and a solution provider for their customers. These integrators combine our products and their own along with extensive consulting services to deliver broad and deep world-class solutions to their customers. We actively assist these companies in marketing and selling our offerings. Strategic alliance partners in this category include: Hewlett-Packard Company, SAIC, and EMC Corporation.

	•	Systems Integrators – For many large telecommunications carriers and enterprises, our offerings are part of a larger solution. To provide the level of service required to bring together and implement such larger offerings, particularly for customers who require global coverage, we have allied with a number of the leading systems integrators in the industry, including Cap Gemini Ernst & Young, Accenture, Bearingpoint, EDS Corporation, PriceWaterhouseCoopers LLP, and Deloitte & Touche.

	•	Solution Providers – Our technology is embedded into the solutions sold by a variety of companies. These relationships enable our products to address a wider range of needs and, in many cases, provide access for follow-on sales of our other products. Key strategic alliance partners in this category include LogicaCMG Plc, Comverse Technology, Inc., Nokia Corporation, CTI Square Ltd., Mediagate and Entrust, Inc.

Information regarding customers and sales by geographic area is included in Note 20 of Notes to Consolidated Financial Statements — Product and Geographic Information.

Direct Sales. We maintain a direct sales force to introduce prospective customers and channel partners to our products and services and to work in tandem with our business partners. Our worldwide direct sales team is organized around our target markets in each of our key geographic regions. Currently, we have sales staff located in domestic offices in or near San Francisco, Los Angeles, Washington D.C., Boston and a variety of other cities throughout the United States. Internationally we have members of our sales organization

Channel Sales. We actively embrace sales alliances with specialized technology and service firms in a variety of channels in order to increase our presence and share in our target markets. Our flexible, customizable solutions are well suited for these firms and channel delivery, offering numerous opportunities for adding value through consulting services and integration with complementary products. We team with Global System Integrators (GSIs), Independent Software Vendors (ISVs), Original Equipment Manufacturers (OEMs) and Hardware vendors that have strong industry backgrounds and market presence in their respective markets and geographic regions. In addition, we maintain relationships to resell its products and services throughout most of Asia and Latin America.

Marketing Strategies. Our global marketing team is focused on lead generation sales support and public relations to better equip our sales force and companies with whom we have sales alliances and to educate our key markets about the business value of our messaging and identity management solutions. We intend to continue to focus on targeted industry events, particularly in conjunction with our strategic alliances, to promote our brand presence and acquire customers.

We offer a broad range of solutions; we are not aware of a single company that directly competes with every one of our products and services. Instead, we face a different set of competitors in each of our lines of business. Our messaging solutions compete against offerings from Openwave Systems Inc., Sun Microsystems’ Sun ONE software division (formerly iPlanet), Oracle Corporation, Microsoft Corporation, IBM Corporation’s Lotus division and Mirapoint Inc. as well as with a variety of smaller product suppliers. In the identity management market, we compete primarily with Sun Microsystems’ Sun ONE software division (formerly iPlanet), IBM Corporation, Microsoft Corporation, Novell Corporation, Siemens Corporation as well as various small identity management application vendors. In the market for outsourced hosted email services, we compete with such corporations as EasyLink Services Corporation (formerly Mail.com), CommTouch Corporation, USA.net and other smaller application service providers offering hosted Microsoft Exchange services.

While these competitors and others exist in each of our individual lines of business, we believe our overall solution of products and services serves as a competitive advantage. Our customers can easily integrate our broad range of products into their infrastructure, selecting multiple products and services from us as their requirements demand. In addition, our ability to deliver our messaging solutions either as licensed software or as hosted solutions enables our customers to choose the most efficient model for different parts of their business.

We believe that competitive factors affecting the market for our digital communications solutions include:


	•	breadth of platform features and functionality;

	•	ease of integration into customers’ existing applications and systems;

	•	scalability, reliability, performance and ease of expansion and upgrade;

	•	ability to extensively customize, personalize and tailor solutions to different classes of users across multiple markets;

	•	flexibility to enable customers to manage certain aspects of their systems internally and leverage outsourced services in other cases when resources, costs and time to market reasons favor an outsourced offering; and

	•	total cost of ownership and operation.

The relative importance of each of these factors depends upon the specific customer environment. Although we believe that our products and services currently compete favorably with respect to such factors, we may not be able to maintain our competitive position against current and potential competitors.

