Exhibit 99.1

Unless the content otherwise requires, the terms “Zoom,” “company,” “our,” “us,” and “we” in this Exhibit 99.1 refer to Zoom Video Communications, Inc. and where appropriate our consolidated subsidiaries.

SELECTED RISKS AFFECTING OUR BUSINESS

Investing in our Class A common stock involves numerous risks, including the risks described in “Risk Factors” below. Below are some of these risks, any one of which could materially adversely affect our business, financial condition, results of operations, and prospects.

RISK FACTORS

Investing in our securities involves a high degree of risk. You should carefully consider the risks and uncertainties described below, as well as the other information contained in our most recent Annual Report on Form 10-K, our most recent Quarterly Report on Form 10-Q, including the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our condensed consolidated financial statements and related notes, before making a decision to invest in our securities. The risks and uncertainties described below may not be the only ones we face. If any of the risks actually occur, our business could be materially and adversely affected. In that event, the market price of our Class A common stock could decline, and you could lose part or all of your investment.

Risks Related to Our Business and Our Industry

Our business depends on our ability to attract new customers and hosts, retain and upsell additional products to existing customers, and upgrade free hosts to our paid offerings. Any decline in new customers and hosts, renewals, or upgrades would harm our business.

Our business depends upon our ability to attract new customers and hosts, and maintain and expand our relationships with our customers and hosts, including upselling additional products to our existing customers and upgrading hosts to a paid Zoom Meeting plan. A host is any user of our video-first communications platform who initiates a Zoom Meeting and invites one or more participants to join that meeting. We refer to hosts who subscribe to a paid Zoom Meeting plan as “paid hosts.”

Our business is subscription based, and customers are not obligated to, and may choose not to, renew their subscriptions after their existing subscriptions expire. As a result, we cannot provide assurance that customers will renew their subscriptions utilizing the same tier of their Zoom Meeting plan, upgrade to a higher-priced tier, or purchase additional products, if they renew at all. Renewals of subscriptions to our platform may decline or fluctuate because of several factors, such as dissatisfaction with our products and support, a customer or host no longer having a need for our products, including any new customers or hosts that have subscribed to our services during the COVID-19 pandemic that may subsequently reduce or discontinue their use after the impact of the pandemic has tapered, or the perception that competitive products provide better, more secure, or less expensive options. In addition, some customers downgrade their Zoom Meeting plan or do not renew their subscriptions. Furthermore, as a result of the

increased usage of our platform during the COVID-19 pandemic, our customer base has shifted from largely businesses and enterprises to a mix of businesses, enterprises, and consumers. This shift in mix could result in higher non-renewal rates than we have experienced in the past. We must continually add new customers and hosts to grow our business beyond our current user base and to replace customers and hosts who choose not to continue to use our platform. Finally, any decrease in user satisfaction with our products or support would harm our brand, word-of-mouth referrals, and ability to grow.

We encourage customers to purchase additional products and encourage hosts to upgrade to our paid offerings by recommending additional features and through in-product prompts and notifications. Additionally, we seek to expand within organizations by adding new hosts, having workplaces purchase additional products, or expanding the use of Zoom into other teams and departments within an organization. At the same time, we strive to demonstrate the value of our platform and various product offerings to those hosts that subscribe to our free Zoom Meeting plan, thereby encouraging them to upgrade to a paid Zoom Meeting plan. However, a majority of these hosts, including those that recently subscribed to our free plan during the COVID-19 pandemic as a result of shelter-in-place and work-from-home mandates, may never upgrade to a paid Zoom Meeting plan. If we fail to upsell our customers or upgrade hosts of our free Zoom Meeting plan to paid subscriptions or expand the number of paid hosts within organizations, our business would be harmed.

In addition, our user growth rate may slow or decline in the future as our market penetration rates increase and we turn our focus to upgrading our free hosts to a paid Zoom Meeting plan rather than growing the total number of users. If we are not able to continue to expand our user base, our revenue may grow more slowly than expected or decline. Similar to the uncertainty of customers renewing their subscriptions or hosts upgrading to a paid Zoom Meeting plan, we expect our user growth rate to slow or decline once the impact of the COVID-19 pandemic tapers, particularly as a vaccine becomes widely available, and users return to work or school or are otherwise no longer subject to shelter-in-place mandates.

We have a limited operating history, which makes it difficult to evaluate our prospects and future results of operations.

We were incorporated in 2011. As a result of our limited operating history, our ability to forecast our future results of operations is limited and subject to a number of uncertainties, including our ability to plan for and model future growth and expenses. Our historical revenue growth should not be considered indicative of our future performance. Further, in future periods, our revenue growth could slow or our revenue could decline for a number of reasons, including any reduction in demand for our platform; increased competition; contraction of our overall market; our inability to accurately forecast demand for our platform and plan for capacity constraints; or our failure, for any reason, to capitalize on growth opportunities. The COVID-19 pandemic has also made it difficult to forecast revenue, costs, and expenses, as our platform has recently faced unprecedented usage from free users and new and existing customers, requiring us to devote significant resources to bolster our capacity and infrastructure. We have encountered and will encounter risks and uncertainties frequently experienced by growing companies in rapidly changing industries, such as the risks and uncertainties described herein. If our assumptions regarding these risks and uncertainties, which we use to plan our business, are incorrect or change, or if we do not address these risks successfully, our business would be harmed.

Interruptions, delays, or outages in service from our co-located data centers and a variety of other factors, including increased usage stemming from the COVID-19 pandemic, would impair the delivery of our services, require us to issue credits or pay penalties, and harm our business.

We currently serve our users from various co-located data centers located throughout the world. We also utilize Amazon Web Services and Oracle Cloud for the hosting of certain critical aspects of our business, as well as Microsoft Azure for limited customer-specified managed services. As part of our distributed meeting architecture, we establish private links between data centers that automatically transfer data between various data centers in order to optimize performance on our platform. Damage to, or failure of, these data centers has in the past resulted in and could in the future result in interruptions or delays in our services. In addition, we have experienced, and may in the future experience, other interruptions and delays in our services caused by a variety of other factors, including, but not limited to, infrastructure changes, vendor issues, human or software errors, viruses, security attacks, ransomware or cyber extortion, fraud, general internet availability issues, spikes in usage, and denial of service issues. In some instances, we may not be able to identify the cause or causes of these problems within an acceptable period of time. For example, we have experienced partial outages in our services that impacted a subset of our users for a limited number of hours. Additionally, in connection with the addition of new data centers or expansion or consolidation of our existing data

center facilities or other reasons, we may move or transfer our data and our users’ metadata to other data centers, not including our China data center. Despite precautions that we take during this process, any unsuccessful data transfers may impair or cause disruptions in the delivery of our service, and we may incur significant costs in connection with any such move or transfer. Interruptions, delays, or outages in our services would reduce our revenue; may require us to issue credits or pay penalties; may subject us to claims and litigation; and may cause customers and hosts to terminate their subscriptions and adversely affect our ability to attract new customers and hosts. Our ability to attract and retain customers and hosts depends on our ability to provide customers and hosts with a highly reliable platform and even minor interruptions or delays in our services could harm our business.

Additionally, if our data centers are unable to keep up with our increasing needs for capacity, including increased usage stemming from the COVID-19 pandemic, customers may experience delays or interruptions in service as we seek to obtain additional capacity, which could result in the loss of customers who use our video-first communications platform because of its reliability and performance. We plan to continue our practice of opening new data centers to meet increased demand, but we may be unable to bring additional data centers online in a timely manner, including as a result of current shortages for certain parts, such as servers. In addition, to meet short-term capacity needs, we may need to rely increasingly on public cloud providers, including Amazon Web Services and Oracle Cloud, which may result in higher variable costs and harm our business, financial condition, and operating results.

We do not control, or in some cases have limited control over, the operation of the co-located data center facilities we use, and they are vulnerable to damage or interruption from human error; intentional bad acts; earthquakes; floods; fires; hurricanes; war; terrorist attacks; power losses; hardware failures; systems failures; telecommunications failures; disease, such as the COVID-19 pandemic; and similar events, any of which could disrupt our service. In the event of significant physical damage to one of these data centers, it may take a significant period of time to achieve full resumption of our services and our disaster recovery planning may not account for all eventualities. Despite precautions taken at these facilities, the occurrence of a natural disaster, an act of terrorism, or other act of malfeasance, a decision to close the facilities without adequate notice or other unanticipated problems at the facilities would harm our business.

We operate in competitive markets, and we must continue to compete effectively.

The market for communication and collaboration technologies platforms is competitive and rapidly changing. Certain features of our current platform compete in the communication and collaboration technologies market with products offered by:

Other large established companies may also make investments in video communications tools. In addition, as we introduce new products and services, and with the introduction of new technologies and market entrants, we expect competition to intensify in the future. For example, we recently introduced Zoom Phone, a cloud phone system that allows customers to replace their existing PBX solution, which will result in increased competition against companies that offer similar services and new competitors that may enter that market in the future. Also, in connection with the travel restrictions and stay-in-place policies resulting from the COVID-19 pandemic, we have seen a significant increase in usage and subscriptions from smaller customers, many of whom are consumers or small and medium sized businesses. With respect to these smaller customers, we face competition from more consumer-oriented platforms, most of which have more experience with the consumer market than we do. Further, many of our actual and potential competitors benefit from competitive advantages over us, such as greater name recognition; longer operating histories; more varied products and services; larger marketing budgets; more established marketing relationships; third-party integration; greater accessibility across devices or applications; access to larger user bases; major distribution agreements with hardware manufacturers and resellers; and greater financial, technical, and other resources. Some of our competitors may make acquisitions or enter into strategic relationships to offer a broader range of products and services than we do. These combinations may make it more difficult for us to compete effectively. We expect these trends to continue as competitors attempt to strengthen or maintain their market positions.

Demand for our platform is also price sensitive. Many factors, including our marketing, user acquisition, and technology costs, and our current and future competitors’ pricing and marketing strategies, can significantly affect our pricing strategies. Certain competitors offer, or may in the future offer, lower-priced or free products, or services that compete with our platform, or may bundle and offer a broader range of products and services than we do. Similarly, certain competitors may use marketing strategies that enable them to acquire customers at a lower cost than we can. Furthermore, third parties could build products similar to ours that rely on open source software. Even if such products do not include all the features and functionality that our platform provides, we could face pricing pressure from these third parties to the extent that users find such alternative products to be sufficient to meet their video communications needs. There can be no assurance that we will not be forced to engage in price-cutting initiatives or other discounts or to increase our marketing and other expenses to attract and retain customers in response to competitive pressures, either of which would harm our business. We, on occasion, offer new customers a free period of time at the beginning of the subscription term that can result in deferred billings or long-term accounts receivable and increase the risk of loss on uncollected accounts receivable.

We may not be able to sustain our revenue growth rate in the future.

We have experienced significant revenue growth in prior periods. You should not rely on the revenue growth of any prior quarterly or annual period as an indication of our future performance. We expect our revenue growth rate to generally decline in future periods. Many factors may contribute to declines in our growth rate, including higher market penetration, increased competition, slowing demand for our platform, especially once the impact of the COVID-19 pandemic tapers, particularly as a vaccine becomes widely available, and users return to work or school or are otherwise no longer subject to shelter-in-place mandates, a failure by us to continue capitalizing on growth opportunities, and the maturation of our business, among others. If our growth rate declines, investors’ perceptions of our business and the trading price of our Class A common stock could be adversely affected.

Our quarterly results may fluctuate significantly and may not fully reflect the underlying performance of our business.

Our quarterly results of operations may vary significantly in the future, and period-to-period comparisons of our results of operations may not be meaningful. Accordingly, the results of any one quarter should not be relied upon as an indication of future performance. Our quarterly results of operations may fluctuate as a result of a variety of factors, many of which are outside of our control, and as a result, may not fully reflect the underlying performance of our business. For example, beginning in the fiscal quarter ended April 30, 2020, we faced unprecedented usage of our video-first communications platform largely due to the COVID-19 pandemic, a significant portion of which is attributable to free Basic accounts, which do not generate any revenue. To meet this increased demand, we have incurred and expect to continue to incur significant costs associated with upgrading our infrastructure and expanding our capacity, including higher variable costs to the extent we have had to rely on public cloud providers rather than our own data centers. Fluctuation in quarterly results may negatively impact the value of our securities. Factors that may cause fluctuations in our quarterly results of operations include, without limitation, those listed below:

Failures in internet infrastructure or interference with broadband access could cause current or potential users to believe that our systems are unreliable, possibly leading our customers and hosts to switch to our competitors, or to cancel their subscriptions to our platform.

Unlike traditional communications and collaborations technologies, our services depend on our users’ high-speed broadband access to the internet, usually provided through a cable or digital subscriber line connection. Increasing numbers of users and increasing bandwidth requirements may degrade the performance of our platform due to capacity constraints and other internet infrastructure limitations. As our number of users grow and their usage of communications capacity increases, including increased usage stemming from the COVID-19 pandemic, we will be required to make additional investments in network capacity to maintain adequate data transmission speeds, the availability of which may be limited, or the cost of which may be on terms unacceptable to us. If adequate capacity is not available to us as our user base grows, our network may be unable to achieve or maintain sufficiently high data transmission capacity, reliability, or performance. In addition, if internet service providers and other third parties providing internet services have outages or deteriorations in their quality of service, our users will not have access to our platform or may experience a decrease in the quality of our platform. Furthermore, as the rate of adoption of new technologies increases, the networks our platform relies on may not be able to sufficiently adapt to the increased demand for these services, including ours. Frequent or persistent interruptions could cause current or potential users to believe that our systems or platform are unreliable, leading them to switch to our competitors or to avoid our platform, which could permanently harm our business.

In addition, users who access our platform through mobile devices, such as smartphones and tablets, must have a high-speed connection, such as 3G, 4G, 5G, LTE, satellite, or Wi-Fi, to use our services and applications. Currently, this access is provided by companies that have significant and increasing market power in the broadband and internet access marketplace, including incumbent phone companies, cable companies, satellite companies, and wireless companies. Some of these providers offer products and subscriptions that directly compete with our own offerings, which can potentially give them a competitive advantage. Also, these providers could take measures that degrade, disrupt, or increase the cost of user access to third-party services, including our platform, by restricting or prohibiting the use of their infrastructure to support or facilitate third-party services or by charging increased fees to third parties or the users of third-party services, any of which would make our platform less attractive to users and reduce our revenue.

