SEC Form 10-K filed by Rank One Computing Corporation

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

FORM 10-K

☒  ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the fiscal year ended December 31, 2025

or

☐ TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the transition period from ___________ to ___________

Commission File Number: 001-43137

RANK ONE COMPUTING CORPORATION

(Exact Name of Registrant as Specified in its Charter)

(303) 317-6118

Registrant’s Telephone Number, Including Area Code

Securities registered pursuant to Section 12(b) of the Act:

Securities registered pursuant to section 12(g) of the Act: None.

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☐ No ☒

Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes ☐ No ☒

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒ No ☐

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§ 232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes ☒ No ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐

Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☐

If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements. ☐

Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b). ☐

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act). Yes ☐ No ☒

The registrant was not a public company as of June 30, 2025, the last business day of its most recently completed second fiscal quarter, and therefore cannot calculate the aggregate market value of its voting and non-voting common equity held by non-affiliates as of such date. The registrant’s Common Stock began trading on the Nasdaq Capital Market on February 20, 2026.

The registrant had 19,080,127 shares of its Common Stock, par value $0.01, issued and outstanding as of March 27, 2026.

CAUTIONARY NOTE REGARDING FORWARD-LOOKING STATEMENTS

The information in this Annual Report on Form 10-K (this “Annual Report”) contains “forward-looking statements,” which we intend to be covered by the safe harbor provisions for forward-looking statements contained in Section 27A of the Securities Act of 1933, as amended (the “Securities Act”), and Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”). All statements contained in this Annual Report other than statements of historical fact, including statements regarding our future operating results and financial position, our business strategy and plans, market growth, and our objectives for future operations, are forward-looking statements. These forward-looking statements involve known and unknown risks, uncertainties and other important factors that may cause our actual results, performance or achievements to be materially different from any future results, performance or achievements expressed or implied by the forward-looking statements.

You can identify some of these forward-looking statements by words or phrases such as “may,” “will,” “could,” “would,” “expect,” “anticipate,” “aim,” “estimate,” “intend,” “plan,” “believe,” “is/are likely to,” “potential,” “project,” “target,” “continue” or the negative of these terms or other similar expressions, although not all forward-looking statements contain these words. The forward-looking statements in this Annual Report are only predictions and are based largely on our current expectations and projections about future events and financial trends that we reasonably believe may affect our business, financial condition, and results of operations. Although we believe the expectations reflected in any of our forward-looking statements are reasonable, actual results could differ materially from those projected or assumed in any of our forward-looking statements. Our future financial condition and results of operations, as well as any forward-looking statements, are subject to change and inherent risks and uncertainties.

These forward-looking statements present our estimates and assumptions only as of the date of this Annual Report and are subject to several known and unknown risks, uncertainties, and assumptions. Accordingly, you are cautioned not to place undue reliance on forward-looking statements, which speak only as of the dates on which they are made. Except as required by applicable law, we do not plan to publicly update or revise any forward-looking statements contained herein, whether because of any new information, future events, changed circumstances or otherwise. Important factors that could cause actual results to differ materially from those in the forward-looking statements include, but are not limited to, those summarized below:

Neither the foregoing nor the following “Summary of Material Risks” represents an exhaustive list of matters that may be covered by the forward-looking statements contained herein or risk factors that we are faced with. Forward-looking statements necessarily involve risks and uncertainties, and our actual results could differ materially from those anticipated in the forward-looking statements due to a number of factors, including those set forth below under Part I, Item 1A. “Risk Factors” and elsewhere in this Annual Report. All subsequent written and oral forward-looking statements attributable to us or persons acting on our behalf are expressly qualified in their entirety by the cautionary statements contained above and throughout this Annual Report. Prior to investing in our common stock, you should read this Annual Report and the documents we have filed as exhibits to this Annual Report completely and with the understanding that our actual future results may be materially different from what we currently expect.

The Company will continue to file annual, quarterly and current reports, proxy statements and other information with the Securities and Exchange Commission (the “SEC”). You should not place undue reliance on the forward-looking statements included in this report or that may be made elsewhere from time to time by us, or on our behalf. All forward-looking statements attributable to us are expressly qualified by these cautionary statements.

SUMMARY OF MATERIAL RISKS

Investing in our common stock is speculative and involves a high degree of risk. These risks are discussed more fully in Part I, Item 1A. “Risk Factors” and elsewhere in this Annual Report. We urge you to read Part I, Item 1A. “Risk Factors” beginning on page 19 in full. Our significant risks may be summarized as follows:

Risks Related to Our Industry and Business

Risks Related to Intellectual Property, Information Technology, Data Privacy, and Security

Risks Related to Regulation and Compliance

Risks Related to Our Relationships and Business with the Public Sector

General Risk Associated with Our Company

Risks Related to Our Securities

NOTE REGARDING COMPANY REFERENCES

Unless the context indicates otherwise, as used in this Annual Report, the terms “we,” “us,” “our,” “our company,” “Rank One Computing,” “ROC,” and “our business” refer to Rank One Computing Corporation and its subsidiaries.

Table of Contents

Part I

Item 1. Business

Executive Summary

ROC is an independent American artificial intelligence (“AI”) company redefining the global standard for Vision AI in identity, security, and digital forensics. Our Vision AI platform delivers real-time facial recognition, multimodal biometric verification, video analytics, and AI-powered evidence analysis to mission-critical organizations across private and public sectors. ROC’s biometric algorithms are routinely ranked by National Institute of Standards and Technology (“NIST”) as among the most accurate and computationally efficient globally. Our solutions outperform legacy foreign-built systems at a fraction of the cost, with faster deployment and stronger trust. As demand for trusted AI accelerates across law enforcement, defense, and regulated commercial sectors, ROC is scaling rapidly through a growing network of integrators and multi-year deals. We are expanding from a foundation of government leadership into high-growth commercial markets such as access control, physical security, and identity verification. Our international pipeline spans the Middle East, Asia–Pacific (“APAC”), and other strategic regions where national AI and identity investments are surging. With sovereign U.S. development, deep technical leadership, a vertically integrated platform, and proven field results, we believe ROC is positioned to become the category-defining leader in operational Vision AI.

Overview

ROC builds AI that sees, identifies, and interprets the physical world. Our focus is biometric identity, digital forensics, and real-time video analytics. In a market long dominated by foreign-built legacy platforms, ROC is executing a clear mission: to restore the United States as the global leader in Vision AI. We are displacing outdated, overpriced, foreign systems with American-built solutions that are leaner, more efficient, and more affordable. We believe ROC platforms routinely cost a fraction of legacy alternatives, yet deliver higher accuracy, faster deployment, and superior customer support — all while sustaining strong margins. This operational advantage is rooted in our disciplined model: we’ve never taken outside capital, and we build everything with purpose and precision.

ROC uses the term “Vision AI” as a branch of artificial intelligence focused on transforming unstructured visual data into structured, explainable insight. Vision AI is not generative or conversational. It is operational AI, built for accuracy, speed, and auditability. Whether it is deployed in a military checkpoint, a digital evidence lab, or a financial onboarding workflow, Vision AI enables real-time decisions with transparency and accountability. ROC’s product portfolio includes the following:

ROC’s algorithmic efficiency has long been a strategic advantage. Our AI models typically require only a fraction of the compute power that legacy platforms demand, allowing us to deploy faster, operate leaner, and scale without excess infrastructure. For example, an analysis published on February 20, 2024 of the National Institute of Standards and Technology (NIST) Evaluation of Latent Fingerprint Technologies (ELFT) showed that the ROC’s latent fingerprint algorithm was capable of searching a database more than 500 times faster than every other vendor who was benchmarked. Additionally, an analysis on March 8, 2023 of the NIST Face Recognition Vendor Test (FRVT) showed that the ROC face recognition algorithm ranked 61st out of 338 algorithms in hardware efficiency, while none of our key competitors ranked within the top 150 most efficient algorithms. Further, an analysis performed on February 15, 2023 of the NIST Proprietary Fingerprint Template (PFT) benchmarked that the ROC fingerprint algorithms had template comparison speeds that were the fastest of any vendor, and as much as 1000x faster than certain key competitors.

This advantage has enabled us to simplify system architecture while supporting extremely large deployments through our horizontally and vertically scalable enterprise search infrastructure. ROC is routinely measured by NIST as having the most accurate and computationally efficient facial and fingerprint recognition algorithms in the world — a rare combination that enables both unmatched performance and flexible deployment. We support secure, air-gapped installations as well as cloud-native delivery, and are actively attaining Criminal Justice Information Services (“CJIS”) and related compliance standards to support our growing federal and state customer base. Our engineering team includes experts who have built mission-critical systems for the Federal Bureau of Investigation (the “FBI”) and other agencies, ensuring our platforms are secure, interoperable, and optimized for rapid integration through exposed Application Programming Interfaces (“APIs”) and robust reference applications.

ROC’s mission and leadership emerged from the U.S. national security community. Prior to creating ROC, our founders, Brendan Klare and Joshua Klontz, worked within the facial recognition research group at Noblis, Inc., which is a science and technology services provider to leading U.S. national security agencies. Our founders’ work included supporting a major case study for the FBI, regarding the deployment of facial recognition technology during the course of the 2013 Boston Marathon Bombing investigation. Our CEO, B. Scott Swann, served an 18-year career with the FBI, where he fulfilled multiple executive roles, advancing technology to include Special Assistant in the FBI Director’s Office for the Science and Technology Executive Assistant Director; Executive Officer in the Office of the Director of National Intelligence; and Unit Chief at the FBI’s Criminal Justice Information Services Division. Mr. Swann led the FBI’s major case study on the Boston Marathon Bombing, through which he first met and worked with Mr. Klare and Mr. Klontz. Mr. Swann worked closely with the FBI’s CJIS division, the FBI’s central repository and search database for fingerprints and other biometric evidence.

Our growth now includes global financial companies, state and local public safety organizations, and large retail enterprises. We are rapidly expanding in access control, identity verification, and physical security applications — particularly in high-assurance and infrastructure-critical sectors. Our commercial business is scaling through an already mature channel network, and we are seeing increasing demand from global integrators who want to deliver ROC’s technology under their own brands. Our international pipeline is significant, with especially strong momentum in the Middle East and APAC regions, where governments are investing in next-generation identity and surveillance systems. These global opportunities are already driving business today and represent a substantial long-term growth vector.

On November 19, 2019, ROC published the Code of Ethics that addressed the use of our face recognition technology. To our knowledge, ROC was the first biometric vendor to adopt such code of ethics addressing the use of face recognition technology. Subsequently, ROC has incorporated the Code of Ethics into our software licensing agreements to provide a contractual means for limiting access to our technology if a licensee violates the Code of Ethics. From the beginning, we believed that transparency, accountability, and technical rigor must go hand in hand. We build with fairness and explainability in mind and design for environments where decisions must be auditable and justifiable. That said, the broader landscape is also shifting. Adoption of face recognition and Vision AI tools is accelerating across law enforcement, defense, and critical infrastructure. Agencies that once hesitated are now embracing these capabilities — supported by clearer governance, better training, and stronger results. This growing acceptance comes at an ideal time for ROC. We are entering the public markets as demand is breaking open, not just for AI, but for trusted, operationally proven AI.

ROC has been deliberately built from the ground up. Every employee has been carefully selected not just for skill but for alignment with our mission. Our team combines rising stars in artificial intelligence and Vision AI with senior engineers and practitioners who have delivered large-scale systems for the U.S. government and enterprise. We believe in talent density, small teams, and high-trust environments. Every contributor matters, and every contributor has a stake in ROC’s equity. This model has not only helped us outperform technically — it has helped us retain culture, focus, and resilience while competing against far larger and better-funded companies.

Corporate History

In 2015, ROC’s three co-founders filed the initial Articles of Incorporation as a Subchapter S Corporation with the State of Virginia as Rank One Computing Corporation. In 2018, ROC filed a Statement of Conversion with updated Articles of Incorporation with the State of Colorado and issued 10,000 shares of common stock. In 2021, ROC hired B. Scott Swann as ROC’s CEO. In 2022, ROC filed an Amended and Restated Articles of Incorporation with the State of Colorado to effect a 10 for 1 forward stock split and increase the authorized number of shares of common stock to 200,000. In 2024, ROC revoked its Subchapter S election. In 2025, ROC formed a wholly owned single member limited liability company, ROC Federal LLC, in the State of West Virginia. In 2026, ROC filed a Second Amended and Restated Articles of Incorporation with the State of Colorado to, among others, effect a 167 for 1 forward stock split, increase the authorized number of shares of common stock to 100,000,000 shares of common stock, and authorize 1,000,000 shares of preferred stock. 

Vision, Industry, and Market Opportunity

ROC’s Vision

ROC operates at the intersection of several large and fast-growing technology markets – computer vision (Vision AI), biometrics, video analytics, and digital evidence management. These segments each experienced robust growth from 2023 through 2025, driven by advances in artificial intelligence (AI), increasing security and efficiency demands, and expanding government and commercial use cases. Below we present an analysis of each market, including U.S. and global market size estimates, growth projections, key demand drivers, emerging use cases, and relevant regulatory or technology trends. Our discussion also highlights how ROC’s strategic strengths – alignment with national security needs, efficiency in edge computing, and a multimodal AI platform – position us to capitalize on these industry dynamics.

ROC calculates our total addressable market (TAM) on a global basis, rather than limiting it to specific geographies, because its products and services address a fundamental and universal need that isn’t geographically constrained. Our digital business model allows for seamless expansion into new regions with minimal capital expenditure, making the entire global market addressable over time. This approach is consistent with industry practice for technology companies with scalable offerings but does present some uncertainties with respect to localized market opportunities. Based on market research provided by leading market researchers, including Fortune Business Insights, Straits Research, Grand View Horizon, and the Edge AI and Vision Alliance, the total addressable market in 2025 for ROC products and services, collectively, was approximately $106 billion, globally:

Vision AI Market

The global Vision AI market is expanding rapidly as AI-powered image and video understanding becomes mainstream across industries. In 2024, the global Vision AI market was estimated at approximately $15.8 billion. Longer-term projections show continued high growth: for example, one study projected the global market to grow from about $23.7 billion in 2025 to $108.9 billion by 2033, a Compound Annual Growth Rate (“CAGR”) of roughly 24.1%. Despite variations in forecasts, there is a broad consensus that Vision AI is a high-growth segment, with double-digit annual expansion expected through the decade.

The U.S. Vision AI market represents a significant portion of this opportunity. North America holds the largest regional share of the Vision AI market, with the United States alone accounting for an estimated 30.6% of global revenue in 2024. U.S. market size is substantial and growing and is driven by strong investment in AI across government and commercial sectors. Notably, North America has recently overtaken Asia-Pacific as the dominant force in the Vision AI market, reflecting increased adoption in the U.S. across applications from defense to retail.

Despite the United States leading the world in AI adoption and infrastructure, some of its biometric screening systems used by government agencies still rely heavily on foreign Vision AI algorithms. A French biometrics company provides fingerprint and facial recognition technology for the FBI’s NGI program, the DOD ABIS, Department of State consular systems, NCTC watchlisting, and many state and local systems. A Japanese biometrics company delivers facial biometric software for DHS entry and exit programs and CBP passenger matching, while another French biometrics company supports additional DHS identity operations. Chinese biometrics companies have significant market presence in Southeast Asia and Africa, often providing technology at extremely low cost or even free in exchange for influence and control over national security systems. Russian companies provide high accuracy facial recognition tools that are deployed globally.

Key growth drivers in Vision AI include:

Emerging use cases are driving incremental growth. For example, in smart cities, Vision AI systems monitor traffic, detect accidents, and enhance public safety. In retail, Vision AI is used for frictionless checkout and shelf stock analysis. Facial recognition and object detection in live video streams are now deployed for access control and threat monitoring in airports, schools, and businesses. Such applications illustrate the proliferation of Vision AI into everyday infrastructure. Notably, the object detection sub-segment is expected to be one of the fastest-growing in coming years, as organizations seek real-time situational awareness from video data.

Technology and regulatory trends are shaping the Vision AI landscape. One significant trend is the shift toward edge computing – moving vision AI processing from cloud data centers to local devices and cameras for lower latency and improved privacy. Modern deployments often demand runtime efficiency on edge hardware (such as surveillance cameras, drones, or mobile devices) rather than reliance on constant cloud connectivity. This plays to ROC’s strength in efficiency at the edge, as our algorithms are optimized for high performance on-device. Indeed, the edge-enabled portion of the video analytics market is projected to grow at approximately 34% annually, far outpacing overall market growth, as organizations embrace on-premise and on-device AI to reduce bandwidth costs and address data sovereignty concerns. Another trend is convergence of multimodal AI – combining Vision AI with other sensor inputs (such as audio or biometrics) to enrich analysis. Our multimodal platform approach aligns with this, allowing clients to integrate face recognition, object tracking, and other modalities in one solution.

Regulatory factors are also coming into focus. There is increasing scrutiny on the use of AI and surveillance. For example, the European Union(“EU”)’s proposed AI Act and various state-level laws in the U.S. aim to ensure transparency and accountability in AI systems, especially those used for facial recognition or security monitoring. Privacy regulations (like the GDPR and U.S. state privacy acts) impose requirements on handling image data, requiring vendors to build compliance (data anonymization, consent management, etc.) into their vision solutions. While such regulations could moderate certain uses (e.g., restricting facial recognition in public spaces), they are also expected to favor vendors with trustworthy practices and high accuracy. ROC’s focus on accuracy and its U.S.-made, trusted technology is a strategic asset as customers navigate these regulatory expectations. Overall, the Vision AI market’s growth trajectory remains strong, underpinned by technological advancement and expanding use cases, and our edge-efficient, security-aligned platform is well positioned to benefit from these trends.

Biometrics Market

The global biometrics market – which includes facial recognition, fingerprint, iris, voice recognition and other identity technologies – is experiencing robust expansion, underpinned by rising security demands and widespread adoption in both government and consumer applications. In 2024, the global biometrics market reached an estimated $50.08 billion in revenue and is predicted to increase from $60.32 billion in 2025 to approximately $307.24 billion by 2034, expanding at a CAGR of 19.89% from 2025 to 2034. This sustained growth outlook reflects how integral biometrics have become in modern security, fintech, and identity systems worldwide.