We believe competition will increase as current competitors increase the sophistication of their offerings and as new participants enter the market. Many current and potential competitors have longer operating histories, larger customer bases, greater brand recognition and significantly greater financial, marketing and other resources than we do and may enter into strategic or commercial relationships with larger, more established and better-financed companies. Any delay in the development or introduction of products or services or updates, would also allow additional time for our competitors to improve their service or product offerings, and for new competitors to develop messaging and identity management products and services for our target markets. Increased competition could result in pricing pressures, reduced operating margins and loss of market share, any of which could cause our business to suffer.

Our core expertise is in highly scalable, open systems-based digital communications software that integrates easily with customers’ existing infrastructure. Our technology, called the Critical Path Communications Platform, provides an extensible set of access, messaging, and identity management services that allow us to deliver a wide range of solutions to enterprises, government agencies and service providers from a single technology base.

All of the components of the Critical Path Communications Platform are designed to support mission-critical business environments. Our high performance, scalable and reliable servers operate in installations ranging from hundreds of thousands to tens of millions of users. Our components include a range of tools and software development kits (SDKs) that provide extensive customization and easy integration with third-party technologies. These components can be used on a standalone basis or together in many combinations, enabling us to deliver very flexible solutions. The Critical Path Communications Platform operates on Sun Microsystems’ Solaris, Microsoft’s Windows NT/2000 and HP’s HP-UX operating systems, with additional support for various components on IBM’s AIX and Red Hat’s distribution of the Linux operating systems.

We separate the construction and presentation of user interfaces for each application into a separate, highly extensible application server framework called Presentation Server. This approach enables the creation of customized, personalized application user interfaces to Communications Platform components and third party technologies through a powerful SDK. It offers mixed mode communications, so that services can be accessed from a multitude of devices ranging from the desktop, laptop, PDA, mobile handset or telephone using text, voice, and video. The Presentation Server is based on Java 2 Enterprise Edition (J2EE) and Java Server Pages (JSP) technologies, and supports Hypertext Markup Language (HTML), Wireless Markup Language (WML), VoiceXML and a range of other interface markup languages.

Alongside our Presentation Server is our Short Message Service Access Server, a powerful application framework that enables the development of premium text messaging applications that send Short Message Service (SMS) messages. The SMS Access Server includes an application development SDK (SMASI) that applications can use to drive SMS traffic through all of the major SMS Center (SMSC) operations software systems. Our SMS Access Server also includes WAP Push support to enable next generation wireless applications like premium Multimedia Messaging Service (MMS) services.

We believe we offer the industry’s most scalable, most reliable messaging infrastructure. Our Messaging Server, a highly scalable, standards-based, messaging server enables services from Email to Unified Messaging and next generation Multimedia Messaging Services through its powerful native IMAP mail store and SMTP

relay. Its advanced architecture allows single or multiple domains to be split over multiple servers, distributed geographically as well as setup as clusters. It also has support for security features including secure-socket-layer (SSL), anti-virus and anti-spam.

Built on top of our core messaging technology are a series of applications that provide personal information management and collaboration services. Our Personal Address Book provides centralized storage of contact information for all messaging applications (both from Critical Path as well as from third parties), enabling customers to consolidate multiple address books into a single service. Our Calendar offers sophisticated sharing, group scheduling and availability lookup needed by both consumers and business users. Our Internet File Server provides global sharing of files, both for enterprise collaboration and for extending MMS multimedia files to the web for easy storage and sharing. Our Instant Messaging and Presence offers highly scalable instant messaging for personal computers, web, and mobile devices using the new Wireless Village industry standard. Our messaging applications utilize a centralized Notification Server to generate and dynamically route alert messages to the user over email, text messaging or instant messaging.

Mission critical applications such as messaging depend upon having reliable user identity information. Our Meta-Directory software is designed to consolidate and integrate data from disparate systems according to highly customizable business rules into accurate, centralized profiles of each user. This enables user/resource provisioning, keeping information consistent between various messaging and business systems, and is designed to improve security, data integrity and reduce overall administration cost. At the core of our technology is the join engine, with plug-ins that connect to various business systems, including the various components of the Critical Path Communications Platform. Our Meta-Directory comes with the connectors for industry’s widest range of systems including Sybase’s SQL Server, Microsoft’s Exchange, Lotus’ Notes, and products from Oracle Corporation, Peoplesoft Corporation, Siebel Systems and mainframe applications. It also connects to all of the major directory systems on the market, including Critical Path’s Directory Server, Microsoft’s Active Directory, Novell’s eDirectory and iPlanet’s Directory Server. Meta-Directory also includes a powerful SDK that enables the development of custom connectors using Perl, Java and XML, freeing customers from having to learn proprietary scripting languages.