On January 4, 2018, the Federal Communications Commission (“FCC”) released an order reclassifying broadband internet access as an information service, subject to certain provisions of Title I of the Communications Act. The order requires broadband providers to publicly disclose accurate information regarding network management practices, performance characteristics, and commercial terms of their broadband internet access services sufficient to enable consumers to make informed choices regarding the purchase and use of such services, and entrepreneurs and other small businesses to develop, market, and maintain internet offerings. The new rules went into effect on June 11, 2018. Numerous parties filed judicial challenges to the order, and on October 1, 2019, the United States Court of Appeals for the District of Columbia Circuit released a decision that rejected nearly all of the challenges to the new rules, but reversed the FCC’s decision to prohibit all state and local regulation targeted at broadband internet service, requiring case-by-case determinations as to whether state and local regulation conflicts with the FCC’s rules. The court also required the FCC to reexamine three issues from the order but allowed the order to remain in effect, while the FCC conducts that review. On February 6, 2020, the court denied requests for rehearing of the original decision, and the deadline for petitions requesting the Supreme Court to review the decision has passed without the filing of any such petitions. On February 19, 2020, the FCC released a public notice asking for comment on the three issues the court required it to reexamine. On October 27, 2020, the FCC adopted an order concluding that the three issues remanded by the court did not provide a basis to alter its conclusions in the 2018 order. This order could be subject to petitions for reconsideration or court appeals. Democratic control of the Executive Branch, Congress, and the FCC following the 2020 elections increases the likelihood of legislative or FCC action to reverse the 2018 decision or adopt new network neutrality rules. In addition, a number of states are adopting or considering legislation or executive actions that would regulate the conduct of broadband providers. As a result, we cannot predict whether the FCC order or state initiatives will be modified, overturned, or vacated by legal action of the court, federal legislation, or the FCC. Under the new rules, broadband internet access providers may be able to charge web-based services such as ours for priority access or favor services offered by our competitors or by the internet access providers themselves, which could result in increased costs and a loss of existing customers and hosts, impair our ability to attract new customers and hosts, and harm our business.

If there are changes to the regulatory structures in the United States or elsewhere that reduce investment in infrastructure by internet service providers, including a return of the network neutrality regulations that were repealed, any impacts of reduced investment that reduce network capacity or speed could have a negative effect on our business, operating results, and financial condition.

As we increase sales to large organizations, our sales cycles could lengthen, and we could experience greater deployment challenges.

As we continue to grow, we have begun investing more resources into sales to large organizations. Large organizations typically undertake a significant evaluation and negotiation process due to their leverage, size, organizational structure, and approval requirements, all of which can lengthen our sales cycle. We may also face unexpected deployment challenges with large organizations or more complicated deployment of our platform. Large organizations may demand additional features, support services and pricing concessions, or require additional security management or control features. We may spend substantial time, effort, and money on sales efforts to large organizations without any assurance that our efforts will produce any sales or that these customers will deploy our platform widely enough across their organization to justify our substantial up-front investment. As a result, we anticipate increased sales to large organizations will lead to higher up-front sales costs and greater unpredictability in our business, results of operations, and financial condition.

We generate revenue from sales of subscriptions to our platform, and any decline in demand for our platform or for communications and collaboration technologies in general would harm our business.

We generate, and expect to continue to generate, revenue from the sale of subscriptions to our platform. As a result, widespread acceptance and use of communications and collaboration technologies in general, and our platform in particular, is critical to our future growth and success. If the communications and collaboration technologies market fails to grow, or grows more slowly than we currently anticipate, or if any new customers or hosts that have subscribed to our services during the COVID-19 pandemic subsequently reduce or discontinue their use after the impact of the pandemic has tapered, demand for our platform could be negatively affected.

Changes in user preferences for communications and collaboration technologies may have a disproportionately greater impact on us than if we offered multiple platforms or disparate products. Demand for communications and collaboration technologies in general, and our platform in particular, is affected by a number of factors, many of which are beyond our control. Some of these potential factors include:

We have experienced net losses in the past, and we expect to increase our expenses in the future, which could prevent us from maintaining profitability.

Although we generated net income of $198.6 million and $411.7 million for the three and nine months ended October 31, 2020, respectively, we have incurred net losses in the past and could incur net losses in the future. We intend to continue to expend significant funds to expand our direct sales force and marketing efforts to attract new customers and hosts and to develop and enhance our products and for general corporate purposes, including operations, hiring additional personnel, including through acquisitions of other businesses, upgrading our infrastructure, and addressing security and privacy issues, including those stemming from the unprecedented numbers of first-time users during the COVID-19 pandemic who may not have full IT support or established protocols like our enterprise customers, and expanding into new geographical markets. To the extent we are successful in increasing our user base, we may also incur increased losses because, other than sales commissions, the costs associated with acquiring customers and hosts are generally incurred up front, while the subscription revenue is generally recognized ratably over the subscription term, which can be monthly, annual, or on a multiyear basis. Our efforts to grow our business may be costlier than we expect, and we may not be able to increase our revenue enough to offset our higher operating expenses. We may incur significant losses in the future for a number of reasons, including as a result of the other risks

described herein, and unforeseen expenses, difficulties, complications, delays, and other unknown events. For example, we have faced unprecedented usage during the COVID-19 pandemic and, to meet this increased demand, have incurred and expect to continue to incur significant costs associated with upgrading our infrastructure and expanding our capacity, including higher variable costs to the extent we have to rely on public cloud providers rather than our own data centers. Despite these significant investments, a majority of these new hosts using our platform on a free Basic account may never upgrade to a paid Zoom Meeting plan. If we are unable to sustain profitability, the value of our business and Class A common stock may significantly decrease. Furthermore, it is difficult to predict the size and growth rate of our market, customer demand for our platform, user adoption and renewal of our platform, the entry of competitive products and services, or the success of existing competitive products and services. As a result, we may not maintain profitability in future periods. If we fail to grow our revenue sufficiently to keep pace with our investments and other expenses, our business would be harmed.

The experience of our users depends upon the interoperability of our platform across devices, operating systems, and third-party applications that we do not control, and if we are not able to maintain and expand our relationships with third parties to integrate our platform with their solutions, our business may be harmed.

One of the most important features of our platform is its broad interoperability with a range of diverse devices, operating systems, and third-party applications. Our platform is accessible from the web and from devices running Windows, Mac OS, iOS, Android, and Linux. We also have integrations with Atlassian, Dropbox, Google, Microsoft, Salesforce, Slack, and a variety of other productivity, collaboration, data management, and security vendors. We are dependent on the accessibility of our platform across these and other third-party operating systems and applications that we do not control. For example, given the broad adoption of Microsoft Office and other productivity software, it is important that we are able to integrate with this software. Several of our competitors own, develop, operate, or distribute operating systems, app stores, co-located data center services, and other software, and also have material business relationships with companies that own, develop, operate, or distribute operating systems, applications markets, co-located data center services, and other software that our platform requires in order to operate. Moreover, some of these competitors have inherent advantages developing products and services that more tightly integrate with their software and hardware platforms or those of their business partners.

Third-party services and products are constantly evolving, and we may not be able to modify our platform to assure its compatibility with that of other third parties following development changes. In addition, some of our competitors may be able to disrupt the operations or compatibility of our platform with their products or services, or exert strong business influence on our ability to, and terms on which we, operate and distribute our platform. For example, we currently offer products that directly compete with several large technology companies that we rely on to ensure the interoperability of our platform with their products or services. As our respective products evolve, we expect this level of competition to increase. Should any of our competitors modify their products or standards in a manner that degrades the functionality of our platform or gives preferential treatment to competitive products or services, whether to enhance their competitive position or for any other reason, the interoperability of our platform with these products could decrease and our business could be harmed.

In addition, we provide, develop, and create applications for our platform partners that integrate our platform with our partners’ various offerings. For example, our Zoom Meetings product integrates with tools offered by companies, such as Atlassian and Dropbox, to help teams get more done together. If we are not able to continue and expand on existing and new relationships to integrate our platform with our partners’ solutions, or there are quality issues with our products or service interruptions of our products that integrate with our partners’ solutions, our business will be harmed.

We are subject to requirements imposed by app stores such as those operated by Apple and Google, who may change their technical requirements or policies in a manner that adversely impacts the way in which we or our partners collect, use and share data from users. If we do not comply with these requirements, we could lose access to the app store and users, and our business would be harmed.

We may not be able to respond to rapid technological changes, extend our platform, or develop new features.

The communications and collaboration technologies market is characterized by rapid technological change and frequent new product and service introductions. Our ability to grow our user base and increase revenue from customers will depend heavily on our ability to enhance and improve our platform; introduce new features and products; and interoperate across an increasing range of devices, operating systems, and third-party applications. Our customers may require features and capabilities that our current platform does not have. We invest significantly in research and

development, and our goal is to focus our spending on measures that improve quality and ease of adoption, enhance privacy and security, and create organic user demand for our platform. For example, in October 2020 we introduced two new additions to our Zoom platform, OnZoom and Zoom Apps. There is no assurance that these new additions or other future enhancements to our platform or new product experiences, features, or capabilities will be compelling to our users or gain market acceptance, or that they will perform as expected. If our research and development investments do not accurately anticipate user demand or if we fail to develop our platform in a manner that satisfies user preferences and requirements in a timely and cost-effective manner, we may fail to retain our existing users or increase demand for our platform.

The introduction of new products and services by competitors or the development of entirely new technologies to replace existing offerings could make our platform obsolete or adversely affect our business, results of operations, and financial condition. We may experience difficulties with software development, design, or marketing that could delay or prevent our development, introduction, or implementation of new product experiences, features, or capabilities. We have in the past experienced delays in our internally planned release dates of new features and capabilities and there can be no assurance that new product experiences, features, or capabilities will be released according to schedule. Any delays could result in adverse publicity, loss of revenue or market acceptance, or claims by users brought against us, all of which could harm our business. Moreover, new productivity features to our platform may require substantial investment, and we have no assurance that such investments will be successful. If customers and hosts do not widely adopt our new product experiences, features, and capabilities, or they do not perform as expected, we may not be able to realize a return on our investment. If we are unable to develop, license, or acquire new features and capabilities to our platform on a timely and cost-effective basis, or if such enhancements do not achieve market acceptance, our business would be harmed.

The failure to effectively develop and expand our marketing and sales capabilities could harm our ability to increase our customer base and achieve broader market acceptance of our platform.

Our ability to increase our customer and host base and achieve broader market acceptance of our products and services will depend to a significant extent on our ability to expand our marketing and sales operations. We plan to continue expanding our sales force and strategic partners, both domestically and internationally. If we are unable to hire a sufficient number of qualified sales personnel in the near term, our future revenue growth and business could be adversely impacted.

Identifying and recruiting qualified sales representatives and training them is time consuming and resource intensive, and they may not be fully trained and productive for a significant amount of time. We also plan to dedicate significant resources to sales and marketing programs, including internet and other online advertising. All of these efforts will require us to invest significant financial and other resources. In addition, the cost to acquire customers and hosts is high due to these marketing and sales efforts. Our business will be harmed if our efforts do not generate a correspondingly significant increase in revenue. We will not achieve anticipated revenue growth from expanding our sales force if we are unable to hire, develop, and retain talented sales personnel, our new sales personnel are unable to achieve desired productivity levels in a reasonable period of time, or if our sales and marketing programs are not effective.

Our security measures have been compromised in the past and may be compromised in the future. If our security measures are compromised in the future or if our information technology fails, this could harm our reputation, expose us to significant fines and liability, impair our sales, and harm our business. In addition, our products and services may be perceived as not being secure. This perception may result in customers and hosts curtailing or ceasing their use of our products, our incurring significant liabilities, and our business being harmed.

Our operations involve the storage and transmission of customer and user data or information, and security incidents have occurred in the past, and may occur in the future, resulting in unauthorized access to, loss or unauthorized disclosure of, or inadvertent disclosure of, this information, regulatory investigations or enforcement actions, litigation, indemnity obligations, and other possible liabilities, as well as negative publicity, which could damage our reputation, impair our sales, and harm our business. Cyberattacks and other malicious internet-based activity continue to increase, and cloud-based platform providers of products and services have been and are expected to continue to be targeted. In addition to traditional computer “hackers,” we face security risks from malicious code (such as viruses and worms), phishing incidents, credential stuffing attacks, employee theft, misuse of information or systems, sophisticated nation-state and nation-state supported actors, and advanced persistent threat intrusions. Moreover, security incidents can result in interruptions, delays, or outages in our operations and services, including due to ransomware or denial-of-service attacks. Despite significant efforts to create security barriers to such threats, it is

impossible for us to entirely mitigate these risks. If our security measures are compromised as a result of third-party action, employee, customer, host or user error, malfeasance, stolen or fraudulently obtained log-in credentials, or otherwise, our reputation could be damaged; our data, information or intellectual property, or that of our customers, may be destroyed, stolen, or otherwise compromised; our business may be harmed; and we could incur significant liability. We have not always been able in the past and may be unable in the future to anticipate or prevent threats or techniques used to detect or exploit vulnerabilities in our services or software or third-party software, or obtain unauthorized access to or compromise our systems, because such threats and techniques change frequently and are generally not detected until after an incident has occurred. In addition, security researchers and other individuals have in the past and will continue in the future to actively search for and exploit actual and potential vulnerabilities in our software or services. This activity may increase because of increased demand for our services and increased media scrutiny of our video-first communications platform, and can lead to additional adverse publicity, reputational harm, extortion threats, business and operational interruptions, security incidents, additional expenses, litigation, regulatory investigations and actions, and substantial harm to our business, some of which we have experienced during the COVID-19 pandemic. For example, in July 2019, a security researcher published a blog highlighting concerns with the Zoom Meeting platform, including certain video-on features. We were able to release updates to the software addressing these vulnerabilities, and we are not aware of any customers being affected or meetings compromised by these vulnerabilities. In most cases customers are responsible for installing this update to the software, and their software is subject to these vulnerabilities until they do so. Additionally, in March 2020, a security researcher reported certain vulnerabilities related to our macOS version that could have allowed an unauthorized person to gain root access to a user’s system. We cannot be certain that we will be able to address any vulnerabilities in our software that we may become aware of in the future, or there may be delays in developing patches that can be effectively deployed to address vulnerabilities. We expect similar issues to arise in the future as our products and services are more widely adopted, and as we continue to expand the features and functionality of existing products and introduce new products. We expect to expend significant resources in an effort to protect against security incidents and to mitigate, detect, and remediate actual and potential vulnerabilities. Security incidents and vulnerabilities, and concerns regarding privacy, data protection, and information security may cause some of our customers and hosts to stop using our solutions and fail to upgrade or renew their subscriptions. This discontinuance in use or failure to upgrade or renew could substantially harm our business. Further, as we rely on third-party and public-cloud infrastructure, we depend in part on third-party security measures to protect against unauthorized access, cyberattacks, and the mishandling of data and information. In addition, failures to meet customers’ and hosts’ expectations with respect to security and confidentiality of their data and information could damage our reputation and affect our ability to retain customers and hosts, attract new customers and hosts, and grow our business. In addition, cybersecurity events or security vulnerabilities could result in breaches of our agreements with customers, lawsuits against us (including class action litigation), regulatory investigations or actions, and significant increases in costs, including costs for remediating the effects of such an event or vulnerability, lost revenue due to network downtime, and a decrease in customer, host, and user trust, increases in insurance premiums due to cybersecurity incidents, increased costs to address cybersecurity issues, and attempts to prevent future incidents, fines, penalties, judgments and settlements, and attorney fees, and harm to our business and our reputation because of any such incident.