The U.S. biometrics market is one of the leading national markets, fueled by strong government and commercial uptake of biometric technologies. In 2023, the U.S. biometric technology market generated approximately $7.6 billion in revenue, accounting for about 18% of the global market. U.S. biometrics spending is forecast to accelerate with roughly 18% CAGR through 2030, reaching an estimated $24+ billion by 2030. This suggests the U.S. market could approach an approximately $10 billion annual run-rate by the mid-2020s, given current growth rates. North America as a whole is currently the largest regional market for biometrics, ahead of Asia-Pacific. Key U.S. growth drivers include federal and local government programs (e.g., enhanced border control systems, FBI Next Generation Identification upgrades), financial services deploying biometrics for fraud prevention, and the private sector’s embrace of biometric access control and authentication. ROC’s national security alignment is pertinent here – U.S. government and defense agencies are major buyers of biometric solutions for homeland security and military applications, and there is increasing preference for American-made, reliable technology in these sensitive deployments.

Key demand drivers in biometrics include:

With these drivers in place, emerging use cases for biometrics are expanding beyond traditional security. In financial services, biometrics are used for seamless customer onboarding (eKYC) and transaction authentication (e.g., facial recognition for mobile payments). In healthcare, hospitals use biometrics to verify patient identity and secure access to health records. Workplaces are replacing badge swipes with facial or iris scans for attendance and secure entry. Even the travel industry is rolling out biometric boarding gates and luggage drop-offs to improve passenger flow. Each new application domain introduces biometrics to a wider user base, reinforcing the overall market growth.

Several market dynamics and trends are notable in biometrics. One is the emphasis on privacy and data protection. As biometric data (like fingerprints or face templates) becomes widespread, regulators are enacting laws to protect it. For example, the Illinois Biometric Information Privacy Act (the “BIPA”) in the U.S. imposes strict requirements on private companies collecting biometrics, and Europe’s GDPR treats biometrics as sensitive data. These regulations are prompting the industry to adopt privacy-by-design practices – e.g., on-device processing (so raw biometrics are not sent to the cloud), data encryption, and user consent frameworks. ROC’s efficient edge algorithms are able to address these concerns by enabling biometric matching to occur locally on devices or secure servers, minimizing data exposure. Likewise, accuracy and bias mitigation have become crucial: there is growing regulatory and public scrutiny to ensure facial recognition algorithms are unbiased and accurate across demographics. ROC’s top-tier accuracy (as evidenced by NIST evaluations) and demographic benchmarking (as evidenced by NIST evaluations) position us well as clients demand high-performing solutions.

Another trend is Biometrics-as-a-Service (BaaS) and cloud platforms for biometrics. Enterprises that do not want on-premise infrastructure are turning to cloud-based biometric APIs for functions like identity verification. This is expanding the market to new users (e.g., online retailers adding fingerprint login via a service). ROC’s flexible deployment models – on-premise for sensitive government clients or cloud/containerized for commercial clients – align with this shift. Finally, the convergence of biometrics with broader digital identity ecosystems is accelerating. Biometrics are increasingly used alongside digital wallets and identity documents for a holistic ID solution (for instance, using face recognition to unlock a mobile driver’s license app). This convergence is creating opportunities for platforms that can handle multimodal inputs and integrate with various identity data sources. Overall, the biometrics market’s strong growth is underpinned by its central role in security and convenience, and ROC’s strengths in multimodal, high-accuracy and edge-capable biometrics align tightly with where the industry is headed.

Video Analytics Market

The video analytics market – comprising AI-driven analysis of video feeds for security, surveillance, and business intelligence – is experiencing rapid growth as organizations increasingly seek to extract actionable insights from the vast amounts of video data being collected. Globally, the video analytics market was valued at around $10.25 billion in 2024. This market is on a steep upward trajectory: it is projected to reach approximately $48.94 billion by 2032 according to various forecasts. For example, Fortune Business Insights estimates the global market will grow at a 21.8% CAGR from 2025 to 2032, reaching $48.9 billion by 2032. An even longer-range analysis by Precedence Research projects the market to expand at roughly 22.6% CAGR through 2034, ultimately hitting $94.5 billion by 2034. In summary, industry analysts expect roughly a 20–23% annual growth rate in the video analytics sector over the next several years, making it one of the fastest-growing areas of the AI market.

Within this, the U.S. video analytics market is particularly significant and is growing briskly. North America led the world with about 40% of the global video analytics market share in 2024. The United States, as the largest contributor in North America, had an estimated market size of $3.45 billion in 2024. U.S. video analytics revenue is forecast to grow at approximately 22–23% CAGR going forward, in line with global trends, reaching around $7–8+ billion by 2027 and approximately $27 billion by 2034. This high growth is fueled by the widespread deployment of AI analytics in security systems across U.S. cities, airports, retail stores, and federal projects. In fact, the United States currently utilizes video analytics more than any other country, thanks to strong enterprise investment and public sector spending on smart surveillance. Major U.S.-based technology players and defense integrators in this space (e.g., Cisco, IBM, Motorola Solutions/Avigilon) further catalyze domestic adoption through innovation and large project rollouts. ROC’s close alignment with the U.S. government and law enforcement needs – a segment that heavily uses video analytics for threat detection and situational awareness – gives us strategic advantage in this growing home market.

Key demand drivers in video analytics include:

In terms of emerging trends and use cases, an important development is the integration of video analytics with cloud and edge computing architectures. Many organizations are shifting from purely on-premise video management to hybrid models where some analytics run on camera devices or edge gateways (for immediate response), while heavier processing or aggregated trend analysis runs in cloud platforms. This allows scalability and flexibility – routine tasks can be handled at the edge, reducing bandwidth usage, while cloud systems can apply deeper analytics or archival searches. ROC’s strength in delivering efficient analytics on the edge (e.g., on cameras or mobile devices) aligns with this trend; our solutions can run AI on low-power devices, enabling real-time alerts even when connectivity is limited. Industry forecasts specifically highlight edge-enabled video analytics as a high-growth subsegment (projected to reach approximately $75 billion by 2030 from just $5 billion in 2021), reflecting how vital edge computing is becoming in this market.

Another trend is consolidation and platformization. Initially, the video analytics space saw many niche vendors offering point solutions (license plate recognition, people counting, etc.), but we are now seeing consolidation into more comprehensive platforms. Customers (especially large city or enterprise deployments) prefer integrated suites that can handle multiple analytics functions and camera types under one umbrella. This favors companies like ROC that offer a broad multimodal analytics platform – for example, our software can perform facial recognition, object detection, and forensic video search in one system, whereas a piecemeal approach would require several separate tools. The trend toward unified video analytics and evidence platforms (often tying into video management systems, VMS, used by security teams) plays to our advantage as a one-stop provider.

Regulatory and societal factors also affect the video analytics domain. Public privacy concerns are leading to calls for transparency in how video AI is used. Cities deploying facial recognition in cameras, for instance, have encountered pushback leading to moratoriums in some jurisdictions. We anticipate regulations may require measures like bias testing of algorithms, audit logs for how AI alerts are generated, and perhaps restrictions on certain uses (e.g., real-time face ID in public without warrants). At the same time, regulatory mandates can drive adoption: a growing number of local laws require retention and review of surveillance footage (for accountability), which in practice necessitates intelligent video management. For example, several U.S. states now mandate police body-worn cameras and proper handling of the footage, greatly expanding the volume of video that departments must review and store – a challenge that practically demands advanced video analytics and evidence management tools. ROC’s audit capabilities and high-accuracy algorithms to minimize misidentifications and our strong public safety domain knowledge position us to navigate these regulatory trends. In summary, the video analytics market is expected to continue its strong growth, driven by security imperatives and expanding analytic applications, and ROC’s efficient, comprehensive edge analytics platform is aligned with the key technological and market shifts in this sector.

Digital Evidence Management Market

The digital evidence management market involves software and cloud solutions used by law enforcement, legal agencies, and enterprises to store, manage, analyze, and secure digital evidence. This includes handling data such as surveillance videos, body-camera footage, audio recordings, photos, and electronic documents in a manner that preserves integrity for investigations and court proceedings. With the surge of digital data in policing and compliance, this market has grown into a substantial segment on its own. In 2023, the global digital evidence management (“DEM”) market was valued at around $7.5–7.7 billion. Forecasts predict the global DEM market to climb to approximately $13–15 billion by 2028–2029, and around $19 billion by the early 2030s, equating to a solid double-digit CAGR in the 10–12% range over the next decade. For example, The Business Research Company projects the market to grow at 11.9% CAGR through 2029, reaching $14.8 billion in 2029, while other analysts looking out to 2032–2033 see growth continuing at similar rates to over $19 billion. This indicates a steady and resilient expansion, as managing digital evidence has become mission-critical for modern policing and regulatory compliance.

The U.S. market for digital evidence management is a major component of the global total, given the large number of law enforcement agencies and the early adoption of body cameras and digital forensic tools in the United States. North America is currently the largest regional market for digital evidence management solutions. This leadership is due in part to U.S. public safety agencies investing heavily in body-worn cameras, dashcams, and cloud-based evidence systems in recent years. While exact U.S.-only market size figures for 2023–2025 are less reported, North America’s dominance suggests the U.S. accounts for a significant share (likely on the order of one-third to half of global demand). For context, industry reports note that the global body-worn camera and DEM market reached about $1.85 billion in 2023, much of which is U.S.-driven. Eight U.S. states now have laws mandating police use of body cameras, which directly expands the need for digital evidence storage and analysis. Moreover, leading vendors in this space are U.S.-based (for example, Axon (formerly Taser International) provides the dominant cloud evidence platform for police, and companies like Motorola Solutions and Safe Fleet are key providers), underscoring U.S. market strength. We expect the U.S. will remain a growth engine for DEM, as more agencies phase out old manual evidence processes in favor of modern digital management systems. ROC’s national security alignment and relationships in U.S. law enforcement technology position us well in this regard – our solutions can complement and integrate with digital evidence platforms, adding AI-driven analysis (e.g., face recognition in forensic video) to the evidence management workflow.

Demand drivers in digital evidence management are primarily rooted in the increasing volume and importance of digital evidence in both criminal justice and corporate settings:

Given these drivers, emerging use cases and trends in the DEM market include the integration of advanced analytics and cloud technologies. There is a trend toward embedding AI analytics within evidence management platforms – for example, using face recognition or object detection to automatically index video evidence so investigators can quickly search for a suspect across hours of footage. ROC’s technology contributes here: our algorithms can process video evidence within these systems to identify persons of interest or to redact faces for privacy when releasing footage, adding significant value to the raw storage function of DEM. Another trend is the migration to cloud-based evidence management. Traditionally, evidence was stored on DVDs or on-premises servers, but now many agencies are moving to CJIS-compliant cloud solutions (such as Axon Evidence.com or similar) that offer scalability and remote access. Cloud deployments allow evidence to be accessible “anytime, anywhere” with proper credentials, which proved especially useful during the pandemic and continues to be attractive for distributed law enforcement operations. This has been a major driver for market growth as well, since cloud-based models often operate on subscription, making it easier for smaller agencies to come on board without large upfront IT investments. However, this shift also raises the importance of data security – DEM vendors emphasize encryption and compliance to ensure evidence is secure in the cloud. We anticipate continued growth in cloud and hybrid evidence management models, and ROC’s software is designed to integrate with both on-premise and cloud workflows, aligning with this trend.

On the regulatory side, as mentioned, mandates like body-worn camera requirements in various states directly boost this market. There is also likely to be increasing standardization and certification around digital evidence handling (for example, standards for hashing evidence files to verify integrity, or accreditation of cloud evidence systems for law enforcement use). These create a need for vendors to meet high reliability and security benchmarks. ROC’s focus on national security and law enforcement means we are attuned to these requirements – for instance, our software can operate within air-gapped secure networks and produce logs that support evidentiary standards, which is attractive to government clients facing stringent regulations.

Finally, a noteworthy trend is the convergence of digital evidence management with biometrics and video analytics – essentially building end-to-end solutions from evidence capture to analysis. Agencies increasingly seek a unified platform where, for example, a piece of video evidence can be instantly analyzed for faces or objects and then tagged for easy retrieval in an investigation. ROC’s multimodal analytics abilities position us well in this converging landscape. We can augment digital evidence systems with face recognition (one of our core offerings) to automatically identify individuals across an archive of video evidence, or with AI object search to find vehicles, etc., thereby significantly enhancing the utility of stored evidence. We view this convergence as a key opportunity: the industry is moving toward comprehensive digital policing platforms that incorporate collection, management, and analytic exploitation of evidence. Our edge-efficient algorithms and multimodal approach can plug into these systems, fulfilling agencies’ desire for one integrated solution that covers everything from capturing evidence to drawing investigative insights from it.

In summary, across all four segments – Vision AI, biometrics, video analytics, and digital evidence management – the market dynamics from 2023 through 2025 are characterized by strong growth and evolving needs that align closely with ROC’s strengths. Global and U.S. market sizes in each area are expanding at double-digit CAGRs, fueled by technological advancements and urgent demand for AI-driven security and automation solutions. Key drivers (security requirements, data proliferation, automation, and efficiency imperatives) and emerging uses (from smart cities to forensic analytics) are creating a fertile environment for growth. We expect regulatory developments to continue shaping these markets, with increasing emphasis on trusted and high-performance solutions – precisely the space where ROC focuses. With our American-made, security-centric approach, edge computing efficiency, and multimodal AI platform, we believe we are uniquely positioned to capitalize on these trends. We can serve the growing call for AI at the edge in vision applications, deliver the multi-biometric capabilities that customers increasingly require, and integrate into the digital evidence ecosystems that law enforcement and others are building. This alignment with market direction provides a strong foundation for our growth, giving investors insight into the considerable market opportunity we are targeting and our strategic fit within it.

Sources: Global and U.S. market size estimates and CAGRs are drawn from industry research and forecasts. Key trends and drivers are supported by recent analyses highlighting technology adoption and sector demand factors. These data points underscore the robust growth and dynamic environment in which ROC operates, as detailed in the above industry analysis.

Our Competitive Strengths

Our greatest strength is the caliber of our team - executive leadership (with decades of experience in computer vision and machine learning algorithms, software engineering, and national security), our career professionals (Ph.D.’s in Computer Science and software engineers with multi-decade careers in systems deployment and government research), and our junior team members (elite talent with demonstrated capacity to become future organizational leaders). Our team is built on connections that have spanned long before ROC was ever founded. There is trust and deep connection across our team, which has resulted in the long-term 90% retention of our key talent. Our team further offers us an extreme edge in the recruitment of additional talent as ROC grows.

The byproduct of the caliber of our team is a compounding set of additional competitive strengths that grow each year through the strategic knowledge of customer requirements in national security and public safety sectors possessed by our Chief Executive Officer (“CEO”) and others key leaders. In turn, these requirements and roadmaps fuel our product features which are executed by the research and engineering teams (led by our cofounders and other key leaders). Together, we have been able to build products from the ground up that are designed for mission impact and deliver products that work in the environments where it matters most. Our ability to consistently outperform incumbent vendors, integrate across use cases, and remain cost-efficient gives us a unique position as both a category leader and category disruptor. Across sectors and continents, we are earning trust not just for our performance, but for the way we operate — with precision, accountability, and integrity.

More specifically, there are five key competitive strengths of our business.

First, our products are differentiated through architectural and algorithmic efficiency that directly translates into operational and economic advantages. ROC’s AI models consistently rank among the most accurate and efficient in global government benchmarks, enabling our solutions to perform under constraints where others cannot. Our software can run on smaller, lower-power devices — including mobile systems and edge appliances — without sacrificing performance. That means ROC can deliver identity and visual intelligence at the point of capture, in the field, without relying on constant cloud access or expensive infrastructure. This capability is critical to our customers in defense, public safety, and frontline commercial operations, where connectivity is limited and real-time decision-making is essential. It also translates into lower infrastructure costs, making our solutions attractive not just for their speed and accuracy, but for their long-term affordability and efficiency.

Second, we are not simply a software vendor — we are a platform company. Our system is built from the ground up to unify what has long been fragmented use cases in identity systems and analytics. In the past, for example, governments and enterprises needed one or more vendors for multi-biometrics algorithms (face, finger, iris), another vendor for computer vision algorithms such as license plate recognition or threat detection (e.g., weapons detection). Further, the application systems to deploy these core algorithms are often fragmented across different vendor. ROC consolidates all of these capabilities into a single growing platform that enables wide ranging use-cases from real-time video analytics, national and enterprise scale identification systems, mobile identity verification, and analysis of forensic evidence. Further, our software is designed to easily integrate and operate alongside legacy technologies and systems. Altogether, this means fewer contracts, fewer integration headaches, and a dramatically improved user experience for mission operators. Our modular platform can be deployed on the cloud, on-premises, or on the tactical edge, and integrates easily with existing systems. For many customers, this is the first time they can manage identity, video, and investigative intelligence from a single pane of glass. Most importantly, this architecture is built to scale. ROC powers large-scale enterprise deployments across private and public cloud environments with significantly less infrastructure overhead than our competitors. Whether supporting a single agency or an entire nation, our platform offers the flexibility, performance, and efficiency to meet the mission at any scale.

Third, we are proudly and entirely U.S.-built. While we license our technology globally, our primary customer markets are in the U.S., and these markets have long been dominated by foreign providers and black-box AI models. ROC offers an alternative that is transparent, accountable, and aligned with U.S. national security priorities. Our software is developed and maintained in the United States, with no offshore dependencies. We have earned the trust of customers who operate in the most sensitive environments in the world, including, but not limited to, major components of the U.S. Department of Defense. These institutions do not just buy software; they invest in partners who can meet the highest bars for explainability, privacy, and lawful deployment. We do not take that responsibility lightly. To our knowledge, ROC was the first facial recognition company in the United States to publish a code of ethics addressing the use of face recognition technology. We believe transparency builds trust, and trust builds markets.

Fourth, we are designed to be affordable — not by compromising on performance, but by eliminating unnecessary bloat. ROC has never taken venture capital or debt financing. Unlike many competitors weighed down by too much reliance on investor capital, inflated overhead, or long repayment schedules, our organic growth has allowed us to stay lean, generally profitable, and focused on delivering maximum value to our customers. The efficiency required to operate our business in a cashflow positive manner for the last decade means we know we can generally build our software at less cost and higher effectiveness than our competitors. And this allows us to deliver enterprise-grade systems at a fraction of the cost of legacy vendors. Combined with our algorithmic efficiency, which minimizes compute requirements and infrastructure overhead, ROC delivers one of the lowest total costs of ownership in the market. That matters not only to resource-constrained government agencies and mid-sized enterprises, but also to global partners building large-scale identity and evidence ecosystems. We give our customers more performance, more transparency, and more control — for less.