The Critical Path Directory Server provides a common store of user or resource information that can be accessed via standard LDAP and X.500 protocols. The Directory can be used to store user profiles, digital certificates from PKI software and eBusiness systems. The Directory can be distributed over multiple systems to provide improved performance and ease of replication and updates. Critical Path’s Directory and Meta-Directory both incorporate security technology like SSL for secure transport and authentication.

Complementing our Directory and Meta-Directory, the Critical Path System Console provides systems management functionality to the Critical Path Communications Platform. This includes system start/stop, systems monitoring, and configuration. Our Systems Console uses Sun JDMK technology and is designed to be interoperable with SNMP standards-based systems like HP’s OpenView.

We offer our messaging technology both in licensed form for on-premise deployment and a hosted service, managed in conjunction with our partner HP in their world-class data centers. Our hosted messaging service offers standards-based email service for carriers and service providers, Web hosting companies, Web portals and corporate enterprises providing accounts to their end-users for activities such as trading securities, shopping or participating in online communities. We have developed proprietary load balancing, account provisioning and management software that complements our proven messaging applications.

Our hosted messaging service is comprised of multiple groups of servers and routers acting as a single, virtual point of contact to customers for messaging services. These systems are managed by HP, enabling us to offer customers strong service level agreements, 24x7 helpdesk support, and easy expansion around the globe.

All aspects of our hosted messaging service are in turn deployed in a redundant configuration with the goal that if any process or system goes down, another will be available to handle customer traffic seamlessly. This behavior is called “transparent failover” and is designed to increase the availability of messaging services to the customer. Our hosted messaging service also includes a dynamic load-balancing system that acts as proxy servers for firewall safety. The load balancers are configured in parallel so that if one goes down, the load is transferred to the remaining systems. We have created a proprietary account provisioning protocol for account creation and maintenance. This enables account transitioning from other services or legacy systems to be bulk-loaded, tested, replicated and deployed on our service automatically. This protocol addresses a critical time to market issue by enabling organizations to quickly transition to the new standards-based email service with minimal down-time and degradation to their existing internal systems. In addition, it can be used by customers and partners to facilitate automatic account sign-ups from web sites, typically in less than three minutes.

Data Centers. Our hardware for operating production services currently is located in three data centers, although we are in the process of migrating our data center operations and management to HP. With multiple high-speed connections to diverse backbone providers and robust network architecture, we aim to eliminate single points of failure, thus reducing the likelihood that our customers will suffer downtime as a result of network outages. Our backbone architecture and interconnect strategy consists of multiple clear channel OC-3 and DS-3 circuits. We currently have bilateral peering arrangements in place with over 35 networks. Our data centers feature redundant systems for power, raised floors, HVAC temperature control systems, seismically braced racks, fire protection, and physical security and surveillance 24 hours a day, seven days a week.

Security. We have a diverse set of firewall solutions that are specifically tailored for each of our hosted services, reducing the likelihood of security breaches. To enhance security for our network, our staff members monitor the network hardware 24 hours a day, seven days a week. Suspicious activity is reported and investigated immediately.

Spam and Viruses. Our messaging services include Spam Blocking to guard against unsolicited commercial email and Virus Scanning to prevent the spread of Internet viruses and worms. Our message filtering technology has been enhanced with partnerships with Brightmail and Symantec, allowing our hosted messaging customers to benefit from new spam and virus filters as they are created in response to attacks worldwide.

Our products and services are primarily based on systems that were internally developed or acquired through acquisitions. We must continually improve these systems to accommodate the level of use of our products and services. In addition, we may add new features and functionality to our products and services that could result in the need to develop, license or integrate additional technologies. Our inability to add additional software and hardware or to upgrade our technology or network infrastructure could have adverse consequences, which include service interruptions, impaired quality of the users’ experience and the diversion of development resources. Our failure to provide new features or functionality to our products and services also could result in these consequences. We may not be able to effectively upgrade and expand our systems in a timely manner or to integrate smoothly any newly developed or purchased technologies with our existing systems. These difficulties could harm or limit our ability to improve our business.