Many governments have enacted laws requiring companies to provide notice of data security incidents involving certain types of personal data. Such laws are inconsistent, and compliance in the event of a widespread data breach is costly. In addition, some of our customers require us to notify them of data security breaches. Security compromises experienced by our competitors, our customers, or us may lead to public disclosures, which may lead to widespread negative publicity. In addition, while more than half of our employees are based in the United States, like many similarly situated technology companies, we have a sizable number of research and development personnel in China, which has exposed and could continue to expose us to governmental and regulatory as well as market and media scrutiny regarding the actual or perceived integrity of our platform or data security and privacy features. Any security compromise in our industry, whether actual or perceived, could harm our reputation, erode confidence in the effectiveness of our security measures; negatively affect our ability to attract new customers and hosts; cause existing customers to elect not to renew their subscriptions; or subject us to third-party lawsuits, regulatory investigations, proceedings, and fines, or other action or liability, which could harm our business and reputation. Increased usage of our services, novel uses of our services, and additional awareness of Zoom and our brand could lead to greater public scrutiny of, press related to, or a negative perception of our information security and potential vulnerabilities associated with, our platform. For example, in connection with the COVID-19 pandemic, we opened our platform to unprecedented numbers of first-time users, leading to challenges for users who did not have full IT support or established protocols for security and privacy like our enterprise customers. As a result, we have experienced negative

publicity related to meeting disruptions and security and privacy issues, including on encryption. Such unfavorable publicity and scrutiny could result in material reputational harm, a loss of customer and user confidence, increased regulatory or litigation exposure, additional expenses, and other harm to our business.

There can be no assurance that any limitations of liability provisions in our subscription agreements, terms of use or other agreements would be enforceable or adequate or would otherwise protect us from any such liabilities or damages with respect to any particular claim. We also cannot be sure that our existing general liability insurance coverage and coverage for cyber liability or errors or omissions will continue to be available on acceptable terms or will be available in sufficient amounts to cover one or more large claims or that the insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that are not covered or exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could harm our business.

Our business depends on a strong brand, and if we are not able to maintain and enhance our brand, our ability to expand our base of users will be impaired and our business will be harmed.

We believe that our brand identity and awareness have contributed to our success and have helped fuel our efficient go-to-market strategy. We connect people through frictionless and secure video, voice, chat, and content sharing. We also believe that maintaining and enhancing the Zoom brand is critical to expanding our base of customers, hosts, and users and, in particular, conveying to users and the public that the Zoom brand consists of a broad communications platform, rather than just one distinct product. For example, if users incorrectly view the Zoom brand primarily as a video conferencing point solution or utility rather than as a platform with multiple communications solutions, or have a negative perception of our privacy and security, then our market position may be detrimentally impacted at such time as a competitor introduces a new or better product. We anticipate that, as our market becomes increasingly competitive, maintaining and enhancing our brand may become increasingly difficult and expensive. Any unfavorable publicity or perception of our platform, including any delays or interruptions in service due to capacity constraints stemming from increased usage due to the COVID-19 pandemic, or of our privacy or security features, or of the providers of communication and collaboration technologies generally, could adversely affect our reputation and our ability to attract and retain hosts. Similarly, any unfavorable perception of our company, including due to any actual or perceived violation by our employees of our policies, such as our Code of Business Conduct and Ethics, could cause us reputational harm and customer loss, impact our financial performance, expose us to litigation, and harm our business, among other things. If we fail to promote and maintain the Zoom brand, including consumer and public perception of our platform or our company, or if we incur excessive expenses in this effort, our business will be harmed.

We may not successfully manage our growth or plan for future growth.

Since our founding in 2011, we have experienced rapid growth. For example, our headcount has grown from 2,409 full-time employees as of October 31, 2019, to 3,871 full-time employees as of October 31, 2020, with employees located both in the United States and internationally. The growth and expansion of our business places a continuous, significant strain on our management, operational, and financial resources. Further growth of our operations to support our user base, our expanding third-party relationships, our information technology systems, and our internal controls and procedures may not be adequate to support our operations. In addition, as we continue to grow, we face challenges integrating, developing, and motivating a rapidly growing employee base in various countries around the world. For example, a significant number of our employees were hired in recent months and have never been to one of our office locations. Certain members of our management have not previously worked together for an extended period of time, and some do not have prior experience managing a public company, which may affect how they manage our growth. Managing our growth will also require significant expenditures and allocation of valuable management resources.

In addition, our rapid growth may make it difficult to evaluate our future prospects. Our ability to forecast our future results of operations is subject to a number of uncertainties, including our ability to effectively plan for and model future growth. We have encountered in the past, and may encounter in the future, risks and uncertainties frequently experienced by growing companies in rapidly changing industries. If we fail to achieve the necessary level of efficiency in our organization as it grows, or if we are not able to accurately forecast future growth, our business would be harmed.

Our business may be significantly affected by a change in the economy, including any resulting effect on consumer or business spending.

Our business may be affected by changes in the economy generally, including as a result of the COVID-19 pandemic and any resulting effect on spending by our customers. While some of our customers may consider our platform to be a cost-saving purchase, decreasing the need for business travel, others may view a subscription to our platform as a discretionary purchase, and our customers may reduce their discretionary spending on our platform during an economic downturn. Given current economic conditions, we could experience a reduction in demand and loss of customers, especially if the effects of the current economic environment have a prolonged impact on various industries that our video-first communications platform addresses. We would lose customers as a result of customers ceasing to do business, and we could experience a material increase in longer payment cycles and greater difficulty in collecting accounts receivable from certain customers. While we have seen increased usage stemming from the COVID-19 pandemic, a significant portion of the increase in usage of our platform is attributable to free Basic accounts, which do not generate any revenue. Moreover, there is no assurance that we will experience an increase in paid hosts once the pandemic tapers, particularly in light of the economic downturn. Similarly, given the shift in our customer base from largely businesses and enterprises to a mix of businesses, enterprises, and consumers due to the COVID-19 pandemic, we expect that we will see higher rates of non-renewals than we have experienced historically.

Our ability to sell subscriptions to our platform could be harmed by real or perceived material defects or errors in our platform.

The software technology underlying our platform is inherently complex and may contain material defects or errors, particularly when new products are first introduced or when new features or capabilities are released. We have from time to time found defects or errors in our platform, and new defects or errors in our existing platform or new products may be detected in the future by us or our users. There can be no assurance that our existing platform and new products will not contain defects. Any real or perceived errors, failures, vulnerabilities, or bugs in our platform have in the past resulted and could in the future result in negative publicity or lead to data security, access, retention, or other performance issues, all of which could harm our business. The costs incurred in correcting such defects or errors may be substantial and could harm our business. Moreover, the harm to our reputation and legal liability related to such defects or errors may be substantial and would harm our business.

We also utilize hardware purchased or leased and software and services licensed from third parties to offer our platform. Any defects in, or unavailability of, our or third-party hardware, software, or services that cause interruptions to the availability of our services, loss of data, or performance issues could, among other things:

If we were to lose the services of our Chief Executive Officer or other members of our senior management team, we may not be able to execute our business strategy.

Our success depends in a large part upon the continued service of key members of our senior management team. In particular, our founder, President and Chief Executive Officer, Eric S. Yuan, is critical to our overall management, as well as the continued development of our products, services, the Zoom platform, our culture, our strategic direction, engineering, and our global operations, including regions such as the United States, EMEA and APAC. All of our executive officers are at-will employees, and we do not maintain any key person life insurance policies. Any changes in our senior management team in particular, even in the ordinary course of business, may be disruptive to our business. While we seek to prepare for such transitions, including by establishing strong processes and procedures and

succession planning, such changes may result in a loss of institutional knowledge and cause disruptions to our business. If our senior management team fails to work together effectively or execute our plans and strategies on a timely basis as a result of management turnover or otherwise, our business could be harmed.

The failure to attract and retain additional qualified personnel or to maintain our happiness-centric company culture could harm our business and culture and prevent us from executing our business strategy.

To execute our business strategy, we must attract and retain highly qualified personnel. Competition for executives, software developers, sales personnel, and other key employees in our industry is intense. In particular, we compete with many other companies for software developers with high levels of experience in designing, developing, and managing software for communication and collaboration technologies, as well as for skilled sales and operations professionals. At times, we have experienced, and we may continue to experience, difficulty in hiring and retaining employees with appropriate qualifications, and we may not be able to fill positions in a timely manner or at all. We completed our initial public offering in April 2019 and potential candidates may not perceive our compensation package, including our equity awards, as favorably as employees hired prior to our initial public offering. In addition, our recruiting personnel, methodology, and approach may need to be altered to address a changing candidate pool and profile. We may not be able to identify or implement such changes in a timely manner. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business could be harmed.

Many of the companies with which we compete for experienced personnel have greater resources than we have, and some of these companies may offer more attractive compensation packages. Particularly in the San Francisco Bay Area, job candidates and existing employees carefully consider the value of the equity awards they receive in connection with their employment. If the perceived value of our equity awards declines, or if the mix of equity and cash compensation that we offer is unattractive, it may adversely affect our ability to recruit and retain highly skilled employees. Job candidates may also be threatened with legal action under agreements with their existing employers if we attempt to hire them, which could impact hiring and result in a diversion of our time and resources. Additionally, laws and regulations, such as restrictive immigration laws, may limit our ability to recruit internationally. We must also continue to retain and motivate existing employees through our compensation practices, company culture, and career development opportunities. If we fail to attract new personnel or to retain our current personnel, our business would be harmed.

We believe that a critical component to our success and our ability to retain our best people is our culture. As we continue to grow and develop a public company infrastructure, we may find it difficult to maintain our happiness-centric company culture. Transparency is also an important part of our culture, and one that we practice every day. As we continue to grow, maintaining this culture of transparency will present its own challenges that we will need to address, including the type of information and level of detail that we share with our employees.

In addition, following our initial public offering, many of our employees are now able to receive significant proceeds from sales of our equity in the public markets, which may reduce their motivation to continue to work for us. Moreover, this liquidity could create disparities in wealth among our employees, which may harm our culture and relations among employees and our business.

We have significant and expanding operations outside the United States, which may subject us to increased business, regulatory and economic risks that could harm our business.

Our platform addresses the communications needs of users worldwide, and we see international expansion as a major opportunity. Our revenue from APAC and EMEA collectively represented 31% and 19% of our total revenue for the three months ended October 31, 2020 and 2019, respectively, and 30% and 19% of our revenue for the nine months ended October 31, 2020 and 2019, respectively. We plan to add local sales support in further select international markets over time. Our customers include multinational corporations with global users, and we expect to continue to expand our international operations, which may include opening offices in new jurisdictions and providing our platform in additional languages to support the needs of these multinational corporations. Any new markets or countries into which we attempt to allow users to access our services or sell subscriptions to our platform may not be receptive. For example, if we are not able to satisfy certain government- and industry-specific requirements, we may experience service outages or other adverse consequences which would impair our ability to expand further into certain markets. In addition, our ability to manage our business and conduct our operations internationally in the future may require considerable management attention and resources and is subject to the particular challenges of supporting a rapidly growing business in an environment of multiple languages, cultures, customs, legal and regulatory systems, alternative dispute systems, and commercial markets. Future international expansion will require investment of

significant funds and other resources. We also face risks related to recruiting and retaining talented and capable employees outside the United States, including complying with complex employment- and compensation-related laws, regulations and practices in these international jurisdictions, and maintaining our company culture across all of our offices. We may also be unable to grant equity compensation to employees in certain countries outside of the United States due to the complexities of local laws and regulations. This may require us to offer equally compelling alternatives to supplement our compensation, such as long-term cash compensation plans or increased short-term cash compensation, in order to continue to attract and retain employees in these jurisdictions.

Operating internationally subjects us to new risks and may increase risks that we currently face, including risks associated with:

Compliance with laws and regulations applicable to our global operations substantially increases our cost of doing business in international jurisdictions. We may be unable to keep current with changes in laws and regulations as they occur. Although we have implemented policies and procedures designed to support compliance with these laws and regulations, there can be no assurance that we will always maintain compliance or that all of our employees, contractors, partners, and agents will comply. Any violations could result in enforcement actions, fines, civil and criminal penalties, damages, injunctions, or reputational harm. If we are unable to comply with these laws and regulations or manage the complexity of our global operations successfully, we may need to relocate or cease operations in certain foreign jurisdictions. Additionally, while our engineering team is headquartered in the United States, we employ a product development team that has a relatively significant footprint in China today, where personnel costs are less expensive than in many other geographies. This product development team carries out the design and architecture decisions made by our U.S. engineering team. In May 2020, we announced the opening of two new research and development centers in Phoenix, Arizona and Pittsburgh, Pennsylvania. As a result of this expansion, we could experience, among other things, higher operating expenses, which would adversely impact our operating margins and harm our business.