Finally, we believe that competitive strength starts with people. ROC was built by engineers and practitioners who have spent their careers designing and delivering mission-critical systems. Many of our team members come from the FBI, the military, and top AI research labs. Nearly half of our Company consists of software engineers, with more than 20% holding advanced degrees in artificial intelligence related specialties like machine learning. That technical density enables us to move fast, build securely, and outperform on the hardest problems. Our leadership team combines startup grit with government credibility, and our culture emphasizes shared mission, long-term thinking, and operational discipline. We have remained profitable without raising outside capital and have maintained extremely low turnover, even while scaling. This is not accidental — it’s a reflection of the purpose and pride that defines our work. Our customers feel that difference in every interaction.

Taken together, these strengths — technical, architectural, operational, and cultural — give us a unique and defensible position in the rapidly expanding market for identity and visual intelligence. We are not chasing hype cycles. We are building the infrastructure of trust in the AI era.

Our Challenges

As ROC scales from an organically grown, component-led company into a platform leader in operational AI, we face a series of strategic, operational, and financial challenges that must be addressed with discipline and foresight. While we are confident in the strength of our technology, culture, and customer relationships, we also recognize that our next phase of growth brings new complexities that demand focus and agility.

1. Navigating Rapid Growth While Preserving Culture and Performance

ROC has grown significantly in recent years, and we expect this acceleration to continue. Our transition from a lean, component-driven company to a full-stack platform provider — with global customers and increasingly large contracts — is putting pressure on our internal systems, processes, and team dynamics. As we scale our product offerings and customer base, we must continue to invest in infrastructure, hire talent at a high bar, and maintain the cultural DNA that has powered our success to date. Failure to do so could lead to operational inefficiencies, talent dilution, or delays in execution.

Managing this growth requires thoughtful organizational design. We must preserve the responsiveness and technical rigor that define ROC, even as we adopt more formal structures around delivery, compliance, and quality assurance. We believe we can scale without becoming bureaucratic, but this will require continual calibration of our processes and priorities.

2. Scaling Revenue Across Government and Commercial Sectors

To date, much of ROC’s revenue has been earned through a high volume of smaller contracts — pilot programs, phased deployments, or integrations scoped to single use cases or agencies. While this approach has built strong technical credibility and fostered deep customer relationships across multiple government segments, it has also led to lumpy, non-recurring revenue streams that limit predictability and scale.

We believe the next stage of ROC’s growth will be driven by larger, multi-year government contracts. These engagements will provide stronger revenue foundations, longer contract terms, and higher dollar values per customer. However, a key challenge remains: securing our first wave of anchor reference accounts for full-scale national systems. While we are deeply embedded with many government customers today, these engagements have yet to convert into the flagship, multi-year programs that will define our revenue trajectory. Winning that first set of major, referenceable deployments — particularly in civil ID, public safety, and defense intelligence — is a strategic imperative.

We do not believe this opportunity lies solely in the commercial sector. We anticipate that our federal sector — particularly at the intersection of national security, digital evidence, and identity infrastructure — will unlock larger and more sustained revenue opportunities than any we have seen before. In anticipation of this growth, in 2025, we launched ROC Federal LLC, a wholly owned subsidiary designed to manage sensitive U.S. government programs with enhanced focus and operational discipline. ROC Federal allows us to better isolate classified or sensitive workstreams, maintain rigorous security controls, and operate with the dedicated compliance posture expected by U.S. federal customers. This structure positions us to pursue larger federal contracts with greater agility, scalability, and assurance.

At the same time, our commercial sector brings a different set of challenges. As we transition from selling high-performance biometric components to offering complete platforms — for access control, identity verification, and digital case management — we must compete against both incumbent vendors and internal development teams within large enterprises. Commercial customers often evaluate pricing, integration ease, and support differently than public sector clients. Many of our commercial wins to date have come through channels and integrators, which we will continue to support. But to scale recurring revenue, we must evolve our go-to-market model, emphasize product-led growth strategies, and invest in post-sales success and renewal. The shift from component licensing to full solution sales — and from upfront fees to SaaS and managed services — is an organizational and operational transformation that will take time to fully realize.

3. Winning in a Fragmented and Competitive Market

We operate across several highly competitive technology segments, including biometrics, computer vision, and digital evidence management. Many of our competitors are significantly larger, have deeper entrenchment in government contracts, and/or have operated for years with limited competition due to inertia in procurement processes. While these incumbents have long dominated identity infrastructure and surveillance markets, they are increasingly vulnerable, and ROC is well positioned to challenge them.

In many ways, the legacy players have made our opportunity easier. Several have significantly reduced investment in research and innovation. Their product portfolios are aging, and many rely on monolithic architectures that are expensive to scale and difficult to integrate. Customer satisfaction across these legacy platforms is declining — with persistent complaints around licensing complexity, slow delivery timelines, poor support, and outdated UI/UX design. We are regularly approached by former customers of these providers looking for faster, more transparent, and mission-aligned alternatives.

Yet even in this environment, displacing an incumbent remains difficult. Government agencies and large enterprises often favor the status quo, especially when switching platforms requires retraining, re-certification, or data migration. In the public sector in particular, change requires leadership — and in many cases, courage. Despite clear performance and cost advantages, ROC still encounters instances where agencies bypass competitive bidding in favor of sole-source justifications to foreign providers. These decisions often reflect outdated assumptions or perceived risk mitigation, but they have real consequences: reinforcing dependency on foreign black-box systems and denying emerging U.S. platforms the opportunity to compete on merit.

We do not accept this dynamic as inevitable. ROC is committed to working constructively with government buyers and procurement officers to advocate for open competition, transparency, and accountability. We are not asking for special treatment — only for a fair chance to compete. And in the current political environment, where there is growing bipartisan support for domestic technology alternatives and supply chain sovereignty, we believe this message is resonating.

Winning in this market will require more than technical superiority. It will require strategic persistence, policy engagement, and active partnership with customers willing to lead transformation. We are ready for that challenge — and increasingly, so are our customers.

4. Balancing Focus Across Government, Commercial, and International Markets

Unlike many peers who serve only one sector, ROC is positioned to lead in public sector, commercial, and international markets simultaneously. This is a strength but also a challenge. Each vertical has unique customer expectations, procurement models, pricing sensitivities, and compliance requirements.

Nowhere is this challenge more evident than in our international expansion strategy. Historically, ROC’s global footprint has been anchored by high-performance component sales — primarily SDKs and algorithms integrated by international partners. These wins have built brand recognition across multiple continents, but they did not demand the same level of delivery complexity or support infrastructure required by full-system deployments.

Today, we are seeing robust global demand not only for our multimodal biometric capabilities, but also for ROC’s video analytics platform, particularly in use cases involving border surveillance, forensic triage, and real-time threat detection. Across regions including Southeast Asia, the Middle East, Africa, Canada, and Mexico, governments and integrators are seeking full-stack identity and video solutions that combine ROC’s core engines with complete user-facing systems and infrastructure integration. These markets represent a highly qualified near-term pipeline, but they also require a step-change in how we deliver, support, and maintain our offerings across borders.

Delivering turnkey solutions — including hardware-integrated appliances, cloud or air-gapped deployment, on-site installation, and multiyear support — will require scaling international teams, building regional partnerships, and evolving our internal structures for global compliance and operations. This is a meaningful expansion of our current model. Corporate entity creation, export controls, data sovereignty, channel coordination, and multi-lingual support each add complexity. Moreover, while many of these international opportunities are with allied governments and trusted integrators, geopolitical considerations and regional stability risks must be carefully managed.

If we are to become the global alternative to legacy biometric and surveillance incumbents, we must invest heavily in our international operating model. That includes building delivery infrastructure abroad while preserving our commitment to accuracy, transparency, and ethical deployment at a global scale.

5. Adapting to Public Market Scrutiny and Infrastructure Demands

As a newly-public company, we must adapt to a new level of transparency and operational discipline. This includes building and maintaining Sarbanes–Oxley Act of 2002–compliant internal controls, maturing our financial systems, and expanding our compliance functions. Our leadership team will need to allocate time and resources to these areas, while continuing to drive growth and innovation.

The demands of public company governance, investor relations, and quarterly reporting represent a meaningful shift in how ROC operates. Our ability to meet these expectations, without compromising on speed or customer intimacy, is essential to our long-term success.

6. Navigating Ethical Expectations and AI Risk Perception

We operate in one of the most scrutinized sectors of artificial intelligence. The use of facial recognition, video analytics, and other identity technologies — including automated license plate recognition (“ALPR”) — carries real societal impact and is subject to evolving legal, ethical, and political scrutiny. These technologies, when improperly deployed, raise complex questions about civil liberties, surveillance, and bias. While our products are designed for responsible use, the public discourse surrounding them is often shaped by misinformation, lack of context, or high-profile misuse by others.

We have taken early leadership in articulating clear boundaries and safeguards around how our technologies should be deployed. ROC was an early advocate of the ethical development and use of AI for facial recognition and published the Code of Ethics in November 2019. We continue to build systems that prioritize transparency, explainability, and privacy-by-design principles. But expectations are growing — not just from our customers, but from the public and regulators worldwide.

Laws such as the BIPA in Illinois and the GDPR in the European Union impose stringent requirements on the collection, storage, and use of biometric and personally identifiable information. These laws, along with emerging frameworks in Canada, the U.K., and California (under the CPRA), are shaping how ROC must operate across jurisdictions. While our systems are engineered to comply with these frameworks — including audit logging, access controls, and data minimization features — compliance is not static. As regulation continues to evolve, we must stay ahead of shifting legal interpretations and invest proactively in adaptable architecture and documentation.

In addition, ALPR — one of our fast-growing computer vision capabilities — presents its own set of public acceptance challenges. In some jurisdictions, plate recognition has faced backlash over perceptions of overreach, profiling, or lack of oversight. While ROC’s ALPR technology is built with safeguards and settings parameters, its inclusion in broader surveillance systems may raise questions for civil liberties groups or the press. It is our responsibility to ensure that these technologies are used for legitimate, narrowly defined public safety purposes, and that our customers understand how to deploy them responsibly.

Ultimately, we must continue to lead not just technically, but morally — ensuring that our technology is used responsibly and that we are prepared to respond to any reputational or regulatory challenges. This includes investing in transparency, auditability, and partnerships with stakeholders who shape policy and public trust. The companies that thrive in this space will be those that treat ethical leadership as a competitive advantage. We intend to be one of them.

Competition

We operate in intensely competitive markets that span biometric identity, computer vision, digital evidence, public safety, defense, and identity verification. These sectors are occupied by multinational incumbents, highly capitalized startups, and integrated platform providers with decades-long relationships in both public and commercial sectors, including IDEMIA, NEC, Tech 5, and Paravision. Many benefit from scale and name recognition, but also carry the weight of legacy systems, foreign-sourced AI components, and architectures that no longer meet the evolving standards of performance, security, and transparency.

Ironically, in many cases, these industry giants have made our job easier. Their retreat from sustained research investment, shrinking support teams, and reduced delivery performance have left a noticeable void. Customers often describe stagnant roadmaps, weak responsiveness, or hidden model behaviors that erode trust. As these shortcomings have become more visible, the opportunity for ROC to emerge as a reliable, modern, and mission-aligned alternative has accelerated.

In biometric identity, where precision and speed matter most, ROC delivers top-tier algorithmic performance validated through independent testing—all while maintaining low computational overhead. Our solutions are built to run on edge devices, integrate flexibly with existing infrastructure, and adapt quickly to changing operational conditions. In the realm of video analytics and digital evidence, we deliver unified capabilities—real-time facial recognition, object and license plate detection, threat alerting, and post-event forensic search—in a single, streamlined software stack. These tools are optimized for the frontline user, not just for performance benchmarks.

Public safety deployments are a clear example of where ROC’s simplicity, accuracy, and cost-efficiency have outperformed slower, more complex alternatives. While others require proprietary hardware or siloed platforms to enable their solutions, ROC deploys on existing networks and infrastructure, reducing total cost of ownership and accelerating time to value. We offer edge deployment and local data governance to meet the privacy needs of communities and institutions alike.

In the federal space, we do not view the large systems integrators as competitors, but as vital partners. Most federal programs award implementation and delivery to major integrators who then rely on best-in-class technologies to fulfill mission objectives. ROC is often selected in this capacity—trusted to deliver U.S.-made, testable, and secure AI capabilities that support national security, intelligence, and defense missions. Our alignment with federal objectives and our proven record of operating in classified environments continue to strengthen our position across the government ecosystem.

In the commercial sector, we are seeing growing demand for ROC’s biometric and AI solutions in industries such as financial services, healthcare, logistics, retail, and telecommunications. As identity verification becomes central to digital onboarding, fraud prevention, and customer trust, organizations are moving away from black-box third-party platforms toward solutions that offer transparency, modularity, and compliance. Early commercial providers in this space are now facing mounting pressure from customers who expect significantly lower transaction costs—something these bloated providers struggle to deliver due to complex architectures and deep reliance on third-party components. Many of their systems are cobbled together from multiple vendors, making cost reduction and performance optimization difficult.

By contrast, ROC owns and controls nearly the entire AI stack that powers its biometric and computer vision solutions, with the sole exception of document verification. As discussed above, certain customers who utilize ROC Enroll may choose to offer Identity Document Verification. ROC allows for these COTS products to be integrated into the workflow by third-party providers. Today, ROC purchases and resells these licenses through a single vendor but could support other vendors if required. Our ability to deliver high-accuracy biometrics, privacy-conscious deployments, and flexible integration options makes us a preferred partner for enterprises seeking performance without compromise. Our modular architecture allows commercial clients to adopt ROC components within their existing platforms, helping them meet regulatory, operational, and user experience goals.

Rather than compete on size or brand, we lead with performance, adaptability, and values. We win by solving hard problems with speed, accuracy, and trust. As public scrutiny of AI intensifies and national security concerns escalate, the importance of sovereign, American-made technology has never been more urgent. The United States has, for too long, relied on foreign-built systems for core elements of its identity and biometric infrastructure—leaving critical vulnerabilities in place across both commercial and government applications.

ROC is directly addressing this gap. We develop our AI, algorithms, and biometric systems entirely within the United States, with no dependency on foreign components or opaque model development. This not only enhances trust and transparency but ensures that our customers—whether commercial enterprises or federal agencies—are investing in resilient, future-proof infrastructure that aligns with national interests.

We believe our momentum, mission clarity, and sovereign foundation position us not just as a credible alternative—but as the next-generation leader at the intersection of AI, identity, and public safety.

Intellectual Property

ROC’s primary business activity is creating high value, highly differentiable intellectual property in the form of computer vision and machine learning models, software libraries, applications, and systems, as well as trade secret methodologies for developing and deploying these models and various forms of software. Our secondary activities are marketing, licensing, and deploying this intellectual property.

As of December 31, 2025, our registered intellectual property portfolio consisted of nonprovisional (utility) U.S. patents US 10,839,251 B2 and US 11,354,422 B2 and US trademarks in “ROC”, “RANK ONE”, “ROC ENROLL”, “ROC EXPLORE”, “ROC EXAMINE”, “ROC WATCH”, the “caret design to the left of the stylized word “ROC” and the “caret design” alone, which we use in our branding.

Intellectual property laws, procedures and restrictions provide only limited protection, and any of our intellectual property rights may be challenged, invalidated, circumvented, infringed, misappropriated or otherwise violated (see Part I. Item 1. “Business - Legal Proceedings”). Furthermore, the laws of certain countries do not protect intellectual property and proprietary rights to the same extent as the laws of the United States, and we therefore may be unable to protect our proprietary technology in certain jurisdictions.

Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy or obtain and use our technology to develop products and services with the same functionality as our products. Policing unauthorized use of our technology is difficult. Our competitors could also independently develop technologies like ours, and our intellectual property rights may not be broad enough for us to prevent competitors from selling products and services incorporating those technologies. For more information regarding the risks relating to intellectual property, see Part I. Item 1A. “Risk Factors - Risks Related to Intellectual Property, Information Technology, Data Privacy, and Security.”

Research and Development

ROC is fundamentally an engineering- and research-led organization. Since our founding, innovation has been at the core of our identity. The Company was established by a team of machine learning scientists committed to advancing the frontiers of artificial intelligence, Vision AI, and biometric recognition. Today, approximately 50% of ROC’s technical workforce holds advanced degrees in computer science or closely related fields, underscoring our deep expertise and technical leadership.

Our R&D efforts are centered around the development of proprietary Vision-AI technology, built entirely in-house using advanced machine learning and deep learning methodologies. ROC’s commitment to core research and technical excellence has resulted in significant advancements in the field of biometrics, culminating in our algorithms achieving top-tier rankings in independent evaluations conducted by NIST.

In addition to biometrics, our R&D initiatives extend to adjacent areas such as object detection and license plate recognition, where we leverage our foundational AI capabilities to address critical needs in security, identity, and data analytics markets. These capabilities enable us to deliver differentiated, high-performance solutions across a variety of applications and industries.

Looking forward, ROC plans to continue scaling its research and development investments. We intend to grow our R&D team significantly to accelerate innovation, expand our portfolio of AI-driven technologies, and maintain a competitive advantage in a rapidly evolving technological landscape. We believe that sustained investment in research and development will be critical to driving future growth, meeting the emerging needs of our customers, and maintaining our leadership in Vision-AI solutions.

Government Regulation

ROC is subject to complex and evolving laws and regulations in the United States and abroad relating to privacy, data protection, data security, biometrics, artificial intelligence, technology protection, and other matters. These laws and regulations are often subject to change, varying interpretation, and inconsistent enforcement, and could result in claims, modifications to our business practices, monetary penalties, increased operational costs, or other adverse impacts on our business.

We are subject to a range of local, state, federal, and international laws governing the collection, storage, use, transfer, and protection of personal information and data, including privacy and cybersecurity regulations. Foreign data protection laws, in particular, often impose stricter requirements than U.S. laws. These regulatory frameworks are constantly evolving and remain uncertain for the foreseeable future, especially in the rapidly changing fields of software, technology, and artificial intelligence where we operate. Inconsistent interpretation and application of these laws across jurisdictions further complicate compliance efforts.