We invested $31.0 million in research and development in 2000, $30.7 million in 2001 and $19.6 million in 2002 and stock-based compensation expense of $3.4 million in 2000, $3.7 million in 2001, and $1.2 million in 2002. Additionally, we incurred $3.7 million of in-process research and development expense in 2000 related to technologies acquired through two of our acquisitions. We anticipate that we will continue to devote significant resources to product development in the future as we add new features and functionality to our products and services. The market in which we compete is characterized by rapidly changing technology, evolving industry standards, frequent new service and product announcements, introductions and enhancements and changing customer demands. Accordingly, our future success will depend on our ability to adapt to rapidly changing technologies, to adapt our services to evolving industry standards and to continually improve

the performance, features and reliability of our products and services. The failure to adapt to such changes would harm our business. In addition, the widespread adoption of new Internet, networking or telecommunications technologies or other technological changes could require us to undertake substantial expenditures to modify or adapt our services or infrastructure.

We regard the protection of our trade secrets, patents, patent applications, copyrights and trademarks as critical to our success. We rely on a combination of statute, common law and contractual restrictions to establish and protect our proprietary rights and developed intellectual property in our product and service offerings. We have entered into proprietary information and invention assignment agreements with our employees, contractors and consultants, and nondisclosure agreements with customers, partners and third parties to whom we disclose confidential and proprietary information. Despite our efforts in this regard, former employees or third parties may infringe or misappropriate our proprietary rights that could harm our business. The validity, enforceability and scope of protection of our intellectual property can be tested and in some areas is still evolving.

We have registered and used as a trademark “Critical Path” in the United States. We have also registered and used “Critical Path” in a variety of foreign countries where we have operations or do business. We plan to continue to enforce that mark and other trademarks in both the United States and internationally, although protection of the marks cannot be assured.

We license our software and proprietary service offerings and despite all efforts to protect that property and ensure the quality of our brand and patented or copyrighted products or processes, current or future licensees could take actions that might harm the value of our intellectual property portfolio, our brand or reputation.

We have been involved in claims by third parties of patent, copyright and trademark infringement against us in the past. Any claim like this, regardless of the merits, could be time consuming to defend, result in costly and distracting litigation, cause delays in rollouts of services, products or updates or require us to enter into licensing agreements with third parties. Such licensing agreements may include payment of significant royalties or may not be available to us on commercially reasonable terms. Additionally, enforcing our intellectual property rights could entail significant expense, with such costs also potentially harming our results of operations.

At December 31, 2002, we had 577 employees, including 182 in operations, 144 in sales and marketing, 163 in research and development and 88 in general corporate and administration. In January 2003, we announced additional restructuring resulting in a reduction in force, which will take place over the first half of 2003, of approximately 175 employees or 30 percent of the workforce as of December 31, 2002. Our future success depends, in significant part, upon the continued service of our key technical and senior management personnel and our continuing ability to attract and retain highly qualified and experienced technical, sales and managerial personnel. Competition for such personnel can be intense, and we cannot guarantee that we can retain our key technical and managerial employees or that we will be able to attract, assimilate or retain other highly qualified technical, sales and managerial personnel in the future. None of our employees are represented by a labor union. We have not experienced any work stoppages and consider our relations with our employees to be good.

Although there are currently a limited number of laws and regulations directly applicable to the Internet and the operation of commercial messaging services, it is probable that laws and regulations will continue to be adopted with respect to the Internet or commercial email services covering issues such as user privacy, pricing, content, copyrights, distribution, antitrust and characteristics and quality of products and services. Further, the growth and development of the market for online email may prompt calls for more stringent consumer and

copyright protection and privacy laws that may impose additional burdens on those companies conducting business online. The adoption of any additional laws or regulations may impair the growth of the Internet or commercial online services, which could, in turn, decrease the demand for our products and services and increase our cost of doing business, or otherwise harm our business, operating results and financial condition. Moreover, the applicability to the Internet of existing laws in various jurisdictions governing issues such as property ownership, sales and other taxes, libel and personal privacy is uncertain and may take years to resolve. Any such new legislation or regulation, the application of laws and regulations from jurisdictions whose laws do not currently apply to our business or the application of existing laws and regulations to the Internet could harm our business, operating results and financial condition.

Certain of our service offerings include operations subject to the Digital Millenium Copyright Act of 1998. We have expended resources and implemented processes and controls in order to remain in compliance with DMCA, but there can be no assurance that our efforts will be sufficient and/or new legislation and case law will not affect the operation of and liability associated with a portion of our services.