At the same time, our operations in China have caused and may in the future cause us to be subject to regulatory scrutiny both in China and in the United States. For example, in September 2019, the Chinese government turned off our service in China without warning and requested that we take certain steps prior to restoring our service, including designating an in-house contact for law enforcement requests and transferring China-based user data housed in the United States to a data center in China. Also, in June and July 2020, we received subpoenas from the Department of Justice’s U.S. Attorney’s Office for the Eastern District of New York (“EDNY”) and the Department of Justice’s U.S. Attorney’s Office for the Northern District of California (“NDCA”). The EDNY and NDCA subpoenas requested information about (among other things) our interactions with foreign governments and/or foreign political parties, including the Chinese government, as well as about storage of and access to user data, including the use of servers based overseas. In addition, the EDNY subpoena requested information about the actions we took relating to the Tiananmen commemorations on Zoom. The NDCA subpoena also requested documents and information about (among other things) contacts between our employees and representatives of the Chinese government, and any attempted or successful influence by any foreign government in our policies, procedures, practices, and actions as they relate to users in the United States. We are fully cooperating with all of these investigations and have been conducting our own thorough internal investigation. These investigations are ongoing, and we do not know when they will be completed, which facts we will ultimately discover as a result of the investigations, or what actions the government may or may not take. We cannot predict the outcome of these investigations, and a negative outcome in any or all of these matters could cause us to incur substantial fines, penalties, or other financial exposure, as well as material reputational harm, a loss of customer and user confidence and business, additional expenses, and other harm to our business.

We recognize revenue from subscriptions to our platform over the terms of these subscriptions. Consequently, increases or decreases in new sales may not be immediately reflected in our results of operations and may be difficult to discern.

We recognize revenue from subscriptions to our platform over the terms of these subscriptions. As a result, a portion of the revenue we report in each quarter is derived from the recognition of deferred revenue relating to subscriptions entered into during previous quarters. Consequently, a decline in new or renewed subscriptions in any single quarter may have an immaterial impact on the revenue that we recognize for that quarter. However, such a decline will negatively affect our revenue in future quarters. Accordingly, the effect of significant downturns in sales and potential changes in our pricing policies or rate of customer expansion or retention may not be fully reflected in our results of operations until future periods. In addition, a significant portion of our costs is expensed as incurred, while revenue is recognized over the term of the subscription. As a result, growth in the number of new customers and hosts could continue to result in our recognition of higher costs and lower revenue in the earlier periods of our subscriptions. Finally, our subscription-based revenue model also makes it difficult for us to rapidly increase our revenue through additional sales in any period, as revenue from new customers or from existing customers that increase their use of our platform or upgrade to a higher-priced tier of Zoom Meeting plan must be recognized over the applicable subscription term.

Any failure to offer high-quality support for our customers and hosts may harm our relationships with our customers and hosts and, consequently, our business.

We have designed our platform to be easy to adopt and use with minimal to no support necessary. However, if we experience increased user demand for support, we may face increased costs that may harm our results of operations. Surging demand during the COVID-19 pandemic has required us to allocate additional resources to support our expanded user base, including many hosts and customers who are using our platform for the first time. In addition, as we continue to grow our operations and support our global user base, we need to be able to continue to provide efficient support that meets our customers and hosts’ needs globally at scale. Customers and hosts receive additional support features, and the number of our hosts has grown significantly, which will put additional pressure on our support organization. If we are unable to provide efficient user support globally at scale or if we need to hire additional support personnel, including as a result of increased demand during the COVID-19 pandemic, our business may be harmed. Our new customer and host signups are highly dependent on our business reputation and on positive recommendations from our existing customers and hosts. Any failure to maintain high-quality support, or a market perception that we do not maintain high-quality support for our customers and hosts, would harm our business.

We utilize our network of resellers to sell our products and services, and our failure to effectively develop, manage, and maintain our indirect sales channels would harm our business.

Our future success depends on our continued ability to establish and maintain a network of channel relationships, and we expect that we will need to maintain and expand our network as we expand into international markets. A small portion of our revenue is derived from our network of sales agents and resellers, which we refer to collectively as resellers, many of which sell or may in the future decide to sell their own products and services or services from other communications solutions providers. Loss of or reduction in sales through these third parties could reduce our revenue. Our competitors may in some cases be effective in causing our reseller or potential reseller to favor their products and services or prevent or reduce sales of our products and services. Recruiting and retaining qualified resellers in our network and training them in our technology and product offerings requires significant time and resources. If we decide to further develop and expand our indirect sales channels, we must continue to scale and improve our processes and procedures to support these channels, including investment in systems and training. Many resellers may not be willing to invest the time and resources required to train their staff to effectively sell our platform. If we fail to maintain relationships with our resellers, fail to develop relationships with new resellers in new markets, or expand the number of resellers in existing markets or fail to manage, train, or provide appropriate incentives to our existing resellers, our ability to increase the number of new customers and hosts and increase sales to existing customers could be adversely impacted, which would harm our business.

Our results of operations, which are reported in U.S. dollars, could be adversely affected if currency exchange rates fluctuate substantially in the future.

We sell to customers globally and have international operations primarily in Australia, China, and the U.K. As we continue to expand our international operations, we will become more exposed to the effects of fluctuations in currency exchange rates. Although the majority of our cash generated from revenue is denominated in U.S. dollars, a small amount is denominated in foreign currencies, and our expenses are generally denominated in the currencies of the jurisdictions in which we conduct our operations. For the nine months ended October 31, 2020 and 2019, 19.3% and 9.1% of our revenue, respectively, and 12.0% and 15.9% of our expenses, respectively, were denominated in currencies other than U.S. dollars. Because we conduct business in currencies other than U.S. dollars but report our results of operations in U.S. dollars, we also face remeasurement exposure to fluctuations in currency exchange rates, which could hinder our ability to predict our future results and earnings and could materially impact our results of operations. We do not currently maintain a program to hedge exposures to non-U.S. dollar currencies.

Our sales to government entities are subject to a number of additional challenges and risks.

We expect to increase our sales to U.S. federal and state and foreign governmental agency customers. For example, we announced in May 2019 that we received authorization under the U.S. Federal Risk and Authorization Management Program (“FedRAMP”) that allows U.S. federal government agencies and contractors to securely use our Zoom for Government offering. The additional risks and challenges associated with doing business with governmental entities include, but are not limited to, the following:

To the extent that we become more reliant on contracts with government entities in the future, our exposure to such risks and challenges could increase, which in turn could adversely impact our business.

Our current products, as well as products, features, and functionality that we may introduce in the future, may not be widely accepted by our customers and hosts or may receive negative attention or may require us to compensate or reimburse third parties, any of which may lower our margins and harm our business.

Our ability to engage, retain, and increase our base of customers and hosts and to increase our revenue will depend on our ability to successfully create new products, features, and functionality, both independently and together with third parties. We may introduce significant changes to our existing products or develop and introduce new and unproven products, including technologies with which we have little or no prior development or operating experience. These new products and updates may not perform as expected, may fail to engage, retain, and increase our base of customers and hosts or may create lag in adoption of such new products. New products may initially suffer from performance and quality issues that may negatively impact our ability to market and sell such products to new and existing customers and hosts. The short- and long-term impact of any major change to our products, or the introduction of new products, is particularly difficult to predict. If new or enhanced products fail to engage, retain, and increase our base of customers and hosts, or do not perform as expected, we may fail to generate sufficient revenue, operating margin, or other value to justify our investments in such products, any of which may harm our business in the short term, long term, or both. In addition, our current products, as well as products, features, and functionality that we may introduce in the future, may require us to compensate or reimburse third parties. For example, our cloud phone system, Zoom Phone, is a PBX phone solution that requires us to compensate carriers that operate the PSTN. As a result, a portion of the payments that we will receive from customers that will use our Zoom Phone product will be allocated towards compensating these telephone carriers, which lowers our margins for Zoom Phone as compared to our other products. In addition, new products that we introduce in the future may similarly require us to compensate or reimburse third parties, all of which would lower our profit margins for any such new products. If this trend continues with our new and existing products, including Zoom Phone, it could harm our business.

If we experience excessive fraudulent activity or cannot meet evolving credit card association merchant standards, we could incur substantial costs and lose the right to accept credit cards for payment, which could cause our customer and paid host base to decline significantly.

A large portion of our customers authorize us to bill their credit card accounts directly for our products. If customers pay for their subscriptions with stolen credit cards, we could incur substantial third-party vendor costs for which we may not be reimbursed. Further, our customers provide us with credit card billing information online or over the phone, and we do not review the physical credit cards used in these transactions, which increases our risk of exposure to fraudulent activity. We also incur charges, which we refer to as chargebacks, from the credit card companies for claims that the customer did not authorize the credit card transaction for our products, something that we have experienced in the past. If the number of claims of unauthorized credit card transactions becomes excessive, we could be assessed substantial fines for excess chargebacks, and we could lose the right to accept credit cards for payment. In addition, credit card issuers may change merchant standards, including data protection and documentation

standards, required to utilize their services from time to time. If we fail to maintain compliance with current merchant standards or fail to meet new standards, the credit card associations could fine us or terminate their agreements with us, and we would be unable to accept credit cards as payment for our products. Our products may also be subject to fraudulent usage and schemes, including third parties accessing customer accounts or viewing and recording data from our communications solutions. These fraudulent activities can result in unauthorized access to customer accounts and data, unauthorized use of our products, and charges and expenses to customers for fraudulent usage. We may be required to pay for these charges and expenses with no reimbursement from the customer, and our reputation may be harmed if our products are subject to fraudulent usage. Although we implement multiple fraud prevention and detection controls, we cannot assure you that these controls will be adequate to protect against fraud. Substantial losses due to fraud or our inability to accept credit card payments would cause our customer base to significantly decrease and would harm our business.

We may have exposure to greater than anticipated tax liabilities, which could harm our business.

While to date we have not incurred significant income taxes in operating our business, we are subject to income taxes in the United States and various jurisdictions outside of the United States. Our effective tax rate could fluctuate due to changes in the proportion of our earnings and losses in countries with differing statutory tax rates. Our tax expense could also be impacted by changes in non-deductible expenses; changes in excess tax benefits of stock-based compensation expense; changes in the valuation of, or our ability to use, deferred tax assets and liabilities; the applicability of withholding taxes and effects from acquisitions.

The provision for taxes on our condensed consolidated financial statements could also be impacted by changes in accounting principles; changes in U.S. federal, state, or international tax laws applicable to corporate multinationals, such as the recent legislation enacted in the United States, other fundamental changes in law currently being considered by many countries; and changes in taxing jurisdictions’ administrative interpretations, decisions, policies, and positions. Further, the Organization for Economic Co-operation and Development (“OECD”) and the Inclusive Framework of G20 and other countries have issued proposals related to the taxation of the digital economy. In addition, several countries have proposed or enacted Digital Services Taxes (“DST”), many of which would apply to revenues derived from digital services. Future developments related to such proposals, in particular any unilateral actions outside of the OECD’s Inclusive Framework such as the imposition of DST rules, could have an adverse impact on our effective tax rate and/or harm our business by increasing our future tax obligations.

We are subject to review and audit by U.S. federal, state, local, and foreign tax authorities. Such tax authorities may disagree with tax positions we take, and if any such tax authority were to successfully challenge any such position, our business could be harmed. We may also be subject to additional tax liabilities due to changes in non-income-based taxes resulting from changes in federal, state, or international tax laws; changes in taxing jurisdictions’ administrative interpretations, decisions, policies, and positions; results of tax examinations, settlements, or judicial decisions; changes in accounting principles, changes to our business operations, including acquisitions; as well as the evaluation of new information that results in a change to a tax position taken in a prior period.

Our ability to use our net operating loss carryforwards and certain other tax attributes may be limited.

As of January 31, 2020, we had $148.0 million of U.S. federal and $88.2 million of state net operating loss carryforwards available to reduce future taxable income, which will begin to expire in 2032 for federal and 2027 for state tax purposes. It is possible that we will not generate taxable income in time to use these net operating loss carryforwards before their expiration or at all. Under legislative changes made in December 2017, as modified by the federal tax law changes enacted in March 2020, U.S. federal net operating losses incurred in tax years beginning after December 31, 2017 and in future years may be carried forward indefinitely, but, for tax years beginning after December 31, 2020, the deductibility of such net operating losses is limited. In addition, the federal and state net operating loss carryforwards and certain tax credits may be subject to significant limitations under Section 382 and Section 383 of the Internal Revenue Code of 1986, as amended (the “Code”), respectively, and similar provisions of state law. Under those sections of the Code, if a corporation undergoes an “ownership change,” the corporation’s ability to use its pre-change net operating loss carryforwards and other pre-change attributes, such as research tax credits, to offset its post-change income or tax may be limited. In general, an “ownership change” will occur if there is a cumulative change in our ownership by “5-percent shareholders” that exceeds 50 percentage points over a rolling three-year period. Similar rules may apply under state tax laws. We have completed a Section 382 review and have determined that none of the operating losses will expire solely due to Section 382 limitation(s). However, we may experience ownership changes in the future as a result of future shifts in our stock ownership, some of which may be outside of our control. If an ownership change occurs and our ability to use our net operating loss carryforwards and tax credits is materially limited, it would harm our business by effectively increasing our future tax obligations.

In addition, for state income tax purposes, there may be periods during which the use of net operating losses is suspended or otherwise limited, including a recent California franchise tax law change limiting the usability of California state net operating losses to offset California taxable income in taxable years beginning on or after January 1, 2020 and before January 1, 2023, which could accelerate or permanently increase state taxes owed.

We recorded a valuation allowance against all of our DTAs for the U.S. and U.K. as of both October 31, 2020 and January 31, 2020. We intend to continue maintaining a full valuation allowance on our DTAs until there is sufficient evidence to support the reversal of all or some portion of these allowances. However, given our current earnings and anticipated future earnings, we believe that there is a reasonable possibility that in the foreseeable future, sufficient positive evidence may become available to reach a conclusion that a portion of the valuation allowance will no longer be needed. Release of the valuation allowance would result in the recognition of certain DTAs and a decrease to income tax expense for the period the release is recorded. However, the exact timing and amount of the valuation allowance release are subject to change on the basis of the level of profitability that we are able to actually achieve.

We have acquired and may continue to acquire other businesses or receive offers to be acquired, which could require significant management attention, disrupt our business, or dilute stockholder value.

We have made and may continue in the future to make acquisitions of other companies, products, and technologies. For example, we announced our acquisition of Keybase Inc in May 2020. We have limited experience in acquisitions. We may not be able to find suitable acquisition candidates and we may not be able to complete acquisitions on favorable terms, if at all. If we do complete acquisitions, we may not ultimately strengthen our competitive position or achieve our goals, and any acquisitions we complete could be viewed negatively by users, developers, or investors. In addition, we may not be able to integrate acquired businesses successfully or effectively manage the combined company following an acquisition. If we fail to successfully integrate our acquisitions, or the people or technologies associated with those acquisitions, into our company, the results of operations of the combined company could be adversely affected. Any integration process will require significant time and resources, require significant attention from management and disrupt the ordinary functioning of our business, and we may not be able to manage the process successfully, which could harm our business. In addition, we may not successfully evaluate or utilize the acquired technology and accurately forecast the financial impact of an acquisition transaction, including accounting charges.