Several legislative and regulatory developments could significantly impact our operations. For example, ongoing legal challenges in Europe regarding cross-border data transfer mechanisms may restrict the ability to transfer personal data from the European Economic Area to other jurisdictions, including the United States, unless new agreements are reached. In the United States, the CCPA, effective January 1, 2020, imposes significant requirements regarding the processing of personal information of California residents and creates new consumer rights. Enforcement began on July 1, 2020, and additional changes, such as those introduced by the CPRA, may increase compliance obligations and costs. While we are committed to compliance with applicable data privacy laws, the full impact of these laws on our business and operations remains uncertain.

Outside the United States, jurisdictions worldwide are increasingly enacting and enforcing comprehensive data protection laws. For example, the European Union’s GDPR, which took effect in May 2018, imposes strict requirements on the collection, processing, and transfer of personal data, with significant penalties for noncompliance—up to the greater of €20 million or 4% of annual global revenues. Compliance with the GDPR and other emerging laws may require substantial investment in operational changes and ongoing diligence.

U.S. and non-U.S. laws and regulations related to biometric technology and products are at a maturing stage of development and still evolving. The effects of such laws and regulations may impose limitations and add uncertainties to the development and operation of our biometric-related business. For example, the European Union’s GDPR classifies biometric data as “sensitive data” which is subject to heightened protection and its processing is generally prohibited unless specific legal grounds, like explicit consent, are met. As another example, the Illinois BIPA prohibits the collection of biometric data without individualized notice and consent. Laws and regulations focused on the collection, use, and processing of biometric data could result in monetary penalties or other regulatory actions. Several states and municipalities are considering enacting or have already enacted statutes and regulations specifically concerning the collection, use and processing of biometric data, including those focused on consumer privacy and consumer protection. In addition, state data privacy laws and foreign data privacy laws often include heightened protections for biometric data, which may include individualized notice and/or consent requirements. These federal, state, municipal and foreign laws and regulations may impact our ability to deploy biometric software products in certain markets, and may increase our compliance costs.

U.S. and non-U.S. laws and regulations related to AI technology and products are at an early stage of development and still evolving. The effects of such laws and regulations remain unclear and may add uncertainties to the development and operation of our AI-related business. For example, the EU AI Act became effective on August 1, 2024 and will be fully applicable after a two-year transitional period (although certain obligations will take effect at an earlier or later time). The EU AI Act introduces various requirements for AI systems and models placed on the market or put into service in the EU and may impact our ability to train, deploy, or release AI models in the EU. Among other limitations, the EU AI Act prohibits marketing and use of “AI systems that create or expand facial recognition databases through the untargeted scraping of facial images from the internet or CCTV footage.” Laws and regulations focused on the development, use, and provision of AI technologies could result in monetary penalties or other regulatory actions. In the U.S., there is increasing uncertainty as to the federal government’s approach to AI regulation going forward, as the continued applicability of the White House’s 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, which lays out a framework for the U.S. government, among other things, to monitor private sector development of certain foundation models, remains subject to regulatory development. Several states are considering enacting or have already enacted statutes and regulations concerning the use of AI technologies, including those focused on consumer protection, and depending on the scope of AI regulation at the federal level, some states may move to regulate AI model development and deployment. As an example, the Colorado AI Act is scheduled to go into effect on June 30, 2026, which introduces various requirements for “high-risk” AI systems that make or significantly influence consequential decisions involving education, employment, financial services, housing, health care or legal services. Several other U.S. states are considering enacting or have already enacted regulations concerning AI technologies, which may impact our ability to train, deploy, or release AI models and our software products, and increase our compliance costs. Further, at the federal and state level, there have been various proposals (and in some cases laws enacted) addressing “deepfakes” and other AI-generated synthetic media.

The complex and evolving nature of global privacy, data protection, biometrics and artificial intelligence laws presents significant compliance challenges. Any failure, whether by us, our employees, our business partners, or our customers, to comply with these laws and regulations—or perceived failures—could result in regulatory investigations, private litigation, reputational damage, and significant financial liabilities.

In addition to formal regulations, we may also be subject to industry standards, self-regulatory frameworks, and contractual obligations related to privacy, security, data protection, biometrics and artificial intelligence. We may make public commitments regarding our privacy, data protection, biometrics and artificial intelligence practices, and any failure to meet those commitments could expose us to legal and reputational risks.

We expect the regulatory landscape to continue to evolve, with new and amended privacy, data protection, biometrics and artificial intelligence laws and standards emerging in the U.S. and internationally. Future changes may require further investment, operational adjustments, and could restrict certain business activities or otherwise adversely affect our operations. In addition, heightened scrutiny, expanding regulatory enforcement, and increasing public attention to privacy, data protection, biometrics and artificial intelligence issues could further impact our business, even where we strive to maintain compliance.

Failure or perceived failure to comply with applicable laws, regulations, contractual requirements, or industry standards—or the occurrence of any security incident involving personal or sensitive data—could result in substantial penalties, adverse publicity, restrictions on our operations, or other negative consequences that could materially and adversely affect our business, financial condition, and results of operations.

Employees 

As of December 31, 2025, we had 66 full-time and 16 part-time employees, all employed in the United States. We also engage contractors and consultants.

Corporate Information

We were originally incorporated under the laws of the State of Virginia on May 5, 2015 and subsequently converted to a corporation incorporated under the laws of the State of Colorado on September 18, 2018. Our principal executive office is located at 1290 Broadway, Suite 1200, Denver, CO 80203, and our telephone number is (303) 317-6118. Our website is https://roc.ai/. Information contained on, or available through, our website does not constitute part of, and is not deemed incorporated by reference into this Annual Report, and investors should not rely on such information in deciding whether to purchase shares of our common stock. 

Item 1A. Risk Factors.

You should consider carefully the risks, uncertainties and other factors described below, in addition to the other information set forth in this Form 10-K, before making an investment decision. Any of these risks, uncertainties and other factors could materially and adversely affect our business, financial condition, results of operations, cash flows or prospects. In that case, the market price of our common stock could decline, and you may lose all or part of your investment in our common stock. See also “Cautionary Note Regarding Forward-Looking Statements.”

Risks Related to Our Industry and Business

We have a limited operating history as a public company, and our ability to execute our growth plans depends on maintaining adequate liquidity and capital resources.

As disclosed in our Registration Statement on Form S-1, as amended (File No. 333-291913), which was declared effective by the SEC on January 30, 2026, management had previously concluded that substantial doubt existed about our ability to continue as a going concern as of September 30, 2025, primarily due to our limited cash resources, reliance on collections of concentrated accounts receivable, and outstanding indebtedness under our revolving line of credit. This substantial doubt was alleviated following the completion of our initial public offering in 2026, which raised net proceeds of approximately $21.5 million, including net proceeds from partial exercise of overallotment option.

While the Company’s near-term liquidity position has improved significantly as a result of the initial public offering, we may require additional capital in the future to fund our growth strategy, including product development, expansion of our sales and marketing capabilities, potential acquisitions, and general working capital needs. Our ability to generate sufficient cash from operations depends on a number of factors, including the pace and scale of commercial adoption of our products, the timing of cash collections from customers, and our ability to manage operating expenses. If we are unable to generate adequate cash flows from operations or raise additional capital on acceptable terms when needed, we may need to delay, scale back, or discontinue certain planned initiatives, which could adversely affect our business, financial condition, and results of operations.

There can be no assurance that additional financing will be available on acceptable terms, or at all. Any equity financing may result in dilution to our existing stockholders, and any debt financing may involve restrictive covenants or other terms that limit our operational flexibility.

As an early-stage company, our historic performance is not necessarily an indication of future performance.

Since its inception, our business has expanded organically through the delivery of enhanced solutions and expanded product offerings to our customers. Due to our limited operating history and evolving business, our ability to forecast future results of operations is limited and subject to several uncertainties, including our ability to plan for and model future growth. Our historical revenue growth should not be considered indicative of our future performance. Further, in future periods, our revenue growth could slow. We have encountered and will encounter risks and uncertainties frequently experienced by growing companies in rapidly changing industries, and if our assumptions regarding these risks and uncertainties, which we use to plan our business, prove incorrect or we fail to address these risks effectively, our business could be adversely affected.

We may not be able to sustain our revenue growth rate in the future.

Although our revenue has increased in recent periods, there can be no assurances that it will continue to grow or do so at current rates, and past performance should not be seen as an indicator of future results. Our revenue growth rate may decline in future periods due to various factors, such as increased competition, slowing demand for our platforms from existing and new customers, our failure to capitalize on growth opportunities, terminations of existing contracts by our customers, and the maturation of our business, among others. If our revenue growth rate declines, our business, financial condition, and results of operations could be adversely affected.

Historically, existing customers have expanded their relationships with us, which has resulted in a limited number of customers accounting for a substantial portion of our revenue. If existing customers do not make subsequent purchases or renew their contracts with us, or if our relationships with our largest customers are impaired or terminated, our revenue could decline, and our results of operations would be adversely impacted.

We derive a significant portion of our revenue from existing customers that expand their relationships with us. Increasing the size and number of the deployments of our existing customers is a major part of our growth strategy. We may not be effective in executing this or any other aspect of our growth strategy. Our revenue reflects risks from customer concentration. As noted in the table below, we had two customers that accounted for 10% or more of our revenue as of December 31, 2025, accounting for 43% of total revenue, and one customer that accounted for 10% or more of annual revenue for the year ended December 31, 2024, accounting for 25% of 2024 annual revenue.

Certain of our customers, including customers that represent a significant portion of our business, have in the past reduced their spending with us or terminated their agreements with us, which has reduced our anticipated future payments or revenue from these customers, and which has required us to refund some previously paid amounts to these customers. We cannot predict future demand from our larger customers for our software and services.

There are inherent risks when a large percentage of total revenues are concentrated with a limited number of customers, as this increases the risk of quarterly fluctuations in our operating results and heightens our sensitivity to any material adverse developments affecting those key customers. We cannot predict the future level of demand for our products that will be generated by these customers. The terms of our contracts with these significant customers generally allow them to unilaterally terminate the arrangement at any time, subject to notice and other provisions. The terms and conditions under which we do business generally do not include commitments by those customers to purchase any specific quantities of products from us or to renew their contracts after the initial period. Even when we enter into an arrangement under which a significant customer agrees to purchase an agreed portion of its product or service needs from us (provided we meet our contractual obligations), the arrangement often includes pricing schedules with substantial price concessions and does not guarantee expected purchase volumes. If any major customer faces declining or delayed sales due to market, economic, or competitive factors, we may be pressured to lower our prices or risk losing the customer. Any such development could have an adverse effect on our margins, financial position, sales, results of operations, and the trading price of our common stock. We cannot guarantee that our sales will not continue to be concentrated among a limited number of customers.

Our customers typically enter into shorter-term contracts, such as 12 months, which may not provide for automatic renewal and may require customer to opt-in to extend the term. Our customers are not obligated to renew, upgrade, or expand their agreements after expiration. In addition, many of our customer contracts allow termination with little or no notice. If our customers terminate their contracts with us, whether for convenience, breach, or other contractual reasons, as applicable; if our customers elect not to renew their contracts with us; if our customers renew their contractual arrangements with us for shorter contract lengths; or if our customers otherwise seek to renegotiate terms of existing agreements on terms less favorable to us, our business and results of operations could be adversely affected. This adverse impact would be even more pronounced for customers that represent a material portion of our revenue or business operations.

Our results of operations are likely to fluctuate significantly on a quarterly basis in future periods and may not fully reflect the underlying performance of our business, which makes our future results difficult to predict and could cause our results of operations to fall below expectations.

Our quarterly results of operations, including cash flows, have fluctuated significantly in the past and are likely to continue to do so in the future. Accordingly, the results of any one quarter should not be seen as indicative of future results. Our quarterly results, financial position, and operations are likely to fluctuate as a result of a variety of factors, many of which are outside of our control, and as a result, may not fully reflect the underlying performance of our business. Fluctuations in quarterly results may negatively impact the value of our common stock.

The timing of our sales cycles is unpredictable and is impacted by factors such as government budgeting and appropriation cycles, varying commercial fiscal years, and changing economic conditions. This can impact our ability to plan and manage margins and cash flows. Our sales cycles are often long, and it is difficult to predict exactly when, or if, we will make a sale with a potential customer. The loss or delay of one or more large sales transactions in a quarter would impact our results of operations and cash flow for that quarter and any future quarters in which revenue from that transaction is lost or delayed. In addition, downturns in new sales may not be immediately reflected in our revenue because we generally recognize revenue over the term of our contracts. The timing of customer billing and payment varies from contract to contract. A delay in the timing of receipt of such collections, or a default on a large contract, may negatively impact our liquidity for the period and in the future. Because a substantial portion of our expenses is relatively fixed in the short-term and requires time to adjust, our results of operations and liquidity would suffer if revenue falls below our expectations in a particular period.

Other factors that may cause fluctuations in our quarterly results of operations and financial position include, without limitation, those listed below:

In addition, our contracts generally contain termination for convenience provisions, which may require us to refund prepaid amounts or forgo anticipated revenue if we fail to provide future services as anticipated. These factors make it difficult for us to accurately predict financial metrics for future periods.

The variability and unpredictability of our quarterly results of operations, cash flows, or other operating metrics could result in our failure to meet our expectations or those of analysts that may cover us or investors with respect to revenue or other key metrics for a particular period. If we fail to meet these expectations, our stock price may decline and we could face costly litigation, including securities class actions.

Our software is complex and may have a lengthy implementation process, and any failure of our software to satisfy our customers or perform as desired could harm our business, results of operations, and financial condition.

Our software and services are complex and are deployed in a wide variety of environments. Implementing our software can be a complex and lengthy process, as we often configure our software for each customer’s unique environment. The inability to meet the unique needs of our customers may result in customer dissatisfaction and/or damage to our reputation. Proper use of our software may also require customer training and ongoing technical support.

In addition, if our customers do not use our software correctly or as intended, inadequate performance or outcomes may result. It is possible that our software may also be intentionally misused or abused by customers or their employees, or third parties. Similarly, our software is sometimes used by customers with smaller or less sophisticated IT departments, potentially resulting in sub-optimal performance at a level lower than anticipated by the customer. Because our customers rely on our software to address important business goals and challenges, the improper use or configuration of our software, lack of effective training, or inadequate implementation or maintenance support may result in contract terminations or non-renewals, reduced customer payments, negative publicity, or legal claims against us. Furthermore, if there is substantial turnover of the company or customer personnel responsible for procurement and use of our software, our software may go unused or be adopted less broadly, and our ability to make additional sales may be substantially limited, which could negatively impact our business, results of operations, and growth prospects.

If we do not successfully develop and deploy new technologies to address the needs of our customers, our business and results of operations could suffer.

Our success has been based on our ability to design software that integrates large amounts of data to facilitate advanced data analysis, knowledge management, and decision support in real-time. We invest significant time and resources into developing new technologies and enhancing existing features to meet evolving customer needs. However, there is no guarantee that these enhancements or our new products will be compelling to our customers or gain market acceptance. If our research and development efforts do not align with customer demand or if we fail to develop our software in a timely and cost-effective manner, we may struggle to retain customers or drive new demand.

The introduction of new products by competitors or the development of new technologies to replace existing offerings could make our software obsolete or adversely affect our business, financial condition, and results of operations. We may face difficulties in software development, design, or marketing that could delay the release of new software or features. There can be no assurance that new software, features, or capabilities will be released according to schedule. Any delays could result in adverse publicity, loss of revenue or market acceptance, or claims by customers brought against us, any of which could harm our business. Moreover, the design and development of new software or new features and capabilities to our existing software may require substantial investment, and we cannot ensure that such investments will be successful. If customers do not widely adopt our new software, experiences, features, and capabilities, we may not be able to realize a return on our investment.

Our new and existing software and changes to our existing software could fail to attain sufficient market acceptance for many reasons, including:

If we are not able to continue to identify challenges faced by our customers and develop, license, or acquire new features and capabilities to our software in a timely and cost-effective manner, or if such enhancements do not achieve market acceptance, our business, financial condition, results of operations, and prospects may suffer and our anticipated revenue growth may not be achieved.

If we fail to manage future growth effectively, our business could be harmed.

Since our founding in 2015, we have experienced rapid growth. We operate in a growing market and have experienced, and may continue to experience significant expansion. This growth has strained our resources, including employees, management systems, and finances, as we manage larger, more complex deployments. We have increasingly managed larger and more complex deployments of our software and services with a broader base of government and commercial customers. As we continue to grow, we face challenges of integrating, developing, retaining, and motivating our expanding workforce. In the event of continued growth, our operational resources, including IT systems, employee base, and internal controls and procedures, may not be adequate to support our operations and deployments. Managing our growth may require significant investments and management efforts. If we fail to achieve the necessary level of efficiency in our organization as it grows, our business, financial condition, and results of operations would be harmed. Further, we may continue to find it increasingly difficult to maintain the benefits of our traditional company culture, such as our ability to respond quickly to customers and avoid delays associated with a formal corporate structure, which could negatively affect our business performance or ability to hire or retain personnel.

In addition, our rapid growth may make it difficult to evaluate our future prospects. Our ability to forecast our future results of operations is subject to uncertainties, including our ability to effectively plan for and model future growth. We have encountered, and may encounter in the future, risks and uncertainties frequently experienced by growing companies in rapidly changing industries. If we fail to achieve the necessary level of efficiency, or if we are not able to accurately forecast future growth, our business, financial condition, and results of operations would be harmed.

If we are unable to hire, retain, train, and motivate qualified personnel and senior management and deploy our personnel and resources to meet customer demand around the world, our business could suffer.

Our ability to compete in the highly competitive technology industry depends upon our ability to attract, motivate, and retain qualified personnel. We are highly dependent on the contributions of our management team, including their customer relationships, expertise in science and technology, business development experience, and innovative management in both public and private sectors. Some of our executive officers and key personnel are at-will employees and may terminate their employment relationship with us at any time. The loss of the services of our key personnel and other executive officers, and our inability to find suitable replacements, could result in a decline in sales, delays in product development, and harm to our business and operations.