In addition, the applicability of laws and regulations directly applicable to the businesses of our customers, particularly customers in the fields of banking and health care, will continue to affect us. The security of information about our customers’ end-users continues to be an area where a variety of laws and regulations with respect to privacy and confidentiality are enacted. As our customers implement the protections and prohibitions with respect to the transmission of end-user data, our customers will look to us to assist them in remaining in compliance with this evolving area of regulation. In particular the Gramm-Leach-Blilely Act contains restrictions with respect to the use and protection of banking records for end-users whose information may pass through our system.

A summary of domestic and international financial data is set forth in Note 20 to the Consolidated Financial Statements in Item 8, which is incorporated herein by reference. A discussion of factors potentially affecting our domestic and international operations is set forth in “Management’s Discussion and Analysis of Financial Condition and Results of Operations — Additional Factors that May Affect Future Operating Results,” in item 7, which is incorporated herein by reference.

Our corporate headquarters as well as primary operations and development activities are located in one office building in San Francisco, California. The Company currently occupies a total of 63,467 square feet in this building, under a lease that expires on March 25, 2012.

In addition to this principal location, we currently occupy a 24,300 square foot building in Dublin, Ireland under a lease expiring on July 14, 2014. We lease additional facilities in Brazil, Canada, France, Germany, Ireland, Italy, Japan, Malaysia, Spain, Sweden, Switzerland, the United Kingdom and certain cities in the United States. We continually evaluate the adequacy of our existing facilities, and we believe that the current facilities are suitable for our needs for at least the next 12 months, or that additional space will be available on commercially reasonable terms, if necessary.

We are a party to lawsuits in the normal course of our business. Litigation in general, and securities and intellectual property litigation in particular, can be expensive and disruptive to normal business operations. Moreover, the results of complex legal proceedings are difficult to predict. Other than as described below, we are not a party to any other material legal proceedings.

Securities Action in Northern District of California. On April 30, 2002, MBCP PeerLogic LLC and other named plaintiffs filed suit in the U.S. District Court for the Southern District of New York against Critical Path and certain of its former officers. The plaintiff shareholders had opted out of a shareholder litigation settlement that was approved by the U.S. District Court for the Northern District of California. The

complaint alleged breach of contract, unjust enrichment, common law fraud and violations of federal securities laws and seeks compensatory and punitive damages in an unnamed amount but in excess of $200 million. The case has been transferred to the U.S. District Court for the Northern District of California. Litigation in this matter is ongoing.

Securities and Exchange Commission Investigation. In 2001, the Securities and Exchange Commission (the “SEC”) investigated Critical Path and certain former officers, employees and directors with respect to non-specified accounting matters, financial reports, other public disclosures and trading activity in our securities. The SEC concluded its investigation of us in January 2002 with no imposition of fines or penalties and, without admitting or denying liability, the Company consented to a cease and desist order and an administrative order as to violation of certain non-fraud provisions of the federal securities laws. The investigation has also thus far resulted in charges being filed against five former officers and employees. We believe that the investigation of former officers and employees may continue; and while we continue to fully cooperate with any requests with respect to such investigation, we do not know the status of such investigation.

Derivative Actions in Northern District of California. Beginning on February 5, 2001, Critical Path was named as a nominal defendant in a number of derivative actions, purportedly brought on our behalf, filed in the Superior Court of the State of California and in the U.S. District Court for the Northern District of California. The derivative complaints alleged that certain former officers and directors breached their fiduciary duties, engaged in abuses of control, were unjustly enriched by sales of our common stock, engaged in insider trading in violation of California law or published false financial information in violation of California law. We are currently working with plaintiffs’ counsel to finalize execution of the terms of the settlement of this matter.

Securities Class Action in Southern District of New York. Beginning on July 18, 2001, a number of securities class action complaints were filed against us, and certain former officers and directors and underwriters connected with the initial public offering of our common stock in the U.S. District Court for the Southern District of New York (In re Initial Public Offering Sec. Litig.). The purported class action complaints were filed by individuals who allege that they purchased common stock at the initial public offering of common stock between March 26, 1999 and December 6, 2000. The complaints allege generally that the Prospectus under which such securities were sold contained false and misleading statements with respect to discounts and commissions received by the underwriters. The over 1,000 complaints have been consolidated into a single action. The complaints seek an unspecified amount in damages on behalf of persons who purchased our stock during the specified period. Similar complaints have been filed against 55 underwriters and more than 300 other companies and other individuals. Pretrial motions and discovery was stayed pending a ruling on a motion to dismiss the claims by defendants. On February 19, 2003, the court issued an opinion refusing to dismiss claims against the defendants in the case except in certain limited circumstances which did not apply to Critical Path or its then officers and directors.