We may have to pay cash, incur debt, or issue equity securities to pay for any such acquisition, each of which could affect our financial condition or the value of our capital stock. The sale of equity to finance any such acquisitions could result in dilution to our stockholders. If we incur more debt, it would result in increased fixed

Risks Related to Laws and Regulations

The actual or perceived failure by us, our customers, partners or vendors to comply with stringent and evolving privacy, data protection, and information security laws, regulations, standards, policies, and contractual obligations could harm our reputation and business or subject us to significant fines and liability.

We receive, store, process, generate, use, and share personal information and other customer and user content necessary to provide our service and ensure it is delivered effectively, to operate our business, for legal and marketing purposes, and for other business-related purposes. There are numerous federal, state, local, and international laws and regulations regarding privacy, data protection, information security and the collection, storing, sharing, use, processing, transfer, disclosure, and protection of personal information and other content, the scope of which is changing, subject to differing applications and interpretations and may be inconsistent among countries, or conflict with other rules. We are also subject to the terms of our privacy policies and contractual obligations to third parties related to privacy, data protection, and information security. We strive to comply with applicable laws, certifications, documentation, publications, regulations, standards, policies and other obligations relating to privacy, data protection, and information security to the extent possible. Although we endeavor to comply with applicable laws and our policies, publications, certifications, documentation, and other obligations, we may at times fail to do so or may be perceived to have failed to do so. Moreover, despite our efforts, we may not be successful in achieving compliance if our employees, vendors or business partners do not comply with our policies, certifications, and documentation. Such actual or perceived failures in certain cases have subjected, and can subject, us to potential international, local, state and federal legal or regulatory action, including in the event that our policies, certifications, and documentation are

found or alleged to be inaccurate, incomplete, deceptive, unfair, or misrepresentative of our actual practices. The regulatory framework for privacy and data protection worldwide is, and is likely to remain, uncertain for the foreseeable future, which we expect will increase our compliance costs and exposure to liability, and it is possible that these or other actual or alleged obligations may be interpreted and applied in a manner that is inconsistent from one jurisdiction to another and may conflict with other rules or our practices. Increased usage of our services, novel uses of our services, and additional awareness of Zoom and our brand stemming from the COVID-19 pandemic could make it more difficult for us to comply with our contractual obligations, our policies, our publications, our certifications, our documentation, standards, regulations, and applicable laws related to privacy, data protection, and information security, and has and could result in greater public scrutiny of, press related to, or a negative perception of our privacy, data protection, and information security practices. Any compliance failure, as well as greater public scrutiny of our privacy, data protection, and information security practices, could result in increased governmental and regulatory scrutiny and litigation exposure, as well as material reputational harm, a loss of customer and user confidence and business, additional expenses, and other harm to our business.

For example, in June 2020 we received a grand jury subpoena from the Department of Justice’s U.S. Attorney’s Office for EDNY, which requested information regarding our interactions with foreign governments and foreign political parties, including the Chinese government, as well as information regarding storage of and access to user data, the development and implementation of Zoom’s privacy policies, and the actions we took relating to the Tiananmen commemorations on Zoom. We have since received additional subpoenas from EDNY seeking related information. In July 2020, we received subpoenas from the Department of Justice’s U.S. Attorney’s Office for the NDCA and the SEC. Both subpoenas seek documents and information relating to various security, data protection and privacy matters, including our encryption, and our statements relating thereto, as well as calculation of usage metrics and related public statements. In addition, the NDCA subpoena seeks information relating to any contacts between our employees and representatives of the Chinese government, and any attempted or successful influence by any foreign government in our policies, procedures, practices, and actions as they relate to users in the United States. We are fully cooperating with all of these investigations and have been conducting our own thorough internal investigation. These investigations are ongoing, and we do not know when they will be completed, which facts we will ultimately discover as a result of the investigations, or what actions the government may or may not take. We cannot predict the outcome of these investigations, and a negative outcome in any or all of these matters could cause us to incur substantial fines, penalties, or other financial exposure, as well as material reputational harm, a loss of customer and user confidence and business, additional expenses, and other harm to our business.

We also expect that there will continue to be new or amended laws, regulations, industry standards, guidance and contractual obligations concerning privacy, data protection, and information security proposed and enacted in various jurisdictions. For example, in May 2018, the General Data Protection Regulation (“GDPR”) went into effect in the EU. The GDPR imposes more stringent data protection requirements and requires us and our customers to give more detailed disclosures about how we collect, use and share personal information; contractually commit to data protection measures in our contracts with clients; maintain adequate data security measures; notify regulators and affected individuals of certain data breaches; meet extensive privacy governance and documentation requirements; and honor individuals’ data protection rights, including their rights to access, correct and delete their personal information. The GDPR provides greater penalties for noncompliance than previous data protection laws. Companies that violate the GDPR can face private litigation, restrictions on data processing, and fines of up to the greater of 20 million Euros or 4% of their worldwide annual revenue. Our or our customers’, partners’, or vendors’ failure to comply with the GDPR could lead to significant fines imposed by regulators or restrictions on our ability to process personal information as needed to provide our product and services. We may also be obligated to assist our customers, partners, and vendors with their own compliance obligations under the GDPR, which could require expenditure of significant resources. Assisting our customers, partners, and vendors in complying with the GDPR, or complying with the GDPR ourselves, may cause us to incur substantial operational costs or require us to change our business practices.

Further, the U.K.’s decision to leave the EU, often referred to as Brexit, has created uncertainty in data protection issues involving the U.K. For example, pursuant to a post-Brexit trade deal between the U.K. and the EU, transfers of personal information from the European Economic Area to the U.K. are not considered restricted transfers under the GDPR for a period of up to six months from January 1, 2021. However, unless the EU Commission makes an adequacy finding with respect to the U.K. before the end of that period, the U.K. will be considered a “third country” under the GDPR and transfers of European personal information to the U.K. will require an adequacy mechanism to render such transfers lawful under the GDPR. Additionally, although the U.K. enacted a Data Protection Act in May 2018 that is designed to be consistent with the GDPR, uncertainty remains regarding how data transfers to and from the U.K. will

be regulated notwithstanding Brexit. The effects of Brexit have been and are expected to continue to be far-reaching. Brexit and the perceptions as to its impact may adversely affect business activity and economic conditions globally, and could continue to contribute to instability in global financial markets. Brexit could also have the effect of disrupting the free movement of goods, services, and people between the U.K. and the EU. In addition, Brexit could lead to legal uncertainty and potentially divergent national laws and regulations as the U.K. determines which EU laws to replace or replicate. The full effects of Brexit are uncertain and will remain so until the U.K. and EU reach a definitive resolution with regards to outstanding trade and legal matters. Given these possibilities and others we may not anticipate, as well as the lack of comparable precedent, the full extent to which our business, results of operations, and financial condition could be adversely affected by Brexit is uncertain. .

European data protection laws, including the GDPR, generally restrict the transfer of personal information from Europe, including the European Economic Area, U.K. and Switzerland, to the United States and most other countries unless the parties to the transfer have implemented specific safeguards to protect the transferred personal information. One of the primary safeguards allowing U.S. companies to import personal information from Europe has been certification to the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield frameworks administered by the U.S. Department of Commerce. However, in July 2020, the Court of Justice of the European Union issued a decision invalidating the EU-U.S. Privacy Shield framework. The same decision also raised questions about whether one of the primary alternatives to the EU-U.S. Privacy Shield, namely, the European Commission’s Standard Contractual Clauses, can lawfully be used for personal information transfers from Europe to the United States or most other countries. Similarly, on September 8, 2020, the Swiss Federal Data Protection and Information Commissioner announced that the Swiss-U.S. Privacy Shield Framework is inadequate for personal information transfers from Switzerland to the United States, and also raised questions about the viability of the Standard Contractual Clauses. At present, there are few, if any, viable alternatives to the EU-U.S. Privacy Shield, Swiss-U.S. Privacy Shield, and the Standard Contractual Clauses, all of which are mechanisms on which we have relied for personal information transfers from Europe to the United States and other countries. Authorities in the U.K. may similarly invalidate use of the EU-U.S. Privacy Shield and raise questions on the viability of the Standard Contractual Clauses, as mechanisms for lawful personal information transfers to the United States and other countries. In November 2020, EU regulators proposed a new set of Standard Contractual Clauses (“SCCs”). The new SCCs impose additional obligations and requirements with respect to the transfer of EU personal data to other jurisdictions, which may increase the legal risks and liabilities under the GDPR and local EU laws associated with cross-border data transfers, and result in material increased compliance and operational costs. If we are unable to implement a valid solution for personal information transfers from Europe, we will face increased exposure to regulatory actions, substantial fines, and injunctions against processing or transferring personal information from Europe, and we may be required to increase our data processing capabilities in Europe at significant expense. Inability to import personal information from Europe to the United States or other countries may decrease demand for our products and services as our customers that are subject to the GDPR may seek alternatives that do not involve personal information transfers out of Europe. Our inability to import personal information to the United States and other countries may decrease the functionality or effectiveness of our products and services and adversely impact our marketing efforts, plans and activities. We expect EU regulators to aggressively enforce EU laws prohibiting data transfers to the U.S. and other countries without a legally sound transfer mechanism, and it possible that EU regulators could prevent Zoom from transferring any personal data out of the EU to certain countries like the U.S.

Additionally, other countries outside of Europe have enacted or are considering enacting similar cross-border data transfer restrictions and laws requiring local data residency and restricting cross-border data transfer, which could increase the cost and complexity of delivering our services and operating our business. For example, Brazil recently enacted the General Data Protection Law (Lei Geral de Proteção de Dados Pessoais or LGPD) (Law No. 13,709/2018), which broadly regulates the processing of personal information and imposes compliance obligations and penalties comparable to those of the GDPR.

States have also begun to introduce more comprehensive privacy legislation. For example, the California Consumer Privacy Act of 2018 (“CCPA”), which went into effect on January 1, 2020, affords consumers expanded privacy protections. The CCPA gives California residents, among other things, expanded rights to access and require deletion of their personal information, opt out of certain personal information sharing, and receive detailed information about how their personal information is used. The CCPA also provides for civil penalties for violations, as well as a private right of action for data breaches that may increase data breach litigation. The CCPA will be expanded substantially on January 1, 2023 when the California Privacy Rights Act of 2020 (the “CPRA”), which was approved by California voters in November 2020, becomes fully operative. The CPRA will, among other things, give consumers the ability

to limit use of information deemed to be sensitive, increase the maximum penalties for violations concerning consumers under age 16, establish the California Privacy Protection Agency to implement and enforce the new law, and impose administrative fines. Aspects of the CCPA and CPRA and their interpretation and enforcement remain uncertain. The potential effects of the CCPA and CPRA are far-reaching and may require us to modify our data processing practices and policies and to incur substantial costs and expenses in an effort to comply.

The CCPA could mark the beginning of a trend toward more stringent privacy legislation in the United States, as other states may follow California’s lead and increase protections for their residents. The CCPA has already prompted a number of proposals for new federal and state privacy legislation that, if passed, could increase our potential liability, increase our compliance costs and adversely affect our business. In addition, effective October 1, 2019, Nevada amended its existing Security of Personal Information Law (“SPI Law”) to now require, among other things, that businesses provide an online mechanism or toll-free phone number to intake requests from consumers to opt out of the sale of their personal data.

The Children’s Online Privacy Protection Act (“COPPA”) is a U.S. Federal law that applies to operators of commercial websites and online services directed to U.S. children under the age of 13 that collect personal information from children, and to operators of general audience websites with actual knowledge that they are collecting personal information from U.S. children under the age of 13. We provide video communications services to schools, school districts, and school systems to support traditional, virtual, and hybrid classrooms, distance learning, educational office hours, guest lectures, and other services. As part of these services, Zoom may be used by students, including students under the age of 13, and we collect personal information from such students on behalf of our school subscribers. School subscribers must contractually consent to Zoom’s information practices on behalf of students, prior to students using the services. In addition, the GDPR prohibits certain processing of the personal information of children under the age of 13-16 (depending on the country) without parental consent. The CCPA requires companies to obtain the consent of children in California under 16 (or parental consent for children under 13) before selling their personal information. COPPA is subject to interpretation by courts and other governmental authorities, including the FTC, and the FTC is authorized to promulgate, and has promulgated, revisions to regulations implementing provisions of COPPA. Although we strive to ensure that our platform and applications are compliant with applicable provisions of COPPA, HIPAA, GDPR, and CCPA, these provisions may be modified, interpreted, or applied in new manners that we may be unable to anticipate or prepare for appropriately, and we may incur substantial costs or expenses in attempting to modify our systems, platform, applications, or other technology to address changes in COPPA, HIPAA, GDPR, and CCPA, or interpretations thereof. If we fail to accurately anticipate the application, interpretation, or legislative expansion of COPPA, HIPAA, GDPR, and CCPA, we could be subject to governmental enforcement actions, data processing restrictions, litigation, fines and penalties, adverse publicity or loss of customers. Moreover, as a result of any such failures, we could be in breach of our K-12 school customer contracts, and our customers could lose trust in us, which could harm our reputation and business.

With laws and regulations, such as the GDPR in the EU as well as the CCPA, SPI Law, HIPAA, and COPPA in the United States imposing relatively burdensome obligations, and with substantial uncertainty over the interpretation and application of these and other laws and regulations, we have faced and may face additional challenges in addressing their requirements and making necessary changes to our policies and practices, and may incur significant costs and expenses in an effort to do so, any of which could materially adversely affect our business and operating results. Additional uses of our services arising out of increased demand associated with the COVID-19 pandemic may require us to address additional privacy, data protection, and information security laws, regulations, standards, policies, and contractual obligations. Any failure or perceived failure by us to comply with such laws, regulations, standards, policies, and contractual obligations, or our privacy policies, publications, certifications, or documentation have led and could lead to governmental investigations or enforcement actions (including investigations or actions by state attorneys general, federal regulators, and international regulators), litigation (including class action litigation), claims, or public statements against us by consumer advocacy groups or others, and could result in significant liability, fines or penalties, or cause our users to lose trust in us, which could have an adverse effect on our reputation and business.

We have in the past and may in the future receive inquiries or be subject to investigations by domestic and international government entities regarding, among other things, our privacy, data protection, and information security practices. The result of these proceedings could impact our brand reputation, subject us to monetary remedies and costs, interrupt or require us to change our business practices, divert resources and the attention of management from our business, or subject us to other remedies that adversely affect our business. We also face litigation regarding our privacy and security practices, including alleged data sharing with third parties, in various jurisdictions. See Part II, Item 1 “Legal Proceedings” of our Quarterly Report on Form 10-Q for the quarter ended October 31, 2020 for additional information.