We have experienced and may continue to experience difficulty in hiring and retaining personnel with appropriate qualifications and may not be able to fill positions in a timely manner or at all. Potential candidates may not view our compensation package, including equity awards, as favorably as those hired before our listing. In addition, our recruiting strategies may need to adapt to a changing candidate pool, and we may not be able to make these adjustments quickly. We may also incur significant costs to attract and recruit skilled personnel, and we may lose new personnel before we realize the benefit of our investment in recruiting and training them. As we move into new geographies, we will need to attract and recruit skilled personnel in those geographic areas, but we may face challenges competing with traditional local employers for talent. In addition, certain personnel may be required to receive various security clearances and substantial training to work on certain customer engagements or to perform certain tasks. Necessary security clearances may be delayed or unsuccessful, which may negatively impact our ability to perform on our U.S. and non-U.S. government contracts in a timely manner or at all. Our success depends on our ability to effectively source and staff people with the right mix of skills and experience. If we are unable to effectively utilize our personnel on a timely basis to fulfill the needs of our customers, our business could suffer.

We face intense competition for qualified personnel, especially software engineers and data scientists, in major U.S. markets, where a large portion of our personnel are based. We incur costs related to attracting, relocating, and retaining qualified personnel in these highly competitive markets, including leasing real estate in prime areas in these locations. Many of the companies with which we compete for qualified personnel have greater resources. If we fail to attract new personnel or to retain our current personnel, our business and operations could be harmed.

We seek to retain and motivate existing personnel through our compensation practices, company culture, and career development opportunities. This may require significant investments in cash and equity, which we may never realize returns on these investments. If the perceived value of our equity awards declines, or if the mix of equity and cash compensation we offer is less attractive than that of our competitors, it may adversely affect our ability to recruit and retain highly skilled personnel. Employees may also be more likely to leave us if their stock or equity awards have either significantly appreciated or lost value. In addition, employees receiving substantial proceeds from selling our stock could become less motivated to stay. Any of these factors could harm our business, financial condition, and results of operations.

If we are unable to successfully deploy our marketing and sales organization in a timely manner, or at all, or to successfully hire, retain, train, and motivate our sales personnel, our growth could be adversely impacted.

We currently have a growing, but limited, direct sales force, and our sales efforts have historically depended on the significant direct involvement of our senior management team. The successful execution of our strategy to increase our sales to existing customers, engage new customers, and enter new markets will depend, among other things, on our ability to build and expand our sales organization and operations. Recruiting, training, and managing sales personnel requires significant time, expense, and involvement from senior management and other key personnel, which could adversely impact our business, financial condition, and results of operations in the short and long term.

In order to successfully scale our sales model, we must continue to increase the size of our direct sales force, both in the United States and outside of the United States, to generate additional revenue from new and existing customers while maintaining our culture and mission. If we do not hire enough qualified sales personnel, our future revenue growth and business could be adversely impacted. It may take a significant period of time before our sales personnel are fully trained and productive, and there is no guarantee we will be successful in adequately training and effectively deploying our sales personnel. In addition, we may need to invest significant resources to enable our sales organization to run effectively and efficiently, including supporting sales strategy planning, sales process optimization, data analytics and reporting, and administering incentive compensation arrangements. Furthermore, hiring personnel in new countries requires additional setup and upfront costs that we may not recover if those personnel fail to achieve full productivity in a timely manner. Our business would be adversely affected if our efforts to build, expand, train, and manage our sales organization are not successful. We periodically adjust our sales structure in response to market opportunities, competitive threats, management changes, product introductions or enhancements, acquisitions, sales performance, increases in sales headcount, cost levels, and other internal and external considerations, and any such sales organization changes may temporarily reduce productivity and negatively affect our rate of growth. Additionally, any changes in sales compensation structures may be disruptive or ineffective. If we are unable to attract, hire, develop, retain, and motivate qualified sales personnel, if our new sales personnel are unable to achieve sufficient sales productivity levels, if our marketing programs are not effective or if we are unable to effectively build, expand, and manage our sales organization and operations, our sales and revenue may grow more slowly than expected or materially decline, and our business may be significantly harmed.

Our ability to sell our software to customers depends on the quality of our offerings, and our failure to maintain the quality of our offerings could have a material adverse effect on our sales and results of operations.

Once our software is deployed and integrated with our customers’ existing information technology investments, our customers depend on our support to resolve any product-related issues. As our software becomes increasingly deployed in large-scale, complex technological environments, our future success will depend on our ability to increase sales of our products within these settings. Our ability to provide timely, efficient, and scalable support may depend in part on our customers’ environments and their ability to maintain and/or modernize their IT infrastructure.

The number of our customers has grown significantly, and increased demand may strain our services teams, and we may not be able to scale quickly enough to meet short-term spikes in demand. In addition, as we continue to grow our operations and expand outside of the United States, we need to be able to provide efficient services that meet our customers’ needs globally at scale, and our services teams may face additional challenges, including those associated with operating the software and delivering support, training, and documentation in multiple languages and providing services across expanded time zones. Failing to do so may hinder our growth, we may need to hire additional service personnel, which could negatively impact our business, financial condition, and results of operations.

Our customers often require proper training to fully realize the benefits and the full potential of our software. If we fail to effectively deploy, update, or upgrade our products, help our customers resolve post-deployment issues, and provide effective ongoing support, it could hinder our ability to sell additional products, damage our reputation, and lead to negative publicity. Many enterprises and government customers require higher levels of services than smaller customers, and failure to meet their requirements could impact our efforts to expand within this segment. As a result, our failure to maintain high-quality services may have a material adverse effect on our business, financial condition, results of operations, and growth prospects.

If we are not able to grow, maintain, and enhance our brand and reputation, along with the impact of inaccurate and damaging media coverage, our relationships with our customers, partners, and employees may be harmed, and our business and results of operations may be adversely affected.

We believe that growing, maintaining, and enhancing our brand identity and reputation is essential to attracting and retaining customers, partners, investors, and employees. The successful promotion of our brand depends upon our ability to continue to offer high-quality software, maintain strong relationships with our customers, the community, and others, while successfully differentiating our software from that of our competitors. Unfavorable media coverage may adversely affect our brand and reputation. We anticipate that as our market becomes increasingly competitive, maintaining our brand may become more challenging and costly. Brand promotional activities may not yield increased revenue, and even if they do, the increased revenue may not offset the expenses we incur in building our brand and reputation. If we fail to strengthen our brand or are unable to sell legacy products under our name, we may struggle to attract key stakeholders, grow our business, or maintain pricing power, all of which could adversely impact our business, financial condition, results of operations, and growth prospects. Additionally, despite our internal efforts to the contrary, we cannot guarantee that our customers will not ultimately use our software for purposes inconsistent with our company values, and such uses may harm our brand and reputation.

Publicly available information regarding our business has historically been limited, in part due to the sensitivity of our work with customers or contractual restrictions that prevent public disclosure of certain customer relationships and activities. As our business and interest in the broader tech industry have grown, we may attract significant attention from news and social media outlets, including unfavorable coverage or unauthorized coverage. This coverage may include inaccurate or misleading reports about our leadership, employees, or the nature of our work, as well as unfounded speculation. If such coverage contains or relies on damaging or incomplete information, it could harm our reputation with customers, employees, and investors, and adversely affect our business, financial condition, results of operations, and growth prospects. In addition, our relationships with government customers and customers engaged in certain sensitive industries may result in public criticism, including political and social activists, and unfavorable coverage in the media. Criticism of such relationships could potentially engender dissatisfaction among potential and existing customers, investors, and employees with how we address political and social concerns in our business activities. Actions we take in response to the activities of our customers, such as terminating our contracts or refusing a particular product use case, could harm our brand and reputation. In either case, the resulting harm to our reputation could cause certain customers to cease doing business with us, impair our ability to attract new customers or expand our relationships with existing customers, diminish our ability to hire or retain employees, undermine our standing in professional communities, or prompt us to cease doing business with certain customers. Any of these factors could adversely impact our business, financial condition, and results of operations.

Our pricing for our software and services may change to address market conditions.

We expect that we may need to adjust our pricing model in response to general economic conditions, competitor pricing, customer budgets, pricing studies, or how customers use our products and services. Entering new markets may also require tailored pricing strategies. In addition, as competitors introduce new products or services or revise their pricing structures, we may be unable to attract new customers at the same price or based on the same pricing model as we have used historically. Moreover, as we continue to target selling our software to larger organizations, these larger organizations may demand substantial price concessions, and government contracts may require compliance with specific pricing guidelines. If we fail to modify or develop pricing strategies that are attractive to existing and prospective customers, while enabling us to significantly grow our sales and revenue relative to our associated costs and expenses, our business, financial condition, and results of operations may be adversely impacted.

Certain estimates of market opportunity included in this Annual Report may prove to be inaccurate.

This Annual Report includes our internal estimates of the addressable market for our software and services. These estimates, whether obtained from third-party sources or developed internally, are subject to significant uncertainty and are based on assumptions that may not prove to be accurate. The estimates in this Annual Report relating to the size of our target market, market demand and adoption, capacity to address this demand, and pricing may prove to be inaccurate. The addressable market we estimate may not materialize for many years, if ever, and even if the markets in which we compete meet the size estimates in this Annual Report, our business could fail to successfully compete in such markets.

We face intense competition in our markets, and we may lack sufficient financial or other resources to maintain or improve our competitive position.

The markets for our software are very competitive, and we expect such competition to continue or increase in the future. A significant number of companies are developing products that currently, or in the future may, compete with some or all aspects of our proprietary software. We may not be successful in convincing our potential customers to deploy our software in lieu of existing software solutions or in-house software development projects preferred by internal IT teams or other competitors. In addition, our competitors include large enterprise software companies, government contractors, and system integrators, and we may face competition from emerging companies as well as established companies entering this market. To remain competitive, we may need to make substantial investments in our research, development, services, marketing, and sales functions in order to respond to competition, and there can be no assurance that we will be able to compete successfully in the future. Many of our existing competitors have, and some of our potential competitors could have, substantial competitive advantages such as:

In addition, some of our larger competitors have substantially broader and more diverse products and services, allowing them to leverage their relationships with distribution partners and customers based on other products or incorporate functionality into existing products to gain business in a manner that discourages customers from purchasing our software, including by selling at zero or negative margins, product bundling, or offering closed technology platforms. Some customers may also prefer to purchase from their existing provider regardless of software performance or features. As a result, even if the features of our software offer unique advantages, customers may not purchase our software. If we are unable to sufficiently differentiate our software through functionality, performance, or value, we may see a decrease in demand for our offerings. Additionally, innovative start-up companies and larger companies investing heavily in research and development may introduce products that have greater performance or functionality, are easier to implement or use, incorporate new technological advances, or implemented or may invent similar or superior software that competes with our software. Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources.

Some of our competitors have made or could make acquisitions of businesses that allow them to offer more competitive and comprehensive solutions. As a result of such acquisitions, our current or potential competitors may be able to accelerate the adoption of new technologies, devote greater resources to bringing these products and services to market, initiate or withstand substantial price competition, or develop and expand their offerings more quickly than we do. These competitive market pressures, or our failure to compete effectively, may result in fewer orders, reduced revenue and margins, and loss of market share. It is also possible that industry consolidation may cause customers to question the viability of smaller or mid-sized software firms, making them less likely to purchase from us.

We may not compete successfully against our current or potential competitors. If we are unable to compete successfully, or if competing successfully requires costly actions, our business, financial condition, and results of operations could be adversely affected. In addition, our competitors may have an entirely different pricing or distribution model. Increased competition could result in fewer customer orders, price reductions, reduced margins, and loss of market share, any of which could harm our business and results of operations.

We may not enter into relationships in select countries or with potential customers if their activities or objectives are inconsistent with our mission or values. We generally do not enter into business with customers or governments whose positions or actions we consider inconsistent with our mission to support Western liberal democracy and its strategic allies. Our decisions not to enter into these relationships may not produce the long-term financial benefits and results that we expect. Although we endeavor to do business with customers and governments that are aligned with our mission and values, we cannot predict how the activities and values of our government and private sector customers will evolve over time, and they may evolve in a manner inconsistent with our mission.

Joint ventures, channel sales relationships, platform partnerships, strategic alliances, or subcontracting opportunities may have a material adverse effect on our business, results of operations, and prospects.

We expect to continue to enter into joint ventures, channel sales relationships, platform partnerships, or strategic alliances as part of our long-term business strategy. Joint ventures, platform partnerships, strategic alliances, and other similar arrangements involve significant investments of both time and resources, and there can be no assurances that they will be successful. They may present significant challenges and risks, including that they may not advance our business strategy, we may get an unsatisfactory return on our investment or lose some or all of our investment, they may distract management and divert resources from our core business, they may expose us to unexpected liabilities, or we may choose a partner that does not cooperate as we expect them to and that fails to meet its obligations or that has economic, business, or legal interests or goals that are inconsistent with ours. Entry into these partnerships now or in the future may be subject to government regulation, including review by U.S. or foreign government entities related to foreign direct investment. Such regulatory review might limit our ability to enter into the desired strategic alliance and thus our ability to carry out our long-term business strategy.

As our joint ventures, channel sales relationships, platform partnerships, and strategic alliances come to an end, we may be unable to renew or replace them on comparable terms, or at all. These partners may be required to undertake some portion of sales, marketing, implementation services, engineering services, or software configuration that we would otherwise provide. In such cases, our partner may be less successful than we would have otherwise been absent the arrangement. In the event we enter into an arrangement with a particular partner, we may be less likely or unable to work with one or more direct competitors of our partner with which we would have worked absent the arrangement. Our interests may not always align with those of our joint venture or strategic partners, which may affect our ability to successfully collaborate with a given partner. Similarly, one or more of our partners may independently suffer a bankruptcy or other economic hardship that negatively affects their ability to continue as a going concern or perform their obligations under the arrangement. In addition, customer satisfaction with our products provided in connection with these arrangements may be less favorable than anticipated, and some of our strategic partners may offer competing products and services or work with our competitors. As a result of these and other factors, many of the companies with which we have partnerships may choose to pursue alternative technologies and develop alternative products in addition to or in lieu of our platforms, either on their own or in collaboration with others, including our competitors. If we are unsuccessful in establishing or maintaining our relationships with these partners, our ability to compete in a given marketplace or to grow our revenue would be impaired, and our results of operations may suffer. Even if we are successful in establishing and maintaining these relationships with our partners, we cannot assure that these relationships will result in increased customer usage of our platforms or increased revenue, and any negative impact on a partner’s brand or products could affect our outcomes in those markets.

In addition, some of our sales to government entities have been made, and in the future may be made, indirectly through our channel partners. For the years ended December 31, 2025 and 2024, channel partners accounted for 37.4% and 54.2% of overall revenue, respectively. In no period has any single channel partner accounted for 10% or more of overall corporate revenue.

Government entities may have statutory, contractual, or other legal rights to terminate contracts with our channel partners for convenience or due to a default, and, in the future, if the portion of government contracts that are subject to renegotiation or termination, our future results could be negatively impacted. In the event of such termination, it may be difficult for us to arrange for another channel partner to sell our products in a timely manner, and we could lose sales opportunities during the transition. Government entities routinely audit government contractors’ administrative processes, and any unfavorable audit could result in the government entity refusing to renew its subscription for our software, a reduction of revenue, or fines or civil or criminal liability if the audit uncovers improper or illegal activities. Further, winding down joint ventures, channel sales relationships, platform partnerships, or other strategic alliances can result in additional costs, litigation, and negative publicity. Any of these events could adversely affect our business, financial condition, results of operations, and growth prospects.

If we are not successful in executing our strategy to increase our sales to larger customers, our results of operations may suffer.

An important part of our growth strategy is to increase sales of our software to large enterprises and government entities, which can involve greater risks than sales to small or mid-sized commercial customers. These risks may include greater leverage held by large customers in negotiating contractual arrangements with us, changes in key decision makers within these organizations that may negatively impact our ability to negotiate in the future, concerns from customers’ IT departments about losing internal control, and the potential for investing resources in prospects that do not convert. Large customers may also impose more stringent contract terms, including stricter service response times, increased penalties for non-compliance. In addition, we may face competition from larger competitors, such as defense contractors, system integrators, or large software companies that traditionally target large enterprises and government entities with existing commitments. Further, large enterprises and government entities often undertake a significant evaluation process that results in a lengthy sales cycle, requiring approvals of multiple management personnel and more technical personnel than would be typical of a smaller organization.

Finally, large enterprises and government entities typically (i) have longer implementation cycles, (ii) require greater product functionality and scalability and a broader range of services, (iii) demand that vendors take on a larger share of risks, (iv) sometimes require acceptance provisions that can lead to a delay in revenue recognition, (v) typically have more complex IT and data environments, and (vi) expect greater payment flexibility from vendors. Customers, and sometimes we, may also engage third parties to be the users of our software, which may result in contractual complexities and risks, require additional investment in time and human resources to train the third parties, and allow them (who may be engaging in various competitive activities) to influence our customers’ perception of our software. All these factors can add further risk to business conducted with these customers. If sales expected from a large customer for a particular quarter are not realized in that quarter or at all, our business, financial condition, results of operations, and growth prospects could be materially and adversely affected.

If the market for our software and services develops more slowly than we expect, our growth may slow or stall, and our business, financial condition, and results of operations could be harmed.

The market for our software is rapidly evolving, and our future success will depend in large part on the growth and expansion of this market, which is difficult to predict and relies on a number of factors. Factors influencing this growth include customer adoption and demand, changing customer needs, competitive products, and customers’ willingness to invest in new software after significant prior investments in legacy data collection, storage, and processing software. The estimates used to calculate our market opportunity are subject to change over time, and there is no guarantee that any particular number or percentage of the organizations covered by our market opportunity estimates will pay for our software at all or generate any particular level of revenue for us. Even if the market meets the size estimates and growth forecasts, we may not achieve expected growth due to factors beyond our control, including increased competition in our industry. Further, if we or other data management and analytics providers experience security incidents, loss of or unauthorized access to customer data, disruptions in delivery, or other problems, this market as a whole, including our software, may be negatively affected. If our solutions fail to achieve widespread adoption, or there is a reduction in demand caused by a lack of customer acceptance, technological challenges, weakening economic conditions, security or privacy concerns, competing products, decreases in corporate spending, or if the market develops but we are unable to continue to penetrate it due to the cost, performance, and perceived value associated with our software, our revenue and overall business performance could be adversely affected.