Lease Dispute. In July 2000, PeerLogic, Inc. signed a lease for office space in San Francisco, California. In December 2000, we acquired PeerLogic as a wholly-owned subsidiary. After review, we determined that local zoning laws likely prohibited a business such as our company or PeerLogic from occupying the leased premises, and promptly sought a zoning determination from the San Francisco Zoning Administrator to resolve the matter. The Zoning Administrator determined that the proposed use of the leased premises was not permitted, but the landlord appealed this determination and prevailed before the San Francisco Board of Appeals. We requested a rehearing on the matter, which the Board of Appeals denied. In April 2002, the landlord filed suit in San Francisco Superior Court against us alleging, among other things, breach of the lease. In its complaint, the landlord sought unspecified compensatory damages for back rent, attorneys’ fees, treble damages under relevant statutes, and unspecified punitive damages. A number of the landlord’s claims of damages were struck by the court in response to our motion to strike. The landlord filed an amended complaint in September 2002. In January 2003, the court again dismissed a number of the landlord’s claims, including all requests for punitive damages. In a related matter in July 2002, we filed a separate Petition for Writ of Administrative Mandamus with the San Francisco Superior Court, requesting that the Board of Appeals’ decision be reversed and/or remanded for rehearing by the Board of Appeals, with instructions from the court. Litigation in this matter is also ongoing.

The uncertainty associated with these and other unresolved or threatened lawsuits could seriously harm our business and financial condition. In particular, the lawsuits or the ling


(Mark One)
x		ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the fiscal year ended: December 31, 2002
OR

o		TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934


California (State or other jurisdiction of incorporation or organization)		911788300 (I.R.S. Employer Identification Number)

350 The Embarcadero San Francisco, California (address of principal executive offices)		94105 (zip code)


PART I
	Item 1.Business
	Item 2.Properties
	Item 3.Legal Proceedings
	Item 4.Submission of Matters to a Vote of Security Holders
PART II
	Item 5. Market for Registrant’s Common Equity and Related Shareholder Matters
	Item 6.Selected Financial Data
	Item 7.Management’s Discussion and Analysis of Financial Condition and Results of Operations
	Item 7A.Quantitative and Qualitative Disclosures About Market Risk
	Item 8.Financial Statements and Supplemental Data
	Item 9.Changes in and Disagreements with Accountants on Accounting and Financial Disclosure
PART III
	Item 10.Directors and Executive Officers of the Registrant
	Item 11.Executive Compensation
	Item 12.Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters
	Item 13.Certain Relationships and Related Party Transactions
	Item 14.Controls and Procedures
PART IV
	Item 15.Exhibits, Financial Statement Schedules and Reports on Form 8-K
Exhibit 10.27
Exhibit 10.28
Exhibit 10.29
Exhibit 10.30
Exhibit 10.31
Exhibit 10.32
Exhibit 10.33
Exhibit 10.35
Exhibit 10.36
Exhibit 10.38
Exhibit 21.1
Exhibit 23.1
Exhibit 99.1
Exhibit 99.2


		Page

PART I
Item 1.	Business		3
Item 2.	Properties		19
Item 3.	Legal		19
Item 4.	Submission of Matters to a Vote of Security Holders		21
PART II
Item 5.	Market for Registrant’s Common Equity and Related Shareholder Matters		21
Item 6	Selected Financial Data		22
Item 7.	Management’s Discussion and Analysis of Financial Condition and Results of Operations		23
Item 7A	Quantitative and Qualitative Disclosures About Market Risk		60
Item 8.	Financial Statements and Supplemental Data		60
Item 9.	Changes in and Disagreements with Accountants on Accounting and Financial Disclosure		60
PART III
Item 10.	Directors and Executive Officers of the Registrant		61
Item 11.	Executive Compensation		63
Item 12.	Security Ownership of Certain Beneficial Owners and Management		63
Item 13.	Certain Relationships and Related Party Transactions		63
Item 14.	Controls and Procedures		63
PART IV
Item 15.	Exhibits, Financial Statement Schedules and Reports on Form 8-K		64

Table of Contents

Table of Contents

Table of Contents

Table of Contents

Table of Contents

Table of Contents

Table of Contents

Table of Contents

Table of Contents

Table of Contents

Table of Contents

Table of Contents

Table of Contents

Table of Contents

Table of Contents

Table of Contents

Table of Contents

Table of Contents

Table of Contents

Table of Contents

Table of Contents