We also have been the subject of an investigation by the FTC relating to our privacy and security representations and practices. We have reached a proposed settlement agreement with the FTC staff, which remains subject to a final vote by the FTC. See Part II, Item 1 “Legal Proceedings” of our Quarterly Report on Form-10-Q for the quarter ended October 31, 2020 for additional information. We could fail or be perceived to fail to comply with the terms of the proposed settlement with the FTC or any other orders or settlements relating to litigation or governmental investigations with respect to our privacy and security practices. Any failure or perceived failure to comply with such orders or settlements may increase the possibility of additional adverse consequences, including litigation, additional regulatory actions, injunctions, or monetary penalties, or require further changes to our business practices, significant management time, or the diversion of significant operational resources. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations, policies, and other obligations that are applicable to the businesses of our users may limit the adoption and use of, and reduce the overall demand for, our platform and services, which could have an adverse impact on our business.

Additionally, we rely on the administrators of our customers in the healthcare and education industries to obtain the necessary consents from users of our products and services and to ensure their account settings are configured correctly for their compliance under applicable laws and regulations, including HIPAA. Furthermore, if third parties we work with, such as vendors or developers, make misrepresentations, violate applicable laws and regulations, or our policies, such misrepresentations and violations may also put our users’ content at risk and could in turn have an adverse effect on our business. Any significant change to applicable laws, regulations, or industry practices regarding the collection, use, retention, security, or disclosure of our users’ content, or regarding the manner in which the express or implied consent of users for the collection, use, retention, or disclosure of such content is obtained, could increase our costs and require us to modify our services and features, possibly in a material manner, which we may be unable to complete and may limit our ability to store and process user data or provide or develop new services and features.

Increased usage of our services and additional awareness of Zoom and our brand stemming from the COVID-19 pandemic has led to greater public scrutiny of, press related to, or a negative perception of our collection, use, storage, disclosure, and processing of personal information, and our privacy policies and practices. For example, users and customers, particularly those that are new to Zoom, may not have significant IT or security knowledge or have their own IT controls like those of a larger organization to configure our service in a manner that provides them with control over user settings. This has resulted in reports of users and customers experiencing meeting disruptions by malicious actors. Additional unfavorable publicity and scrutiny has led to increased governmental and regulatory scrutiny and litigation exposure, and could result in material reputational harm, a loss of customer and user confidence, additional expenses and other harm to our business.

Changes in government trade policies, including the imposition of tariffs and export restrictions, could limit our ability to sell our products to certain customers, which may materially adversely affect our sales and results of operations.

The U.S. or foreign governments may take administrative, legislative, or regulatory action that could materially interfere with our ability to sell products in certain countries. For example, while we stopped selling our products directly in China during the six months ended July 31, 2020, the current U.S. Administration has threatened tougher trade terms with China and other countries, leading to the imposition, or announcement of future imposition, of substantially higher U.S. Section 301 tariffs on roughly $500 billion of imports from China. In response, China imposed and proposed new or higher tariffs on U.S. products. The direct and indirect effects of tariffs and other restrictive trade policies are difficult to measure and are only one part of a larger U.S./China economic and trade policy disagreement. The effects of the recently imposed and proposed tariffs are uncertain because of the dynamic nature of governmental action and responses. Sustained uncertainty about, or worsening of, current global economic conditions and further escalation of trade tensions between the United States and its trading partners, especially China, could result in a global economic slowdown and long-term changes to global trade, including retaliatory trade restrictions that restrict our ability to operate in China. We cannot predict what actions may ultimately be taken with respect to tariffs or trade relations between the United States and China or other countries, what products may be subject to such actions, or what actions may be taken by the other countries in retaliation. Any further deterioration in the relations between the United States and China could exacerbate these actions and other governmental intervention. For example, the implementation of China’s national-security law in Hong Kong has created additional U.S.-China tensions and

could potentially increase the risks associated with the business and operations of U.S.-based technology companies in China. Any alterations to our business strategy or operations made in order to adapt to or comply with any such changes would be time-consuming and expensive, and certain of our competitors may be better suited to withstand or react to these changes.

Further, in May 2019, President Trump issued an executive order that invoked national emergency economic powers to implement a framework to regulate the acquisition or transfer of information communications technology in transactions that imposed undue national security risks. The executive order is subject to implementation by the Secretary of Commerce and applies to contracts entered into prior to the effective date of the order. In addition, the U.S. Commerce Department has implemented additional restrictions and may implement further restrictions that would affect conducting business with certain Chinese companies. Due to the uncertainty regarding the timing, content, and extent of any such changes in policy, we cannot assure you that we will successfully mitigate any negative impact. Depending upon their duration and implementation, these tariffs, the executive order and its implementation, and other regulatory actions could materially affect our business, including in the form of increased cost of revenue, decreased margins, increased pricing for customers, and reduced sales.

Our results of operations may be harmed if we are required to collect sales or other related taxes for our subscription services in jurisdictions where we have not historically done so.

We collect sales tax in a number of jurisdictions. One or more states or countries may seek to impose incremental or new sales, use, or other tax collection obligations on us. A successful assertion by a state, country, or other jurisdiction that we should have been or should be collecting additional sales, use, or other taxes could, among other things, result in substantial tax payments, create significant administrative burdens for us, discourage potential customers from subscribing to our platform due to the incremental cost of any such sales or other related taxes, or otherwise harm our business.

We may be subject to liabilities on past sales for taxes, surcharges, and fees.

We currently collect and remit applicable sales tax in jurisdictions where we, through our employees, have a presence and where we have determined, based on legal precedents in the jurisdiction, that sales of our platform are classified as taxable. We do not currently collect and remit other state and local excise, utility user and ad valorem taxes, fees, or surcharges that may apply to our customers and hosts. We believe that we are not otherwise subject to, or required to collect, any additional taxes, fees, or surcharges imposed by state and local jurisdictions because we do not have a sufficient physical presence or “nexus” in the relevant taxing jurisdiction or such taxes, fees, or surcharges do not apply to sales of our platform in the relevant taxing jurisdiction. However, there is uncertainty as to what constitutes sufficient physical presence or nexus for a state or local jurisdiction to levy taxes, fees, and surcharges for sales made over the internet, and there is also uncertainty as to whether our characterization of our platform as not taxable in certain jurisdictions will be accepted by state and local taxing authorities. Additionally, we have not historically collected value-added tax (“VAT”) or goods and services tax (“GST”) on sales of our platform because we make all of our sales through our office in the United States, and we believe, based on information provided to us by our customers, that most of our sales are made to business customers.

Taxing authorities may challenge our position that we do not have sufficient nexus in a taxing jurisdiction or that our platform is not taxable in the jurisdiction and may decide to audit our business and operations with respect to sales, use, telecommunications, VAT, GST, and other taxes, which could result in increased tax liabilities for us or our customers and hosts, which could harm our business.

The application of indirect taxes (such as sales and use tax, VAT, GST, business tax, and gross receipts tax) to businesses that transact online, such as ours, is a complex and evolving area. Following the recent U.S. Supreme Court decision in South Dakota v. Wayfair, Inc., states are now free to levy taxes on sales of goods and services based on an “economic nexus,” regardless of whether the seller has a physical presence in the state. As a result, it may be necessary to reevaluate whether our activities give rise to sales, use, and other indirect taxes as a result of any nexus in those states in which we are not currently registered to collect and remit taxes. Additionally, we may need to assess our potential tax collection and remittance liabilities based on existing economic nexus laws’ dollar and transaction thresholds. We continue to analyze our exposure for such taxes and liabilities and have accrued $53.8 million and $34.0 million as of October 31, 2020, and January 31, 2020, respectively, for loss contingencies resulting from these potential taxes and liabilities. The application of existing, new, or future laws, whether in the United States or internationally, could harm our business. There have been, and will continue to be, substantial ongoing costs associated with complying with the various indirect tax requirements in the numerous markets in which we conduct or will conduct business.

We are subject to governmental export and import controls that could impair our ability to compete in international markets due to licensing requirements and subject us to liability if we are not in compliance with applicable laws.

Our platform and associated products are subject to various restrictions under U.S. export control and sanctions laws and regulations, including the U.S. Department of Commerce’s Export Administration Regulations (“EAR”) and various economic and trade sanctions regulations administered by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”). The U.S. export control laws and U.S. economic sanctions laws include restrictions or prohibitions on the sale or supply of certain products and services to U.S.-embargoed or U.S.-sanctioned countries, governments, persons, and entities, and also require authorization for the export of certain encryption items. In addition, various countries regulate the import of certain encryption technology, including through import permitting and licensing requirements and have enacted or could enact laws that could limit our ability to distribute our platform or could limit our hosts’ ability to implement our platform in those countries.

Although we have taken precautions to prevent our platform and associated products from being accessed or used in violation of such laws, we have inadvertently allowed our platform and associated products to be accessed or used by some customers in apparent violation of U.S. economic sanction laws. In addition, we may have inadvertently made our software products available to some customers, including users in embargoed or sanctioned countries, in apparent violation of the EAR. As a result, we submitted initial and final voluntary self-disclosures concerning potential violations of U.S. sanctions and export control laws and regulations to OFAC and the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”).

In June 2019, OFAC and BIS issued us warning letters as their final enforcement responses to these potential violations, but no fines or penalties were assessed. If we are found to be in violation of U.S. economic sanctions or export control laws in the future, it could result in fines and penalties. We may also be adversely affected through other penalties, reputational harm, loss of access to certain markets, or otherwise. While we are working to implement additional controls designed to prevent similar activity from occurring in the future, these controls may not be fully effective.

Changes in our platform, or changes in export, sanctions, and import laws, may delay the introduction and sale of subscriptions to our platform in international markets; prevent our customers with international operations from using our platform; or, in some cases, prevent the access or use of our platform to and from certain countries, governments, persons, or entities altogether. Further, any change in export or import regulations, economic sanctions or related laws, shift in the enforcement or scope of existing regulations or change in the countries, governments, persons, or technologies targeted by such regulations could result in decreased use of our platform or in our decreased ability to export or sell our platform to existing or potential customers with international operations. Any decreased use of our platform or limitation on our ability to export or sell our platform would likely harm our business.

We may be subject to, or assist law enforcement with enforcement of, a variety of U.S. and international laws that could result in claims, increase the cost of operations or otherwise harm our business due to changes in the laws, changes in the interpretations of the laws, greater enforcement of the laws, or investigations into compliance with the laws.

We may be subject to, or assist law enforcement with enforcement of, various laws, including those covering copyright, indecent content, child protection, consumer protection, telecommunications services, taxation, and similar matters. It may be difficult, expensive and disruptive for us to address law enforcement requests, subpoenas and other legal process, and laws in various jurisdictions may conflict and hamper our ability to satisfy or comply with such requests, subpoenas and other legal process. There have been instances where improper or illegal content has been shared on our platform without our knowledge. As a service provider and as a matter of policy, we do not monitor user meetings. However, to ensure user safety and prevent conduct that is illegal, violent or harmful to others, we enforce our terms of service through use of a mix of tools that suggest when such activity may be occurring on our platform. We also recently created an in-product security feature that allows the host or co-host of a meeting to easily select a meeting participant that may be engaging in illegal or harmful behavior and send a report about that behavior to our trust and safety team for evaluation. Our trust and safety team may take further action as appropriate, including suspension or termination of the participant’s account or referral to law enforcement. While to date we have not been subject to material legal or administrative actions as a result of improper or illegal content, the laws in this area are currently in a state of flux and vary widely between jurisdictions. Accordingly, it may be possible that in the future

we and our competitors may be subject to legal actions along with the users who shared such content. In addition, regardless of any legal liability we may face, our reputation could be harmed should there be an incident generating extensive negative publicity about the content shared on our platform. Such publicity would harm our business.

We are also subject to consumer protection laws that may affect our sales and marketing efforts, including laws related to subscriptions, billing, and auto-renewal. These laws, as well as any changes in these laws, could adversely affect our self-serve model and make it more difficult for us to retain and upgrade customers and attract new customers and hosts. Additionally, we have in the past, are currently, and may from time to time in the future become the subject of inquiries and other actions by regulatory authorities as a result of our business practices, including our subscription, billing, and auto-renewal policies. Consumer protection laws may be interpreted or applied by regulatory authorities in a manner that could require us to make changes to our operations or incur fines, penalties, or settlement expenses, which may result in harm to our business.

Our platform depends on the ability of our customers, hosts, and users to access the internet, and our platform has been blocked or restricted in some countries for various reasons. If we fail to anticipate developments in the law, or fail for any reason to comply with relevant law, our platform could be further blocked or restricted, and we could be exposed to significant liability that could harm our business.

We are also subject to various U.S. and international anti-corruption laws, such as the U.S. Foreign Corrupt Practices Act of 1977, amended, and the U.K. Bribery Act 2010, as well as other similar anti-bribery and anti-kickback laws and regulations. These laws and regulations generally prohibit companies and their employees and intermediaries from authorizing, offering, or providing improper payments or benefits to government officials and other recipients for improper purposes. Although we take precautions to prevent violations of these laws, our exposure for violating these laws increases as we continue to expand our international presence, and any failure to comply with such laws could harm our business.

Zoom Phone is subject to U.S. federal and international regulation, and other products we may introduce in the future may also be subject to U.S. federal, state, or international laws, rules, and regulations. Any failure to comply with such laws, rules, and regulations could harm our business and expose us to liability.

Federal Regulation

Zoom Phone is provided through our wholly owned subsidiary, Zoom Voice Communications, Inc., which is regulated by the FCC as an interconnected voice over internet protocol (“VoIP”) service provider. As a result, Zoom Phone is subject to existing or potential FCC regulations, including, but not limited to, regulations relating to privacy, disability access, porting of numbers, federal Universal Service Fund (“USF”), contributions and other regulatory assessments, emergency calling/Enhanced 911 (“E-911”), access charges for long distance services, and law enforcement access. Congress or the FCC may expand the scope of Zoom Phone’s regulatory obligations at any time. In addition, FCC classification of Zoom Phone as a common carrier or telecommunications service could result in additional federal and state regulatory obligations. If we do not comply with any current or future state regulations that apply to our business, we could be subject to substantial fines and penalties, we may have to restructure our product offerings, exit certain markets, or raise the price of our products, any of which could ultimately harm our business and results of operations. Any enforcement action by the FCC, which may be a public process, would hurt our reputation in the industry, possibly impair our ability to sell Zoom Phone to our customers and harm our business.