In the future, we may not be able to secure the financing necessary to operate and grow our business as planned, or to make acquisitions.

In the future, we may seek to raise or borrow additional funds to expand our business development efforts, make acquisitions, or otherwise fund or grow our business and operations. As of December 31, 2025 and 2024, we had approximately $1.8 million and $0.4 million of indebtedness, respectively. Although we currently anticipate that our existing cash and cash equivalents will be sufficient to meet our cash needs for at least the next twelve months, additional funds may be required if our commercial sales do not develop as quickly as planned. If we require additional financing, we may not be able to obtain debt or equity financing on favorable terms, if at all. If we raise equity financing to fund operations or on an opportunistic basis, our stockholders may experience significant dilution of their ownership interests. If adequate funds are not available on acceptable terms, or at all, we may be unable to, among other things:

Our inability to take any of these actions because adequate funds are not available on acceptable terms could have an adverse impact on our business, financial condition, results of operations, and growth prospects.

We may need to raise additional capital, which may not be available on favorable terms, if at all, and which may cause dilution to stockholders, restrict our operations, or adversely affect our ability to operate our business.

Our ability to raise additional capital may be significantly affected by general market conditions, the market price of our common stock, our financial condition, uncertainty about the future commercial success of our products, regulatory developments, the status and scope of our intellectual property, any ongoing arbitration or litigation, our compliance with applicable laws and regulations and other factors, many of which are outside our control. If we are unable to obtain needed financing on acceptable terms, or otherwise, we may not be able to implement our business plan, which could have a material adverse effect on our business, financial condition, and results of operations, including a decline in the trading price of our common stock. Any additional equity financings could result in additional dilution to our then existing stockholders. In addition, we may enter into additional financings that restrict our operations or adversely affect our ability to operate our business, and if we issue equity, debt or other securities to raise additional capital or restructure or refinance our existing indebtedness, the new equity, debt or other securities may have rights, preferences and privileges senior to those of our existing stockholders.

Our ability to pay interest and principal on any indebtedness and our ability to refinance all or a portion of our indebtedness or obtain additional financing depend on many factors beyond our control.

Our ability to make scheduled payments on, or to refinance our obligations under, any indebtedness depends on our financial performance and prevailing economic conditions. Certain of these financial and business factors, many of which may be beyond our control, are described above. If our cash flows and capital resources are insufficient to fund our debt service obligations, we may be forced to reduce or delay capital expenditures, sell assets, raise additional equity capital, or restructure our debt. There is no assurance that such alternative measures may be successful or permitted under the agreements governing our indebtedness, and, as a result, we may not be able to meet our scheduled debt service obligations. Even if successful, actions taken to improve short-term liquidity to meet our debt service and other obligations could harm our long-term business prospects, financial condition, and results of operations. In addition, we cannot guarantee that we will be able to refinance our indebtedness or obtain additional financing on satisfactory terms or at all, due to factors like existing asset guarantees, our level of indebtedness, and the debt incurrence restrictions imposed by the agreements governing our indebtedness. Changes in economic conditions or credit markets could further limit access to financing or increase its cost.

We may acquire or invest in companies and technologies, which may divert our management’s attention and result in additional dilution to our stockholders. We may be unable to integrate acquired businesses and technologies successfully or achieve the expected benefits of such acquisitions or investments.

As part of our business strategy, we have engaged in strategic transactions in the past and expect to evaluate and consider potential strategic transactions, including acquisitions of, or investments in, businesses, technologies, services, products, and other assets in the future. We may also enter into relationships with other businesses to expand our products or our ability to provide services. An acquisition, investment, or business relationship may result in unforeseen risks, operating difficulties, and expenditures, including the following:

The occurrence of any of these risks could have a material adverse effect on our business, results of operations, and financial condition. Moreover, we cannot assure you that we would not be exposed to unknown liabilities.

Unfavorable conditions in our industry or the global economy, or reductions in IT spending, could limit our ability to grow our business and negatively affect our results of operations.

Our results of operations may vary based on the impact of changes in our industry or the global economy on us or our customers. The revenue growth and potential profitability of our business depend on demand for our platform. Current or future economic uncertainties or downturns could adversely affect our business and results of operations. Negative conditions in the global economy or individual markets, including changes in gross domestic product growth, financial and credit market fluctuations, political turmoil, natural catastrophes, warfare and terrorist attacks on the United States, Europe, Australia, the Asia Pacific region or elsewhere, could cause a decrease in business investments, including spending on IT and negatively affect our business. Political and military events in Ukraine, including the ongoing tensions and state of war between Ukraine and Russia, poor relations between the United States and Russia, and sanctions by the international community against Russia or separatist areas of Ukraine, may also have an adverse impact on our employees, customers, partners, and vendors. In turn, any of these may adversely impact our ability to grow our business and negatively affect our results of operations.

Significant political, trade, regulatory developments, and other circumstances beyond our control could have a material adverse effect on our financial condition or results of operations.

Significant political, trade, or regulatory developments in the jurisdictions in which we sell our products, such as those stemming from the change in U.S. federal administration, are difficult to predict and may have a material adverse effect on us. Similarly, changes in U.S. federal policy that affect the geopolitical landscape could give rise to circumstances outside our control that could have negative impacts on our business operations. For example, during the prior Trump administration, increased tariffs were implemented on goods imported into the U.S., particularly from China, Canada, and Mexico. Historically, tariffs have led to increased trade and political tensions between not only the U.S. and China, but also between the U.S. and other countries in the international community. In response to tariffs, other countries have implemented retaliatory tariffs on U.S. goods. Political tensions as a result of trade policies could reduce trade volume, investment, technological exchange, and other economic activities between major international economies, resulting in a material adverse effect on global economic conditions and the stability of global financial markets. Any changes in political, trade, regulatory, and economic conditions, including, but not limited to, U.S. and China trade policies, could have a material adverse effect on our financial condition or results of operations.

We develop and use AI in our business, and challenges with properly developing and managing its use could result in reputational harm, competitive harm, and legal liability, and adversely affect our results of operations.

We develop and incorporate AI solutions into our platform, services, and features, and the development and use of these AI solutions are fundamental to our business and operations. Our competitors or other third parties may develop and incorporate AI into their products more quickly or more successfully than us, which could impair our ability to compete effectively and adversely affect our results of operations. Additionally, if the content, analyses, or recommendations that our AI applications assist in producing are or are alleged to be deficient, inaccurate, or biased, our business, financial condition, and results of operations may be adversely affected. Our use of AI and machine learning is subject to risks related to flaws in our algorithms and datasets that may be insufficient or contain biased information. The development of AI technologies is complex, and there are challenges associated with achieving the desired level of accuracy, efficiency, and reliability. The algorithms and models used in our AI systems may have limitations, including biases, errors, or an inability to handle certain data types or scenarios. There is a risk of system failures, disruptions, or vulnerabilities that could compromise the integrity, security, or privacy of our platform. These failures could result in reputational damage, legal liabilities, or loss of user confidence, which could materially affect our business.

AI also presents emerging ethical issues, and if our development and use of AI become controversial, we may experience brand or reputational harm, competitive harm, or legal liability. The rapid evolution of AI, including potential government regulation of AI, will require significant resources to develop, test, and maintain our platform, services, and features to help us implement AI ethically in order to minimize unintended, harmful impact.

Legislative and governmental activity in the privacy area may result in new laws or regulations that are applicable to us and that may hinder our business, for example, by restricting use or sharing of patient data, limiting our ability to provide certain data to our customers, limiting our ability to develop or modify our AI systems, or otherwise regulating AI and machine learning, including the use of algorithms and automated processing in ways that could materially affect our business, or which may lead to significant increases in the cost of compliance.

Risks Related to Intellectual Property, Information Technology, Data Privacy, and Security

If our systems, our customers’ environments, or third-party systems we rely on are breached or if unauthorized access to sensitive data occurs, it could harm public perception of our software, result in business losses, and expose us to liability.

Our success depends on maintaining strong data security for our software and services. Because our software is used by our customers to store, transmit, index, or otherwise process and analyze large data sets that often contain proprietary, confidential, and/or sensitive information (including in some instances personal or identifying information and personal health information), our software is perceived as an attractive target for attacks by computer hackers or others seeking unauthorized access, and our software faces threats of unintended exposure, exfiltration, alteration, deletion, or loss of data. Additionally, many customers rely on our software for mission-critical functions and have a low tolerance for security vulnerabilities, increasing the potential impact of any breach.

We rely on third-party technology, infrastructure, and software applications to support certain key software features or functions of our business, including our cloud-based services, customer relationship management activities, billing and order management, and financial accounting services. Additionally, we rely on computer hardware to deliver our software and services. We do not have control over the operations of the facilities of the third parties that we use, and any disruptions, security issues, or performance deficiencies in these services could impair our systems and negatively impact our software performance, customer experience, and overall operations.

We and the third-party vendors we rely on may in the future experience cybersecurity threats, including threats or attempts to disrupt our information technology infrastructure and unauthorized attempts to gain access to sensitive or confidential information. These threats may include cyberattacks (including computer viruses, malicious and destructive code, phishing attacks, and denial of service attacks), physical or electronic security breaches, natural disasters, fire, power loss, telecommunications failures, personnel misconduct, and human error. Such attacks or security breaches may be perpetrated by internal bad actors, such as employees or contractors, or by third parties (including traditional computer hackers, persons involved with organized crime, or foreign state or foreign state-supported actors). Cybersecurity threats are constantly evolving and increasingly sophisticated, often involving social engineering and other complex techniques that are difficult to detect or defend against. Because the techniques used to obtain unauthorized access change frequently and generally are often identified only after an attack, we and our third-party vendors may be unable to anticipate these techniques or implement adequate preventative measures. Although prior cyberattacks directed at us have not had a material impact on our financial results, and we are continuing to bolster our threat detection and mitigation processes and procedures, we cannot guarantee that future cyberattacks, if successful, will not have a material impact on our business or financial results. While we have security measures in place to protect our information and our customers’ information and to prevent data loss and other security breaches, we have not always been able to do so and there can be no assurance that we will be able to anticipate or prevent security breaches or unauthorized access of our information technology systems or the information technology systems of the third-party vendors upon which we rely. Despite our implementation of network security measures and internal information security policies, data stored on personnel computer systems is also vulnerable to similar security breaches, unauthorized tampering, or human error.

Many governments have enacted laws requiring companies to provide notice of data security incidents involving certain types of data, including personal data. In addition, most of our customers, including U.S. government customers, contractually require us to notify them of data security breaches. If an actual or perceived breach of security measures, unauthorized access to our system or the systems of the third-party vendors that we rely upon, or any other cybersecurity threat occurs, we may face direct or indirect liability, costs, contract termination, and reputational harm. Such events may also impact our ability to attract new customers and could materially and adversely affect our business, financial condition, and results of operations.

Unauthorized access to our or our third-party vendors’ information technology systems or data or other security breaches could result in the loss of information; significant remediation costs; litigation, disputes, regulatory action, or investigations that could result in damages, material fines, and penalties; indemnity obligations; interruptions in the operation of our business, including our ability to provide new product features, new software, or services to our customers; damage to our operation technology networks and information technology systems; and other liabilities. Remediation efforts may not be successful, and any or all of these perceived incidents could hinder our ability to obtain and maintain required or desirable cybersecurity certifications, and result in reputational damage, any of which could materially adversely affect our results of operations, financial condition, and future prospects. There can be no assurance that any limitations of liability provisions in our license arrangements with customers or in our agreements with vendors, partners, or others would be enforceable, applicable, or adequate or would otherwise protect us from any such liabilities or damages with respect to any claim.

We maintain cybersecurity insurance and other types of insurance, subject to applicable deductibles and policy limits, but our insurance may not be sufficient to cover all costs, claims, or liabilities associated with a potential data security incident. In addition, our insurance may not protect us against all claims and losses related to our software or a data security incident due to specified exclusions, deductibles, and material change limitations, and it may be difficult to insure against certain risks. We also cannot be sure that our existing general liability insurance coverage and coverage for cyber liability or errors or omissions will continue to be available on acceptable terms or will be available in sufficient amounts to cover one or more large claims, or that the insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could harm our financial condition.

Our software contains “open source” software, and any failure to comply with the terms of one or more of these open-source licenses could negatively affect our business.

Our software is distributed with software licensed by its authors or other third parties under “open source” licenses. Some of which may require us to make available source code for modifications or derivative works and license these under the same terms, granting third parties certain rights of further use. If we combine our proprietary software with open-source software in certain ways, we may be required to release our proprietary source code under open-source licenses. In addition to risks related to license requirements, usage of open-source software can lead to greater risks than use of third-party commercial software, as open-source licensors generally do not provide updates, warranties, support, indemnities, assurances of title, or controls on origin of the software. Additionally, some open-source projects may have known security vulnerabilities or architectural instabilities or are otherwise subject to security attacks due to their wide availability, and are provided on an “as-is” basis.

Although we have established processes in place to mitigate these risks, including a review process for screening requests for the use of open-source software, we cannot guarantee that all open-source software is submitted for approval prior to use in our software or that such software tools will be effective. Open-source license terms may be ambiguous, and many associated risks cannot be eliminated, potentially negatively impacting our business if not properly addressed. If we were found to have inappropriately used open-source software, we may be required to re-engineer our software, release proprietary source code, or discontinue the sale of our software in the event re-engineering could not be accomplished on a timely basis. Such actions could divert resources and negatively impact our business, operations, financial condition, and growth prospects. In addition, if the open-source software we use is no longer maintained, it may be more difficult to make the necessary revisions to our software, including modifications to address security vulnerabilities, which could impact our ability to mitigate cybersecurity risks or fulfill contractual obligations to our customers. We may also face claims seeking to enforce open-source license terms, including demands to release the open-source software, derivative works, or proprietary source code developed using such software. Such claims, regardless of merit, could lead to costly litigation, divert resources, or require us to modify our software, potentially harming our business.

Additionally, we have intentionally made certain proprietary software available on an open-source basis, both by modifying existing projects and by making certain internally developed tools available pursuant to open-source licenses, and we plan to continue to do so in the future. While we have established procedures in place to protect competitively sensitive code, we cannot guarantee consistent application. Even when applied, because any software source code we contribute to open-source projects is publicly available, our ability to protect our intellectual property rights with respect to such software source code may be limited or lost entirely, allowing potential competitors to sue it for competitive or unintended purposes.

Many of these risks associated with the usage of open-source software could be difficult to eliminate or manage, and could, if not properly addressed, negatively affect the performance of our offerings and our business.

Real or perceived errors, failures, defects, or bugs in our software could adversely affect our results of operations and growth prospects.

Given the complexity of our software, undetected issues may arise, especially with new features, versions, or infrastructure updates. Our software is often deployed in large-scale environments with diverse configurations, which may cause errors or failures in our software or may expose undetected errors, failures, or bugs in our software. Despite our testing, some defects may not be found in new software or releases until after commencement of commercial shipments. In the past, errors have affected the performance of our software and can also delay the development or release of new software or capabilities or new versions of software, adversely affect our reputation, and potentially reduce demand for our software.

Many of our customers use our software in applications that are critical to their businesses or missions and may have a lower risk tolerance to defects in our software than to defects in other, less critical, software products. Delays or errors in releasing new software or versions, or allegations of poor performance, defects, or failures in released software, could result in revenue or market share loss, higher service costs, significant redesign expenses, loss of key customers, potential liability for damages, and diversion of resources. Any of these outcomes could materially and adversely impact our business, operating results, and financial condition. 

In addition, our software could be perceived to be ineffective for a variety of reasons outside of our control, such as hackers bypassing security measures or customers misusing our software, resulting in a security breach or perceived product failure. Any real or perceived errors, failures, or bugs in our software and services, or dissatisfaction with our services and outcomes, could result in customer terminations and/or claims by customers for losses sustained. In such an event, we may need, for customer relations or other reasons, to invest additional resources to address these issues. While our customer agreements contain limitation of liability provisions, they may not always be enforceable or sufficient in some circumstances. The sale and support of our products carry risks of product liability claims. Although we maintain insurance to protect against certain claims associated with the use of our software and services, our insurance coverage may not adequately cover all claims and liabilities. In addition, our insurance may not protect us against all losses due to specified exclusions, deductibles, and material change limitations, and it may be difficult to insure against certain risks. Even claims that ultimately are unsuccessful could divert resources and management time.

Further, our software integrates a wide variety of other elements and must successfully interoperate with products from other vendors and our customers’ internally developed software, which can make it difficult to identify the source of issues when problems arise. We may be blamed for security or compliance failures caused by other vendors’ and customers’ systems. The occurrence of software errors in data, whether or not caused by our software, could delay or reduce market acceptance of our software and have an adverse effect on our business and financial performance, and any necessary revisions may incur significant expenses. If an actual or perceived breach occurs in one of our customers’ systems, regardless of whether the breach is attributable to our software, the market perception of the effectiveness of our software could be harmed. Alleviating any of these problems could require significant expenditures of our capital and other resources and could cause interruptions, delays, or cessation of our product licensing, which could cause us to lose existing or potential customers and could adversely affect our business, financial condition, results of operations, and growth prospects.

Issues in the development and use of artificial intelligence in our software may result in reputational harm or liability.

Our core business consists of the development and use of AI in our software products. As with many developing technologies, AI presents risks and challenges that could affect its further development, adoption, and use, and therefore our business. AI algorithms may be flawed. Datasets may be insufficient, of poor quality, or contain biased information. Inappropriate or controversial data practices by data scientists, engineers, and end-users of our systems could impair the acceptance of AI solutions. If the recommendations, forecasts, or analyses that AI applications assist in producing are deficient or inaccurate, we could be subjected to competitive harm, potential legal liability, and brand or reputational harm. Some AI scenarios present ethical issues. Though our technologies and business practices are designed to mitigate many of these risks, if we enable or offer AI solutions that are controversial because of their purported or real impact on human rights, privacy, employment, or other social issues, we may experience brand or reputational harm.

Our policies regarding confidential customer information and support for individual privacy and civil liberties could cause us to experience adverse business and reputational consequences.