Changes in FCC regulation of the internet and internet-based services also could impose new regulatory obligations on our other services. On October 27, 2020, the FCC adopted an order concluding that three issues remanded by the U.S. Court of Appeals following the appeal of its 2018 decision to eliminate its network neutrality rules did not provide a basis to alter its conclusions in that order. This new order could be subject to petitions for reconsideration or court appeals. Democratic control of the Executive Branch, Congress, and the FCC following the 2020 elections increases the likelihood of legislative or FCC action to reverse the 2018 decision or adopt new network neutrality rules. Such action could result in extension of common carrier regulation to internet-based communications services like the ones we offer. The imposition of common carrier regulation would increase our costs, and we could be required to modify our service offerings to comply with regulatory requirements. The failure to comply with such regulation could result in substantial fines and penalties and other sanctions.

The FCC is considering a petition, filed by the Trump Administration, to adopt rules interpreting Section 230 of the federal Communications Act, which limits the liability of internet platforms for third-party content that is transmitted via those platforms and for good-faith moderation of offensive content. No date has been set for a vote on that proposal

and the FCC has not released any document describing the rules that would be proposed. The Democratic members of the FCC have indicated that they are opposed to the petition and after the Presidential inauguration will control the agenda of the FCC. If the FCC adopts rules, the scope of the protection offered by Section 230 could be narrowed considerably. This would increase the risks faced by internet-based businesses, like Zoom, that rely on third-party content. There is no schedule for action by the FCC on the petition.

State Regulation

State telecommunications regulation of Zoom Phone is generally preempted by the FCC. However, states are allowed to assess state USF contributions, E-911 fees, and other surcharges. A number of states require us to contribute to state USF and pay E-911 and other assessments and surcharges, while others are actively considering extending their programs to include the products we offer. We generally pass USF, E-911 fees, and other surcharges through to our customers where we are permitted to do so, which may result in our products becoming more expensive. We expect that state public utility commissions will continue their attempts to apply state telecommunications regulations to services like Zoom Phone. If we do not comply with any current or future state regulations that apply to our business, we could be subject to substantial fines and penalties, we may have to restructure our product offerings, exit certain markets, or raise the price of our products, any of which could harm our business.

International Regulation

As we expand internationally, we may be subject to telecommunications, consumer protection, privacy, data protection, and other laws and regulations in the foreign countries where we offer our products. If we do not comply with any current or future international regulations that apply to our business, we could be subject to substantial fines and penalties, we may have to restructure our product offerings, exit certain markets, or raise the price of our products, any of which could harm our business.

Risks Related to Our Intellectual Property

We are currently, and may be in the future, party to intellectual property rights claims and other litigation matters, which, if resolved adversely, could harm our business.

We protect our intellectual property through patents, copyrights, trademarks, domain names, and trade secrets and, from time to time, are subject to litigation based on allegations of infringement, misappropriation, or other violations of intellectual property or other rights. Some companies, including some of our competitors, own large numbers of patents, copyrights, and trademarks, which they may use to assert claims against us. As we face increasing competition and gain an increasingly high profile, the possibility of intellectual property rights claims, commercial claims, and other assertions against us grows. We have in the past been, are currently, and may from time to time in the future become, a party to litigation and disputes related to our intellectual property, our business practices, and our platform. While we intend to defend these lawsuits vigorously and believe that we have valid defenses to these claims, litigation can be costly and time consuming, divert the attention of our management and key personnel from our business operations and dissuade potential customers from subscribing to our services, which would harm our business. Furthermore, with respect to these lawsuits, there can be no assurances that favorable outcomes will be obtained. We may need to settle litigation and disputes on terms that are unfavorable to us, or we may be subject to an unfavorable judgment that may not be reversible upon appeal. The terms of any settlement or judgment may require us to cease some or all of our operations or pay substantial amounts to the other party. In addition, our agreements with certain larger customers include certain provisions for indemnifying them against liabilities if our services infringe a third party’s intellectual property rights, which could require us to make payments to our customers. During the course of any litigation or dispute, we may make announcements regarding the results of hearings and motions and other interim developments. If securities analysts and investors regard these announcements as negative, the market price of our Class A common stock may decline. With respect to any intellectual property rights claim, we may have to seek a license to continue practices found to be in violation of third-party rights, which may not be available on reasonable terms and may significantly increase our operating expenses. A license to continue such practices may not be available to us at all, and we may be required to develop alternative non-infringing technology or practices or discontinue the practices. The development of alternative, non-infringing technology or practices could require significant effort and expense. Our business could be harmed as a result.

Our failure to protect our intellectual property rights and proprietary information could diminish our brand and other intangible assets.

We primarily rely and expect to continue to rely on a combination of patent, patent licenses, trade secret and domain name protection, trademark and copyright laws, as well as confidentiality and license agreements with our employees, consultants, and third parties, to protect our intellectual property and proprietary rights. We make business decisions about when to seek patent protection for a particular technology and when to rely upon copyright or trade secret protection, and the approach we select may ultimately prove to be inadequate. Even in cases where we seek patent protection, there is no assurance that the resulting patents will effectively protect every significant feature of our products. In addition, we believe that the protection of our trademark rights is an important factor in product recognition, protecting our brand and maintaining goodwill. If we do not adequately protect our rights in our trademarks from infringement and unauthorized use, any goodwill that we have developed in those trademarks could be lost or impaired, which could harm our brand and our business. Third parties may knowingly or unknowingly infringe our proprietary rights; third parties may challenge our proprietary right; pending and future patent, trademark, and copyright applications may not be approved; and we may not be able to prevent infringement without incurring substantial expense. We have also devoted substantial resources to the development of our proprietary technologies and related processes. In order to protect our proprietary technologies and processes, we rely in part on trade secret laws and confidentiality agreements with our employees, consultants, and third parties. These agreements may not effectively prevent disclosure of confidential information and may not provide an adequate remedy in the event of unauthorized disclosure of confidential information. In addition, others may independently discover our trade secrets, in which case we would not be able to assert trade secret rights, or develop similar technologies and processes. Further, the laws of certain foreign countries do not provide the same level of protection of corporate proprietary information and assets such as intellectual property, trademarks, trade secrets, know-how, and records, as the laws of the United States. For instance, the legal systems of certain countries, particularly certain developing countries, do not favor the enforcement of patents and other intellectual property protection. As a result, we may encounter significant problems in protecting and defending our intellectual property or proprietary rights abroad. Additionally, we may also be exposed to material risks of theft or unauthorized reverse engineering of our proprietary information and other intellectual property, including technical data, manufacturing processes, data sets, or other sensitive information. Our efforts to enforce our intellectual property rights in such foreign countries may be inadequate to obtain a significant commercial advantage from the intellectual property that we develop, which could have a material adverse effect on our business, financial condition, and results of operations. Costly and time-consuming litigation could be necessary to enforce and determine the scope of our proprietary rights. If the protection of our proprietary rights is inadequate to prevent use or appropriation by third parties, the value of our platform, brand, and other intangible assets may be diminished, and competitors may be able to more effectively replicate our platform and its features. Any of these events would harm our business.

Our use of third-party open source software could negatively affect our ability to offer and sell subscriptions to our platform and subject us to possible litigation.

We have incorporated, and may in the future incorporate, third-party open source software in our technologies. Open source software is generally licensed by its authors or other third parties under open source licenses. From time to time, companies that use third-party open source software have faced claims challenging the use of such open source software and requesting compliance with the open source software license terms. Accordingly, we may be subject to suits by parties claiming ownership of what we believe to be open source software or claiming non-compliance with the applicable open source licensing terms. Some open source software licenses require end-users who use, distribute or make available across a network software and services that include open source software to offer aspects of the technology that incorporates the open source software for no cost. We may also be required to make publicly available source code (which in some circumstances could include valuable proprietary code) for modifications or derivative works we create based upon incorporating or using the open source software and/or to license such modifications or derivative works under the terms of the particular open source license. Additionally, if a third-party software provider has incorporated open source software into software that we license from such provider, we could be required to disclose any of our source code that incorporates or is a modification of our licensed software. While we use tools designed to help us monitor and comply with the licenses of third-party open source software and protect our valuable proprietary source code, we may inadvertently use third-party open source software in a manner that exposes us to claims of non-compliance with the terms of their licenses, including claims of intellectual property rights infringement or for breach of contract. Furthermore, there exists today an increasing number of types of open source software licenses, almost none of which have been tested in courts of law to provide guidance of their proper legal

interpretations. If we were to receive a claim of non-compliance with the terms of any of these open source licenses, we may be required to publicly release certain portions of our proprietary source code. We could also be required to expend substantial time and resources to re-engineer some of our software. Any of the foregoing could disrupt and harm our business.

In addition, the use of third-party open source software typically exposes us to greater risks than the use of third-party commercial software because open source licensors generally do not provide warranties or controls on the functionality or origin of the software. Use of open source software may also present additional security risks because the public availability of such software may make it easier for hackers and other third parties to determine how to compromise our platform. Any of the foregoing could harm our business and could help our competitors develop products and services that are similar to or better than ours.

Risks Related to Ownership of Our Class A Common Stock

The trading price of our Class A common stock may be volatile, and you could lose all or part of your investment.

The trading price of our Class A common stock has been and will likely continue to be volatile and could be subject to fluctuations in response to various factors, some of which are beyond our control. For example, in connection with the COVID-19 pandemic, we have experienced an increase in the usage of our video-first communications platform, and as a result, the trading price of our Class A common stock has significantly increased, while at the same time, the broader market has experienced significant declines and volatility. There are no assurances that the trading price of our Class A common stock will continue at this level for any period of time. Moreover, the trading price of our Class A common stock could experience a significant decrease once the scope and impact of the COVID-19 pandemic is better understood. These fluctuations could cause you to lose all or part of your investment in our Class A common stock. Factors that could cause fluctuations in the trading price of our Class A common stock include the following:

In addition, in the past, following periods of volatility in the overall market and in the market price of a particular company’s securities, securities class action litigation has often been instituted against these companies. For example, in April and June 2020, we and certain of our officers and directors were sued in putative class action lawsuits and purported shareholder derivative lawsuits alleging violations of the federal securities laws for allegedly making materially false and misleading statements about our data privacy and security measures. We may be the target of additional litigation of this type in the future. Securities litigation against us could result in substantial costs and divert our management’s time and attention from other business concerns, which could harm our business. We may be the target of additional litigation of this type in the future as well. Securities litigation against us could result in substantial costs and a diversion of our management’s attention and resources.

The dual class structure of our common stock as contained in our amended and restated certificate of incorporation has the effect of concentrating voting control with those stockholders who held our stock prior to our initial public offering, including our executive officers, employees, and directors and their affiliates, limiting your ability to influence corporate matters.

Our Class B common stock has 10 votes per share and our Class A common stock has one vote per share. As of October 31, 2020, the holders of our outstanding Class B common stock held 81.6% of the voting power of our outstanding capital stock, with our directors, executive officers and 5% stockholders and their respective affiliates holding 73.7% of such voting power in the aggregate. As of October 31, 2020, our founder, President and Chief Executive Officer, Eric S. Yuan, together with his affiliates, held approximately 15.1% of our outstanding capital stock but controlled approximately 40.2% of the voting power of our outstanding capital stock. Therefore, these holders have significant influence over our management and affairs and over all matters requiring stockholder approval, including election of directors and significant corporate transactions, such as a merger or other sale of Zoom or our assets, for the foreseeable future. Each share of Class B common stock will be automatically converted into one share of Class A common stock upon the earliest of (i) the date that is six months following the death or incapacity of Mr. Yuan, (ii) the date that is six months following the date that Mr. Yuan is no longer providing services to us or his employment is terminated for cause, (iii) the date specified by the holders of a majority of the then outstanding shares of Class B common stock, voting as a separate class, and (iv) the 15-year anniversary of the closing of our initial public offering.

In addition, the holders of Class B common stock collectively will continue to be able to control all matters submitted to our stockholders for approval even if their stock holdings represent less than a majority of the outstanding shares of our common stock. This concentrated control will limit your ability to influence corporate matters for the foreseeable future, and, as a result, the market price of our Class A common stock could be adversely affected.

Future transfers by holders of Class B common stock will generally result in those shares converting to Class A common stock, which will have the effect, over time, of increasing the relative voting power of those holders of Class B common stock who retain their shares in the long term. If, for example, Mr. Yuan retains a significant portion of his holdings of Class B common stock for an extended period of time, he could, in the future, control a majority of the combined voting power of our Class A and Class B common stock. As a board member, Mr. Yuan owes a fiduciary duty to our stockholders and must act in good faith in a manner he reasonably believes to be in the best interests of our stockholders. As a stockholder, even a controlling stockholder, Mr. Yuan is entitled to vote his shares in his own interests, which may not always be in the interests of our stockholders generally.

In addition, in July 2017, FTSE Russell and Standard & Poor’s announced that they would cease to allow most newly public companies utilizing dual- or multi-class capital structures to be included in their indices. Affected indices

include the Russell 2000 and the S&P 500, S&P MidCap 400, and S&P SmallCap 600, which together make up the S&P Composite 1500. Under the announced policies, our dual-class capital structure would make us ineligible for inclusion in any of these indices, and as a result, mutual funds, exchange-traded funds, and other investment vehicles that attempt to passively track these indices will not be investing in our stock. These policies are new, and it is as of yet unclear what effect, if any, they will have on the valuations of publicly traded companies excluded from the indices, but it is possible that they may depress these valuations or depress our trading volume compared to those of other similar companies that are included.

Future sales and issuances of our capital stock or rights to purchase capital stock could result in additional dilution of the percentage ownership of our stockholders and could cause our stock price to decline.

Future sales and issuances of our capital stock or rights to purchase our capital stock could result in substantial dilution to our existing stockholders. We may sell Class A common stock, convertible securities, and other equity securities in one or more transactions at prices and in a manner as we may determine from time to time. If we sell any such securities in subsequent transactions, investors may be materially diluted. New investors in such subsequent transactions could gain rights, preferences, and privileges senior to those of holders of our Class A common stock.

Substantial future sales of shares of our Class A common stock and Class B common stock could cause the market price of our Class A common stock to decline.

Sales of a substantial number of shares of our Class A common stock and Class B common stock (after automatically converting to Class A common stock) in the public market, or the perception that these sales might occur, could depress the market price of our Class A common stock.

In addition, certain of our stockholders have registration rights that would require us to register shares owned by them for public sale in the United States. We have also filed a registration statement to register shares reserved for future issuance under our equity compensation plans. As a result, subject to the satisfaction of applicable exercise periods and applicable volume and restrictions that apply to affiliates, the shares issued upon exercise of outstanding stock options or upon settlement of outstanding RSU awards are available for immediate resale in the United States in the open market.

Sales of our shares could also impair our ability to raise capital through the sale of additional equity securities in the future and at a price we deem appropriate. These sales could also cause the trading price of our Class A common stock to fall and make it more difficult for you to sell shares of our Class A common stock.

Provisions in our corporate charter documents and under Delaware law may prevent or frustrate attempts by our stockholders to change our management or hinder efforts to acquire a controlling interest in us, and the market price of our Class A common stock may be lower as a result.

There are provisions in our certificate of incorporation and bylaws that may make it difficult for a third party to acquire, or attempt to acquire, control of Zoom, even if a change in control was considered favorable by our stockholders.

Our charter documents also contain other provisions that could have an anti-takeover effect, such as:

Moreover, because we are incorporated in Delaware, we are governed by the provisions of Section 203 of the Delaware General Corporation Law, which prohibit a person who owns 15% or more of our outstanding voting stock from merging or combining with us for a period of three years after the date of the transaction in which the person acquired in excess of 15% of our outstanding voting stock, unless the merger or combination is approved in a prescribed manner. Any provision in our certificate of incorporation or our bylaws or Delaware law that has the effect of delaying or deterring a change in control could limit the opportunity for our stockholders to receive a premium for their shares of our Class A common stock and could also affect the price that some investors are willing to pay for our Class A common stock.

Our amended and restated certificate of incorporation designates the Court of Chancery of the State of Delaware and the federal district courts of the United States of America as the exclusive forums for certain disputes between us and our stockholders, which could limit our stockholders’ ability to choose the judicial forum for disputes with us or our directors, officers, or employees.

Our amended and restated certificate of incorporation provides that, unless we consent in writing to the selection of an alternative forum, the sole and exclusive forum for the following types of actions or proceedings under Delaware statutory or common law: (i) any derivative action or proceeding brought on our behalf; (ii) any action asserting a claim of breach of a fiduciary duty owed by any of our directors, officers, or other employees to us or our stockholders; (iii) any action arising pursuant to any provision of the Delaware General Corporation Law, or the certificate of incorporation or the amended and restated bylaws; or (iv) any other action asserting a claim that is governed by the internal affairs doctrine shall be the Court of Chancery of the State of Delaware (or, if the Court of Chancery does not have jurisdiction, the federal district court for the District of Delaware), in all cases subject to the court having jurisdiction over indispensable parties named as defendants. This provision would not apply to suits brought to enforce a duty or liability created by the Exchange Act. Furthermore, Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all such Securities Act actions. Accordingly, both state and federal courts have jurisdiction to entertain such claims. To prevent having to litigate claims in multiple jurisdictions and the threat of inconsistent or contrary rulings by different courts, among other considerations, our amended and restated certificate of incorporation provides that the federal district courts of the United States of America will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act. While the Delaware courts have determined that such choice of forum provisions are facially valid, a stockholder may nevertheless seek to bring a claim in a venue other than those designated in the exclusive forum provisions. In such instance, we would expect to vigorously assert the validity and enforceability of the exclusive forum provisions of our amended and restated certificate of incorporation. This may require significant additional costs associated with resolving such action in other jurisdictions and there can be no assurance that the provisions will be enforced by a court in those other jurisdictions.

Any person or entity purchasing or otherwise acquiring any interest in any of our securities shall be deemed to have notice of and consented to these provisions. These exclusive-forum provisions may limit a stockholder’s ability to bring a claim in a judicial forum of its choosing for disputes with us or our directors, officers, or other employees, which may discourage lawsuits against us and our directors, officers and other employees. If a court were to find either exclusive-forum provision in our amended and restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur further significant additional costs associated with resolving the dispute in other jurisdictions, all of which could harm our results of operations.

We do not intend to pay dividends for the foreseeable future.

We have never declared nor paid cash dividends on our capital stock. We currently intend to retain any future earnings to finance the operation and expansion of our business, and we do not expect to declare or pay any dividends in the foreseeable future. As a result, stockholders must rely on sales of their Class A common stock after price appreciation as the only way to realize any future gains on their investment.

General Risk Factors

Estimates of our market opportunity and forecasts of market growth may prove to be inaccurate, and even if the market in which we compete achieves the forecasted growth, our business could fail to grow at similar rates, if at all.

Market opportunity estimates and growth forecasts for the markets in which we compete, including those we have generated ourselves, are subject to significant uncertainty and are based on assumptions and estimates that may not prove to be accurate. Not every organization covered by our market opportunity estimates will necessarily buy video communications platforms, and some or many of those organizations may choose to continue using legacy communication methods or point solutions offered by our competitors. It is impossible to build every product feature that every customer or host wants, and our competitors may develop and offer features that our platform does not provide. The variables that go into the calculation of our market opportunity are subject to change over time, and there is no guarantee that any particular number or percentage of the organizations covered by our market opportunity estimates will purchase our solutions at all or generate any particular level of revenue for us. Even if the markets in which we compete meet the size estimates and growth forecasts, our business could fail to grow for a variety of reasons outside of our control, including competition in our industry. If any of these risks materializes, it could harm our business and prospects.

Our business could be disrupted by catastrophic events.

Occurrence of any catastrophic event, including earthquake, fire, flood, tsunami or other weather event, power loss, telecommunications failure, software or hardware malfunctions, cyber-attack, war, terrorist attack, disease, or health epidemics, could result in lengthy interruptions in our service. In particular, our U.S. headquarters and some of the data centers we utilize are located in the San Francisco Bay Area, a region known for seismic activity, and our insurance coverage may not compensate us for losses that may occur in the event of an earthquake or other significant natural disaster. In addition, acts of terrorism could cause disruptions to the internet or the economy as a whole. Even with our disaster recovery arrangements, our service could be interrupted. Moreover, if our systems were to fail or be negatively impacted as a result of a natural disaster or other event, our ability to deliver products to our users would be impaired, or we could lose critical data. If we are unable to develop adequate plans to ensure that our business functions continue to operate during and after a disaster and to execute successfully on those plans in the event of a disaster or emergency, our business would be harmed.

We also face risks related to health epidemics, such as the COVID-19 pandemic, which has impacted virtually every country in the world. An outbreak of a contagious disease, and other adverse health developments could have an adverse effect on global economic conditions and on our business. The effects could include business and service disruptions, such as the temporary closure of our facilities, restrictions on our employees’ ability to travel to support our facilities and services, and difficulties in hiring new employees. We have removed the 40-minute time limit from our free Basic accounts for customers in K-12 schools in certain countries. While we have seen increased usage of our service globally, a significant portion of such increase is attributable to free Basic accounts, which do not generate any revenue. We cannot make any assurances that we will experience an increase in paid hosts or that new or existing users will continue to utilize our services at the same levels after the COVID-19 pandemic has tapered. Furthermore, such increased usage by free Basic account users during this time has required and will continue to require us to expand our network capacity which will increase our operating costs.

Our reported results of operations may be adversely affected by changes in accounting principles generally accepted in the United States.

Generally accepted accounting principles in the United States are subject to interpretation by the FASB, the SEC, and various bodies formed to promulgate and interpret appropriate accounting principles. A change in these principles or interpretations could have a significant effect on our reported results of operations and may even affect the reporting of transactions completed before the announcement or effectiveness of a change. It is also difficult to predict the impact of future changes to accounting principles or our accounting policies, any of which could harm our business.

We may need additional capital, and we cannot be certain that additional financing will be available on favorable terms, or at all.

Historically, we have funded our operations and capital expenditures primarily through equity issuances and cash generated from our operations. Although we currently anticipate that our existing cash and cash equivalents and cash flow from operations will be sufficient to meet our cash needs for the foreseeable future, we may require additional

financing. We evaluate financing opportunities from time to time, and our ability to obtain financing will depend, among other things, on our development efforts, business plans, operating performance, and condition of the capital markets at the time we seek financing. We cannot assure you that additional financing will be available to us on favorable terms when required, or at all. If we raise additional funds through the issuance of equity or equity-linked or debt securities, those securities may have rights, preferences, or privileges senior to the rights of our Class A common stock, and our stockholders may experience dilution.

If we fail to maintain an effective system of disclosure controls and internal control over financial reporting, our ability to produce timely and accurate condensed consolidated financial statements or comply with applicable regulations could be impaired.

We are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act of 2002 (the “Sarbanes-Oxley Act”) and the rules and regulations of the applicable listing standards of The Nasdaq Stock Market. We expect that the requirements of these rules and regulations will continue to increase our legal, accounting, and financial compliance costs; make some activities more difficult, time-consuming, and costly; and place significant strain on our personnel, systems, and resources.

The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. We are continuing to develop and refine our disclosure controls and other procedures that are designed to ensure that information required to be disclosed by us in the reports that we will file with the SEC is recorded, processed, summarized, and reported within the time periods specified in SEC rules and forms and that information required to be disclosed in reports under the Exchange Act is accumulated and communicated to our principal executive and financial officers. We are also continuing to improve our internal control over financial reporting. In order to maintain and improve the effectiveness of our disclosure controls and procedures and internal control over financial reporting, we have expended, and anticipate that we will continue to expend, significant resources, including accounting-related costs and significant management oversight.

Our current controls and any new controls that we develop may become inadequate because of changes in conditions in our business. In addition, changes in accounting principles or interpretations could also challenge our internal controls and require that we establish new business processes, systems, and controls to accommodate such changes. We have limited experience with implementing the systems and controls that will be necessary to operate as a public company, as well as adopting changes in accounting principles or interpretations mandated by the relevant regulatory bodies. Additionally, if these new systems, controls, or standards and the associated process changes do not give rise to the benefits that we expect or do not operate as intended, it could adversely affect our financial reporting systems and processes, our ability to produce timely and accurate financial reports, or the effectiveness of internal control over financial reporting. Moreover, our business may be harmed if we experience problems with any new systems and controls that result in delays in their implementation or increased costs to correct any post-implementation issues that may arise.

Further, weaknesses in our disclosure controls and internal control over financial reporting may be discovered in the future. Any failure to develop or maintain effective controls or any difficulties encountered in their implementation or improvement could harm our business or cause us to fail to meet our reporting obligations and may result in a restatement of our condensed consolidated financial statements for prior periods. Any failure to implement and maintain effective internal control over financial reporting also could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that we will eventually be required to include in our periodic reports that will be filed with the SEC. Ineffective disclosure controls and procedures and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which would likely have a negative effect on the trading price of our Class A common stock. In addition, if we are unable to continue to meet these requirements, we may not be able to remain listed on The Nasdaq Stock Market. We will be required to provide an annual management report on the effectiveness of our internal control over financial reporting commencing with our next Annual Report on Form 10-K.

Our independent registered public accounting firm is not required to formally attest to the effectiveness of our internal control over financial reporting until our first Annual Report filed with the SEC where we are an accelerated filer or a large accelerated filer. We will be required to provide our public accounting firm’s attestation to the effectiveness of our internal control over financial reporting with our next Annual Report on Form 10-K. At such time, our independent registered public accounting firm may issue a report that is adverse in the event it is not satisfied with the level at which our internal control over financial reporting is documented, designed, or operating. Any failure to maintain effective disclosure controls and internal control over financial reporting could harm our business and could cause a decline in the trading price of our Class A common stock.

Our Class A common stock market price and trading volume could decline if securities or industry analysts do not publish research or publish inaccurate or unfavorable research about our business.

The trading market for our Class A common stock depends in part on the research and reports that securities or industry analysts publish about us or our business. The analysts’ estimates are based upon their own opinions and are often different from our estimates or expectations. If one or more of the analysts who cover us downgrade our Class A common stock or publish inaccurate or unfavorable research about our business, the price of our securities would likely decline. If one or more securities analysts cease coverage of us or fail to publish reports on us regularly, demand for our securities could decrease, which might cause the price and trading volume of our Class A common stock to decline.

We incur costs and demands upon management as a result of complying with the laws and regulations affecting public companies in the United States, which may harm our business.

As a public company listed in the United States, we incur significant additional legal, accounting, and other expenses. In addition, changing laws, regulations, and standards relating to corporate governance and public disclosure, including regulations implemented by the SEC and The Nasdaq Stock Market, may increase legal and financial compliance costs and make some activities more time consuming. These laws, regulations, and standards are subject to varying interpretations, and as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. We intend to invest resources to comply with evolving laws, regulations, and standards, and this investment may result in increased general and administrative expenses and a diversion of management’s time and attention from revenue-generating activities to compliance activities. If, notwithstanding our efforts, we fail to comply with new laws, regulations, and standards, regulatory authorities may initiate legal proceedings against us and our business may be harmed.

Failure to comply with these rules might also make it more difficult for us to obtain certain types of insurance, including director and officer liability insurance, and we might be forced to accept reduced policy limits and coverage or incur substantially higher costs to obtain the same or similar coverage. The impact of these events would also make it more difficult for us to attract and retain qualified persons to serve on our board of directors, on committees of our board of directors, or as members of senior management.

We are an “emerging growth company,” and we intend to comply only with reduced disclosure requirements applicable to emerging growth companies. As a result, our Class A common stock could be less attractive to investors.

We are an “emerging growth company,” as defined in the Jumpstart Our Business Startups Act, and for as long as we continue to be an emerging growth company, we may choose to take advantage of exemptions from various reporting requirements applicable to other public companies but not to emerging growth companies, including not being required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act, reduced disclosure obligations regarding executive compensation in our periodic reports and proxy statements, and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and shareholder approval of any golden parachute payments not previously approved. We will remain an emerging growth company until the earlier of (i) the last day of the fiscal year (a) following the fifth anniversary of the completion of our IPO; (b) in which we have total annual gross revenue of more than $1.07 billion; or (c) in which we are deemed to be a large accelerated filer, which means the market value of our common stock held by non-affiliates exceeds $700 million as of the prior July 31 and (ii) the date on which we have issued more than $1.0 billion in non-convertible debt during the prior three-year period. We cannot predict if investors will find our Class A common stock less attractive if we choose to rely on these exemptions. If some investors find our Class A common stock less attractive as a result of any choices to reduce future disclosure, there may be a less active trading market for our Class A common stock, and our stock price may be more volatile. We currently anticipate that we will lose our “emerging growth company” status as of the end of the fiscal year ending January 31, 2021.