We strive to protect our customers’ confidential information and individuals’ privacy consistently in accordance with applicable laws. Government entities may occasionally request customer information or modifications to our software to enable access or monitoring. In light of our confidentiality and privacy commitments, we may legally challenge such requests to uphold our privacy commitments. To the extent that we do not provide assistance to or comply with requests from government entities, or if we challenge those requests publicly or in court, we may experience adverse political, business, and reputational consequences among certain customers or portions of the public. Conversely, to the extent that we do provide such assistance or do not challenge those requests publicly in court, we may experience adverse political, business, and reputational consequences from other customers or portions of the public arising from concerns over privacy or the government’s activities.

Failure to adequately obtain, maintain, protect, and enforce our intellectual property and other proprietary rights could adversely affect our business.

Our success and ability to compete depend in part on our ability to protect our proprietary methods and technologies in the United States and other jurisdictions outside the United States. Despite our efforts, third parties may attempt to disclose, obtain, copy, or use our intellectual property or other proprietary information or technology without our authorization, and our efforts to protect our intellectual property and other proprietary rights may not prevent such unauthorized disclosure or use, misappropriation, infringement, reverse engineering or other violation of our intellectual property or other proprietary rights.

We have devoted substantial resources to the development of our proprietary software. To protect our proprietary technologies and processes, we rely in part on trade secret laws and confidentiality agreements with our employees, consultants, and third parties. These agreements may not effectively prevent unauthorized disclosure of confidential information and may not provide an adequate remedy in the event of unauthorized disclosure of confidential information. In addition, others may independently discover our trade secrets, in which case we would not be able to assert trade secret rights or develop similar technologies and processes.

We rely on the availability of third-party technology license, and if we are unable to maintain or secure them on reasonable terms, it could lead to errors or delays in our software and service implementation.

Our software may include intellectual property licensed from third parties, and we may need to renew or seek new licenses for existing or new software in the future. There can be no assurance that the necessary licenses would be available on commercially acceptable terms, if at all. Third parties may choose to terminate or renew them for a variety of reasons, including actual or perceived failures or breaches of security or privacy, or reputational concerns. In addition, we may be subject to liability if third-party software that we license is found to infringe, misappropriate, or otherwise violate the intellectual property or privacy rights of others. The inability to obtain certain third-party licenses or the need to engage in litigation regarding these matters could result in product roll-backs, delays in product releases until equivalent technology can be identified, licensed, or developed and integrated into our software, and may have a material adverse effect on our business, financial condition, and results of operations. Moreover, the use of nonexclusive third-party components may limit product differentiation and our ability to maintain service levels.

In addition, any data that we license from third parties for potential use in our software may contain errors or defects, which could negatively impact the analytics that our customers perform on or with such data. This may have a negative impact on how our software is perceived by our customers and could materially damage our reputation. Changes in or the loss of third-party licenses could lead to our software becoming inoperable or the performance of our software being materially reduced, resulting in our potentially needing to incur additional research and development costs to ensure continued performance of our software or a material increase in the costs of licensing, and we may experience decreased demand for our software.

We may in the future be subject to intellectual property rights claims, which are extremely costly to defend, could require us to pay significant damages, and could limit our ability to use certain technologies.

Our success depends on operating without infringing, misappropriating, or otherwise violating the intellectual property or other proprietary rights of third parties. The software industry frequently faces intellectual property litigation, and many companies, including our competitors and patent assertion entities, hold extensive intellectual property portfolios and have aggressively enforced their rights. Such litigation may also involve non-practicing patent assertion entities who use their patents to extract license fees by threatening costly litigation or that have minimal operations or relevant product revenue, and against whom our patents may provide little or no deterrence or protection. Further, laws in certain jurisdictions may afford little or no trade secret protection, and any changes in, or unexpected interpretations of, the intellectual property laws in any jurisdiction in which we operate may compromise our ability to enforce our rights. Enforcing our proprietary rights may require costly litigation, and inadequate protection could diminish the value of our software, brand, and intangible assets. We may also face intellectual property infringement claims, which could be expensive and time-consuming, divert management’s attention, and result in significant liability or the need to rebrand our software.

While we have not received any notices to date, we may receive notices in the future that claim we have infringed, misappropriated, misused, or otherwise violated other parties’ intellectual property rights. As we become exposed to greater visibility, we face a higher risk of being the subject of intellectual property infringement, misappropriation, or other violation claims, which is not uncommon with respect to software technologies. There may be third-party intellectual property rights, including patents and trademarks, that cover significant aspects of our technologies, business methods, or the products and services we offer in certain regions. We may face increased risk of intellectual property claims due to acquisitions or the integration of open source and other third-party software, as we have less visibility into the development process and safeguards against infringement or misappropriation risks. 

In addition, former employers of our current, former, or future employees may assert claims that such employees have improperly disclosed to us confidential or proprietary information of these former employers. Any intellectual property claims, with or without merit, are difficult to predict, could be time-consuming and expensive to settle or litigate, could divert our management’s attention and other resources, and may not be covered by our insurance. They may result in significant liability for damages, potentially including treble damages if we are found to have willfully infringed a third party’s intellectual property rights. These claims could also result in our having to stop using technology, branding, or marks found to be in violation of a third party’s rights, and any necessary rebranding could result in the loss of goodwill. If we can’t secure necessary licenses or develop alternative technology for any infringing aspect of our business, we would be forced to limit or stop sales of one or more of our software or features, we could lose existing customers, and we may be unable to compete effectively.

Further, some of our agreements with customers and other third parties may include indemnification provisions under which we agree to indemnify them for losses suffered or incurred as a result of third-party claims of intellectual property infringement, misappropriation, or other violations of intellectual property rights, damages caused by us to property or persons, or other liabilities relating to or arising from our software, services, or other contractual obligations. Large indemnity payments could harm our business, financial condition, and results of operations. Any dispute with a customer with respect to such obligations could have adverse effects on our relationship with that customer and other existing customers and new customers and harm our business and results of operations.

Risks Related to Regulation and Compliance

Our business is subject to complex and evolving U.S. and non-U.S. laws and regulations regarding privacy, data protection and security, biometrics, artificial intelligence, technology protection, and other matters. Many of these laws and regulations are subject to change and uncertain interpretation, and could result in claims, changes to our business practices, monetary penalties, increased cost of operations, or otherwise harm our business.

We are subject to a variety of local, state, national, and international laws and directives and regulations in the United States and abroad that involve matters central to our business, including privacy and data protection, data security, data storage, retention, transfer, and deletion, biometrics, artificial intelligence, technology protection, and personal information. Foreign data protection, data security, privacy, biometrics, artificial intelligence, and other laws and regulations can impose different obligations or be more restrictive than those in the United States. These U.S. federal and state and foreign laws and regulations, which, depending on the regime, may be enforced by private parties or government entities, are constantly evolving and can be subject to significant change, and they are likely to remain uncertain for the foreseeable future. In addition, the application, interpretation, and enforcement of these laws and regulations are often uncertain, particularly in the new and rapidly evolving software and technology industry in which we operate, and may be interpreted and applied inconsistently from country to country and inconsistently with our current policies and practices.

The California state legislature passed the California Consumer Privacy Act (the “CCPA”) in 2018 and took effect January 1, 2020. The CCPA requires covered businesses that process personal information of California residents to disclose their data collection, use, and sharing practices. Further, the CCPA provides California residents with new data privacy rights (including the ability to opt out of certain disclosures of personal data), imposes new operational requirements for covered businesses, provides for civil penalties for violations as well as a private right of action for data breaches and statutory damages (which is expected to increase data breach class action litigation and result in significant exposure to costly legal judgements and settlements). Aspects of the CCPA and its interpretation and enforcement remain uncertain. In addition, the California Privacy Rights Act of 2020 (the “CPRA”), which took effect January 1, 2023, expanded the CCPA. The CPRA, among other things, gives California residents the ability to limit use of certain sensitive personal information, further restricts the use of cross-contextual advertising, establishes restrictions on the retention of personal information, expands the types of data breaches subject to the CCPA’s private right of action, provides for increased penalties for CPRA violations concerning California residents under the age of 16, and establishes a new California Privacy Protection Agency to implement and enforce the CPRA. 

The CCPA and other similar laws could impact our business activities depending on how they are interpreted. New legislation proposed or enacted in various other states will continue to shape the data privacy environment nationally. For example, Virginia recently passed its Consumer Data Protection Act, and Colorado recently passed the Colorado Privacy Act, both of which differ from the CPRA and became effective in 2023. Additional states, including Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas and Utah, have since also passed comprehensive privacy laws with additional obligations and requirements on businesses. Certain state laws may be more stringent or broader in scope, or offer greater individual rights, with respect to confidential, sensitive, and personal information than federal, international, or other state laws, and such laws may differ from each other, which may complicate compliance efforts. Additionally, all U.S. states and the District of Columbia have enacted breach notification laws that may require us to notify customers, employees, or regulators in the event of unauthorized access to or disclosure of personal or confidential information experienced by us or our service providers. These laws are not consistent, and compliance in the event of a widespread data breach is difficult and may be costly. Moreover, states have been frequently amending existing laws, requiring attention to changing regulatory requirements. We also may be contractually required to notify customers of a security breach.

U.S. and non-U.S. laws and regulations related to biometric technology and products are at a maturing stage of development and still evolving. The effects of such laws and regulations may impose limitations and add uncertainties to the development and operation of our biometric-related business. For example, the European Union’s General Data Protection Regulation (the “GDPR”) classifies biometric data as “sensitive data” which is subject to heightened protection and its processing is generally prohibited unless specific legal grounds, like explicit consent, are met. As another example, the Illinois BIPA prohibits the collection of biometric data without individualized notice and consent. Laws and regulations focused on the collection, use, and processing of biometric data could result in monetary penalties or other regulatory actions. Several states and municipalities are considering enacting or have already enacted statutes and regulations specifically concerning the collection, use and processing of biometric data, including those focused on consumer privacy and consumer protection. In addition, state data privacy laws and foreign data privacy laws often include heightened protections for biometric data, which may include individualized notice and/or consent requirements. These federal, state, municipal and foreign laws and regulations may impact our ability to deploy biometric software products in certain markets, and may increase our compliance costs.

U.S. and non-U.S. laws and regulations related to AI technology and products are at an early stage of development and still evolving. The effects of such laws and regulations remain unclear and may add uncertainties to the development and operation of our AI-related business. For example, the EU AI Act became effective on August 1, 2024 and will be fully applicable after a two-year transitional period (although certain obligations will take effect at an earlier or later time). The EU AI Act introduces various requirements for AI systems and models placed on the market or put into service in the EU and may impact our ability to train, deploy, or release AI models in the EU. Among other limitations, the EU AI Act prohibits marketing and use of “AI systems that create or expand facial recognition databases through the untargeted scraping of facial images from the internet or CCTV footage.” Laws and regulations focused on the development, use, and provision of AI technologies could result in monetary penalties or other regulatory actions. In the U.S., there is increasing uncertainty as to the federal government’s approach to AI regulation going forward, as the continued applicability of the White House’s 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, which lays out a framework for the U.S. government, among other things, to monitor private sector development of certain foundation models, remains subject to regulatory development. Several states are considering enacting or have already enacted statutes and regulations concerning the use of AI technologies, including those focused on consumer protection, and depending on the scope of AI regulation at the federal level, some states may move to regulate AI model development and deployment. As an example, the Colorado AI Act is scheduled to go into effect on June 30, 2026, which introduces various requirements for “high-risk” AI systems that make or significantly influence consequential decisions involving education, employment, financial services, housing, health care or legal services. Several other U.S. states are considering enacting or have already enacted regulations concerning AI technologies, which may impact our ability to train, deploy, or release AI models and our software products, and increase our compliance costs. Further, at the federal and state level, there have been various proposals (and in some cases laws enacted) addressing “deepfakes” and other AI-generated synthetic media.

We cannot yet fully predict the impact of these regulations on our business or operations, but developments regarding these privacy and data protection laws and regulations around the world may require us to modify our data processing practices and incur substantial costs in an effort to maintain compliance on an ongoing basis. Outside of the United States, virtually every jurisdiction in which we operate has established its own legal framework relating to privacy, data protection, and information security matters with which we and/or our customers must comply. Laws and regulations in these jurisdictions apply broadly to the collection, use, storage, retention, disclosure, security, transfer, and other processing of data that identifies or may be used to identify or locate an individual. Some countries and regions, including the European Union, are considering or have passed legislation that imposes significant obligations in connection with privacy, data protection, and information security that could increase the cost and complexity of delivering our software and services, including the GDPR which took effect in May 2018. Complying with the GDPR or other data protection laws and regulations as they emerge may cause us to incur substantial operational costs or require us to modify our data handling practices. Non-compliance with the GDPR specifically may result in administrative fines or monetary penalties of up to 4% of worldwide annual revenue in the preceding financial year or €20 million (whichever is higher) for the most serious infringements and could result in proceedings against us by governmental entities or other related parties and may adversely impact our business, financial condition, and results of operations.

In addition to government regulation, self-regulatory and industry standards may legally or contractually apply to us, be argued to apply to us, or we may elect to comply with such standards or to facilitate our customers’ compliance with such standards. Because privacy, data protection, and information security are critical competitive factors in our industry, we may make public statements about our data security measures and our compliance with, or our ability to facilitate our customers’ compliance with, these standards. We expect continued developments in privacy and data protection laws, and we cannot determine the impact of future laws, regulations, and standards, or re-interpretations of existing laws and regulations, industry standards, or other obligations may have on our business. Compliance with existing laws and regulations, industry standards, and contractual and other obligations may require additional costs and could restrict our business operations. As these legal regimes continue to evolve, they may result in ever-increasing public scrutiny and escalating levels of enforcement and sanctions. Furthermore, uncertainty in how these laws and obligations are interpreted and applied may result in alleged or actual non-compliance with our practices or product features. If so, in addition to the possibility of fines, lawsuits, and other claims, we could be required to fundamentally change our business practices or modify our software, which could have an adverse effect on our business. We may be unable to make such changes and modifications in a commercially reasonable manner or at all, and our ability to fulfill existing obligations, make enhancements, or develop new software and features could be limited.

These existing and proposed laws and regulations can be costly to comply with and can make our software and services less effective or valuable, delay or impede the development of new products, result in negative publicity, increase our operating costs, require us to modify our data handling practices, limit our operations, impose substantial fines and penalties, require significant management time and attention, or put our data or technology at risk. Any failure or perceived failure by us or our software to comply with applicable laws, regulations, directives, policies, industry standards, or legal obligations or any security incident involving unauthorized access to or use of sensitive data, could lead to government investigations, enforcement actions, private litigation, contractual liabilities, fines, business restrictions, reputational harm, and other significant costs and adverse effects on our business and operations.

Failure to comply with governmental laws and regulations could harm our business, and we may be the subject of legal and regulatory inquiries, which may result in monetary payments or may otherwise negatively impact our reputation, business, and results of operations.

Our business is subject to regulation by various federal, state, local, and foreign governments in which we operate. Non-compliance with applicable regulations or requirements could subject us to investigations, administrative proceedings, sanctions, enforcement actions, disgorgement of profits, fines, damages, litigation, civil and criminal penalties, termination of contracts, exclusion from sales channels or sales opportunities, injunctions, or other consequences. Such matters may include claims, disputes, allegations, or investigations related to alleged violations of laws or regulations relating to anti-corruption requirements, lobbying or conflict-of-interest requirements, export or other trade controls, data privacy or data protection requirements, or laws or regulations relating to employment, procurement, cybersecurity, securities, or antitrust/competition requirements. The effects of imposed and proposed actions are uncertain because of the dynamic nature of governmental action and responses.

We may be subject to government inquiries that drain our time and resources, tarnish our brand reputation, prevent us from doing business with certain customers or markets, including government customers, affect our ability to hire and maintain qualified employees, or require us to take remedial action or pay penalties. We may receive formal and informal inquiries from government agencies and regulators regarding our compliance relating to our business or transactions. Any negative outcome from such investigations or failure to prevail in any possible civil or criminal litigation could adversely affect our business, financial condition, and results of operations.

We may face legal, regulatory, and administrative inquiries and proceedings, and unfavorable outcomes in litigation or other matters could negatively impact our business, financial conditions, and results of operations.

We may be, from time to time, involved in and subject to litigation or proceedings for a variety of claims or disputes, or regulatory inquiries related to employment, discrimination, intellectual property, contracts, data privacy, securities laws, antitrust, or other matters. Derivative claims, lawsuits, and proceedings, which may, from time to time, be asserted against our directors by our stockholders, could involve breach of fiduciary duty, failure of oversight, corporate waste claims, and other matters. In addition, our business and results may be adversely affected by the outcome of currently pending and any future legal, regulatory, and/or administrative claims or proceedings, including monetary damages or injunctive relief.

Additionally, if customers fail to pay us under the terms of our agreements, we may be adversely affected due to the cost of enforcing our contract terms through litigation. Litigation or other proceedings can be expensive and time consuming, and can divert our resources and attention from our primary business operations. The results of our litigation also cannot be predicted with certainty. If we are unable to prevail in litigation, we could incur payments of substantial monetary damages or fines, or undesirable changes to our software or business practices. Furthermore, if we accrue a loss contingency for pending litigation and determine that it is probable, any disclosures, estimates, and reserves we reflect in our financial statements about these matters may not reflect the ultimate disposition or financial impact of litigation or other such matters. These proceedings could also result in negative publicity, which could harm customer and public perception of our business, regardless of the validity of the claims or the outcome.

Failure to comply with anti-bribery and anti-corruption laws could subject us to adverse consequences.

Since we may operate and sell our software around the world, we will be subject to the United States Foreign Corrupt Practices Act (“FCPA”), the U.S. domestic bribery statute contained in 18 U.S.C. § 201, the United States Travel Act, and other anti-corruption and anti-bribery laws and regulations in the jurisdictions in which we currently or may do business, both domestic and abroad, including potentially the U.K. Bribery Act. These laws and regulations generally prohibit improper payments or offers of improper payments to government officials, political parties, or commercial partners for the purpose of obtaining or retaining business or securing an improper business advantage.

Corruption issues pose a risk in every country and jurisdiction, but in many countries, particularly in countries with developing economies, it may be more common for businesses to engage in practices that are prohibited by the FCPA or other applicable laws and regulations, and our activities in these countries pose a heightened risk of unauthorized payments or offers of payments by one of our employees or third-party business partners, representatives, and agents that could be in violation of various laws including the FCPA. The FCPA and other applicable anti-bribery and anti-corruption laws also may hold us liable for acts of corruption and bribery committed by our third-party business partners, representatives, and agents. We and our third-party business partners, representatives, and agents may have direct or indirect interactions with officials and employees of government agencies, or state-owned or affiliated entities, and we may be held liable for the corrupt or other illegal activities of our employees or such third parties, even if we do not explicitly authorize such activities. The FCPA or other applicable laws and regulations also require that we keep accurate books and records and maintain internal controls and compliance procedures designed to prevent improper payments. While we have implemented policies and procedures to address compliance with such laws, we cannot assure you that our employees or other third parties working on our behalf will not engage in conduct in violation of our policies or applicable law for which we might ultimately be held responsible. Violations of the FCPA and other applicable anti-corruption laws may result in whistleblower complaints, adverse media coverage, investigations, imposition of significant legal fees, loss of export privileges, as well as severe criminal or civil sanctions, including suspension or debarment from U.S. government contracting, and we may be subject to other liabilities and adverse effects on our reputation, which could negatively affect our business, results of operations, financial condition, and growth prospects. In addition, responding to any enforcement action may result in a significant diversion of management’s attention and resources and significant legal defense costs, and other professional fees.

Governmental trade controls, including export and import controls, sanctions, customs requirements, and related regimes, may subject us to liability or loss of contracting privileges or limit our ability to compete in certain markets.

Our offerings are subject to U.S. export controls, including with respect to encryption technology incorporated into certain of our offerings. Certain of our controlled software offerings and the underlying technology may be exported outside of the United States or accessed by non-U.S. persons (wherever located) only with the required export authorizations, which may include license requirements in some circumstances. Additionally, our current or future products or services may be classified under the Export Administration Regulations (“EAR”) administered by the U.S. Department of Commerce, Bureau of Industry and Security (“BIS”) or as defense articles subject to the International Traffic in Arms Regulations (“ITAR”) administered by the U.S. Department of State, Directorate of Defense Trade Controls. In July 2024, the BIS published proposed rulemaking that exports of facial recognition systems and technology would require an export license for certain countries and that export license requirements would expand for fingerprint and voice biometric technologies. If a product, or component of a product, is classified under the ITAR, or is ineligible for an encryption license exception under the EAR, then the product or component could be exported outside the United States (or accessed by non-U.S. persons) only if we obtain the applicable export license or qualify for a different license exception. In certain contexts, the services we provide might be classified as defense services subject to the ITAR separately from the products we provide. Compliance with the EAR, ITAR, and other applicable regulatory requirements regarding the export or deemed export of our products, including new releases of our products and/or the performance of services, may create delays in or increase the cost of the introduction of our products in non-U.S. markets, prevent our customers with non-U.S. operations from deploying our products throughout their global systems or, in some cases, prevent the export of our products to some countries altogether.

Our activities are also subject to the economic sanctions laws and regulations administered by the U.S. Department of the Treasury, Office of Foreign Assets Control, and U.S. Department of State, and other jurisdictions. Such controls prohibit the shipment or transfer of certain products and services without the required export authorizations or export to countries, governments, and persons targeted by applicable sanctions. We take precautions to prevent our offerings from being exported in violation of these laws, including: (i) seeking to proactively classify our software and obtain authorizations for the export and/or import of our software where appropriate, (ii) implementing certain technical controls and screening practices to reduce the risk of violations, and (iii) requiring compliance with U.S. export control and sanctions obligations in customer and vendor contracts. However, we cannot guarantee the precautions we take will prevent violations of export control and sanctions laws.

As discussed above, if we misclassify a product or service, export or provide access to a product or service in violation of applicable export control or sanctions laws or regulations or otherwise fail to comply with export or sanctions laws or regulations, we may be denied export privileges or subjected to significant per violation fines or other penalties, and our software may be denied entry into other countries. Any decreased use of our software or limitation on our ability to export or sell our software would likely adversely affect our business, results of operations, and financial condition. Violations of U.S. sanctions or export control laws can result in fines or penalties, including civil penalties of up to $300,000 or twice the value of the transaction, whichever is greater, per EAR violation and a civil penalty that could exceed $1,000,000 for ITAR violations, depending on the circumstances of the violation or violations. In the event of criminal knowing and willful violations of these laws, fines of up to $1,000,000 per violation and possible incarceration for responsible employees and managers could be imposed.

We also note that if we or our business partners or counterparties, including licensors and licensees, prime contractors, subcontractors, sub-licensors, vendors, customers, contractors, or agents fail to obtain appropriate import, export, or re-export licenses or permits, notwithstanding regulatory requirements or contractual commitments to do so, or if we fail to secure such contractual commitments where necessary, we may also be adversely affected, through reputational harm as well as other negative consequences, including government investigations and penalties. For instance, violations of U.S. sanctions or export control laws can result in fines or penalties, including significant civil and criminal penalties per violation, depending on the circumstances of the violation or violations. Negative consequences for violations or apparent violations of trade control laws or regulations may include the absolute loss of the right to sell our software or services to the government of the United States, or to other public bodies, or a reduction in our ability to compete for such sales opportunities. Further, complying with export control and sanctions regulations for a particular sale may be time-consuming and may result in the delay or loss of sales opportunities.

Many countries, in addition to the United States, regulate the import and export of certain encryption and other dual-use or defense technology or services, including import and export permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our software or could limit our customers’ abilities to implement our software in those countries. Any such new restrictions, changes in economic sanctions, or shifting approaches in the enforcement of existing regulations, or in the countries, persons, or technologies targeted by such regulations, could result in decreased use of our software by existing customers with non-U.S. operations, declining adoption of our software by new customers with non-U.S. operations, and limitation of our expansion into new markets.

Changes in accounting principles or their application to us could result in unfavorable accounting charges or effects, which could adversely affect our results of operations and growth prospects.

We prepare our financial statements in accordance with U.S. generally accepted accounting principles (“GAAP”). We make certain estimates and assumptions related to the adoption and interpretation of these principles, including the recognition of our revenue and the accounting of our stock-based compensation expense with respect to our financial statements. If these assumptions turn out to be incorrect, our financial results and position could materially differ from our expectations and could be materially adversely affected. A change in any of these principles or guidance, or in their interpretations or application to us, may have a significant effect on our reported results, as well as our processes and related controls, and may retroactively affect previously reported results or our forecasts, which may negatively impact our financial statements.

We could be subject to additional tax liabilities.

We are subject to federal, state, and local income taxes in the United States. Determining our provision for income taxes requires significant management judgment, and the ultimate tax outcome may be uncertain. Our provision for income taxes is subject to volatility and could be adversely affected by many factors, such as changes to our operating or holding structure, changes in the amounts of earnings in jurisdictions with differing statutory tax rates, changes in the valuation of deferred tax assets and liabilities, and changes in U.S. tax laws. Tax authorities may disagree with our calculation of research and development tax credits, cross-jurisdictional transfer pricing, or other matters and assess additional taxes, interest, or penalties. While we regularly assess the likely outcomes of these examinations to determine the adequacy of our provision for income taxes and we believe that our financial statements reflect adequate reserves to cover such contingencies, there can be no assurance that the outcomes of such examinations will not have a material impact on our results of operations and cash flows. If tax authorities change applicable tax laws, our overall taxes could increase, and our financial condition or results of operations may be adversely impacted.

In addition, there is a risk that certain U.S. state tax authorities, where we do not currently file a state income tax return, could assert that we are liable for state and local income taxes based upon income or gross receipts allocable to such states. States are becoming increasingly aggressive in asserting a nexus for state income tax purposes. If a state tax authority successfully asserts that our activities give rise to a nexus, we could be subject to state and local taxation, including penalties and interest attributable to prior periods, which may adversely impact our results of operations.

Our results of operations may be harmed if we are required to collect sales or other related taxes for our license arrangements in jurisdictions where we have not historically done so.

States and some local taxing jurisdictions have differing rules and regulations governing sales and use taxes, and these rules and regulations are subject to varying interpretations that may change over time. We collect and remit U.S. sales and use tax, value-added tax (“VAT”), and goods and services tax (“GST”) in several jurisdictions. It is possible, however, that we could face sales tax, VAT, or GST audits and that our liability for these taxes could exceed our estimates, as state tax authorities could still assert that we are obligated to collect additional tax amounts from our customers and remit those taxes to those authorities. We could also be subject to audits for which we have not accrued tax liabilities. Jurisdictions may seek to impose incremental or new sales, use, or other tax collection obligations on us or may determine that such taxes should have, but have not been, paid by us.

Risks Related to Our Relationships and Business with the Public Sector

A significant portion of our business depends on sales to the public/government sector, and our failure to receive and maintain government contracts or changes in the contracting or fiscal policies of the public sector could have a material adverse effect on our business.

We derive a significant portion of our revenue from contracts with the federal government and government agencies, and we believe that the growth of our business will continue to depend on our successful procurement of government contracts. For example, we have historically derived, and expect to continue to derive, a significant portion of our revenue from sales to agencies of the U.S. federal government, either directly by us or through other government contractors. Our perceived relationship with the U.S. government could adversely affect our business prospects in certain non-U.S. geographies or with certain non-U.S. governments. Sales to government agencies are subject to a number of challenges and risks. The process can be highly competitive, expensive, and time-consuming, often requiring significant upfront time and expense without guaranteed sales. We must also comply with laws and regulations relating to the formation, administration, and performance of contracts, which grant public sector customers rights not typically found in commercial agreements.

Governmental and highly regulated entities may demand contract terms that differ from our standard arrangements and may be less favorable than terms agreed with private sector customers. These government contracts customarily contain provisions that give the government substantial rights and remedies, many of which are not typically found in commercial contracts. For instance, most U.S. government agencies include provisions that allow the government to unilaterally terminate contracts, in whole or in part, for convenience, and in that event, the counterparty to the contract may generally recover only its incurred or committed costs and settlement expenses and profit on work completed prior to the termination. If the government terminates a contract for default, the defaulting party may be liable for any extra costs incurred by the government in procuring undelivered supplies or services from another source. Government entities also tend to require shorter subscription terms, longer implementation cycles, more complex IT and data environments, and may include acceptance provisions that delay revenue recognition. Contracts with governmental entities may include preferential pricing terms, including, but not limited to, “most favored customer” pricing. Even if we are awarded a government contract, such an award may be subject to appeals, disputes, or litigation, including but not limited to bid protests by unsuccessful bidders.

In addition, government contracts are also generally subject to greater scrutiny by the government, which can initiate reviews, audits and investigations regarding our compliance with government contract requirements. In addition, if we fail to comply with government contracting laws, regulations and contract requirements, our contracts may be subject to termination, and we may be subject to financial and/or other liability under our contracts, the Federal Civil False Claims Act (including the possibility of treble damages and significant penalties), or criminal law. In particular, the False Claims Act’s “whistleblower” provisions also allow private individuals, including present and former employees, to sue on behalf of the U.S. government. Any penalties, damages, fines, suspension, or damages could adversely affect our ability to operate our business and our financial results.

Accordingly, our business, financial condition, results of operations, and growth prospects may be adversely affected by certain events or activities, including, but not limited to:

Any such event or activity, among others, could cause governments and governmental agencies to delay or refrain from purchasing our software and services, reduce the size or payment amounts of purchases from existing or new government customers, or have an adverse effect on our business, results of operations, and financial condition.

We have contracts with government agencies that involve classified programs, which may limit investor insight into portions of our business.

We derive a portion of our revenue from programs with government agencies that are subject to security restrictions (e.g., contracts involving classified information, classified contracts, and classified programs), which preclude the dissemination of information and technology under applicable law and regulation. In general, access to classified information, technology, facilities, or programs requires appropriate personnel security clearances, is subject to additional contract oversight and potential liability, and may also require appropriate facility clearances and other specialized infrastructure. In the event of a security incident involving classified information, technology, facilities, or programs or personnel holding clearances, we may be subject to legal, financial, operational, and reputational harm. We are limited in our ability to provide specific information about these classified programs, their risks, or any disputes or claims relating to such programs. As a result, investors have less insight into our classified programs than our other businesses and therefore have less ability to fully evaluate the risks related to our classified business or our business overall. However, historically, the business risks associated with our work on classified programs have not differed materially from those of our other government contracts.

Government contracts differ materially from standard commercial contracts, involve competitive bidding and may be subject to cancellation or delay without penalty.

Government contracts frequently include provisions that are not standard in private commercial transactions and are subject to laws and regulations that give the U.S. Government rights and remedies not typically found in commercial contracts, including provisions permitting the U.S. Government to:

In addition, government contracts are frequently awarded only after formal competitive bidding processes, which have been and may continue to be protracted and typically impose provisions that permit cancellation in the event that necessary funds are unavailable to the government agency. Competitive procurements impose substantial costs and managerial time and effort in order to prepare bids and proposals for contracts that may not be awarded to us. In many cases, unsuccessful bidders for government contracts are provided the opportunity to formally protest certain contract awards through various agencies, administrative, and judicial channels. The protest process may substantially delay a successful bidder’s contract performance, result in cancellation of the contract award entirely, and distract management. We may not be awarded contracts for which we bid, and substantial delays or cancellation of purchases may follow our successful bids as a result of such protests.

Certain of our government contracts also may contain “organizational conflict of interest” clauses that could limit our ability to compete for certain related follow-on contracts. While we actively monitor our contracts to avoid these conflicts, we cannot guarantee that we will be able to avoid all organizational conflicts of interest issues.

If we fail to establish and maintain important relationships with government agencies and prime contractors, our ability to successfully maintain and develop new business may be adversely affected.

Our reputation and relationship with the U.S. Government are key factors in maintaining and developing new business opportunities. In addition, we often act as a subcontractor or in “teaming” arrangements in which we and other contractors bid together on particular contracts or programs for the U.S. Government or government agencies. We expect to continue to depend on relationships with other prime contractors for a portion of our revenue for the foreseeable future. Negative press reports regarding conflicts of interest, poor contract performance, employee misconduct, information security breaches, or other aspects of our business, regardless of accuracy, could harm our reputation. Additionally, as a subcontractor or team member, we often lack control over fulfillment of a contract, and poor performance on the contract could tarnish our reputation, even when we perform as required. As a result, we may be unable to successfully maintain our relationships with government agencies or prime contractors, and any failure to do so could adversely affect our ability to maintain our existing business and compete successfully for new business.

Our business could be adversely affected if our employees cannot obtain and maintain required personnel security clearances, or we cannot establish and maintain the required facility security clearance.

Certain government contracts may require our employees to maintain various levels of security clearances and may require us to maintain a facility security clearance to comply with U.S. and international government agency requirements. Obtaining and maintaining security clearances for employees typically involves a lengthy process, and it can be difficult to identify, recruit, and retain employees who already hold security clearances. If our employees are unable to obtain security clearances in a timely manner, or at all, or if our employees who hold security clearances are unable to maintain their clearances or terminate employment with us, then we may be unable to comply with relevant requirements, or our customers requiring classified work could choose to terminate or decide not to renew one or more contracts. To the extent we are not able to obtain or maintain a facility security clearance, we may not be able to bid on or win new classified contracts, and existing contracts requiring a facility security clearance could be terminated, either of which would have an adverse impact on our business, financial condition, and results of operations.

Most of our customer contracts may be terminated by the customer at any time for convenience and may contain other provisions permitting the customer to discontinue contract performance, and if terminated contracts are not replaced, our results of operations may differ materially and adversely from those anticipated.

Most of our contracts, including government contracts, contain termination for convenience provisions. Customers who terminate such contracts may be entitled to a pro rata refund of the amount of the customer deposit for the period of time remaining in the contract term after the applicable termination notice period expires. Government contracts often contain provisions and are subject to laws and regulations that provide government customers with additional rights and remedies not typically found in commercial contracts. These rights and remedies allow government customers, among other things, to:

If a customer were to unexpectedly terminate, cancel, or decline to exercise an option to renew with respect to one or more of our significant contracts, or if a government were to suspend or debar us from doing business with such government, our business, financial condition, and results of operations would be materially harmed.

Evolving government procurement policies and increased emphasis on cost over performance could adversely affect our business.

Federal, state, local, and foreign governments and government agencies may adopt procurement policies that negatively impact our profitability. Changes favoring more non-commercial purchases, different pricing, or evaluation criteria, or government contract negotiation offers based upon the customer’s view of what our pricing should be, may affect the predictability of our margins on such contracts or make it more difficult to compete on certain types of programs. Governments and government agencies are continually evaluating their contract pricing and financing practices, and we have no assurance regarding the full scope and recurrence of any study and what changes will be proposed, if any, and their impact on our financial position, cash flows, or results of operations.

The U.S. government may procure non-commercial developmental services rather than commercial products, which could materially impact our future U.S. government business and revenue.

U.S. government agencies, including our customers, often award large developmental item and service contracts to build custom software rather than firm fixed-price contracts for commercial products. The U.S. government is required to procure commercial items and services to the maximum extent practicable in accordance with FASA, 10 U.S.C. § 2377; 41 U.S.C. § 3307, and the U.S. government may instead decide to procure non-commercial developmental items and services if commercial items and services are not practicable.

In order to challenge a government decision to procure developmental items and services instead of commercial items and services, we would be required to file a bid protest at the agency level and/or with the Government Accountability Office. This can result in contentious communications with government agency legal and contracting offices and may escalate to litigation in federal court. The results of any future challenges or potential litigation cannot be predicted with certainty, however, and any dispute or litigation with the U.S. government may not be resolved in our favor; moreover, whether or not it is resolved in our favor, such disputes or litigation could result in significant expense and divert the efforts of our technical and management personnel. These proceedings could adversely affect our reputation and relationship with government customers and could also result in negative publicity, which could harm customer and public perception of our business. Any change in or repeal of FASA, or a contrary interpretation of FASA by a court of competent jurisdiction, could adversely affect our competitive position for U.S. federal government contracts.

General Risk Associated with Our Company

Adverse economic conditions or reduced technology spending may adversely impact our business.

Our business depends on the economic health of current and prospective customers and overall demand for technology. Purchasing decisions for our software and services are often discretionary and require significant investments. A further downturn in economic conditions, global political and economic uncertainty, a lack of availability of credit, a reduction in business confidence and activity, the curtailment of government or corporate spending, public health concerns or emergencies, financial market volatility, and other factors have in the past and may in the future lead to delayed or canceled purchases, extended sales cycles, and pricing pressure from competitors. We cannot predict the timing, strength, or duration of any economic slowdown or any subsequent recovery. While such events may present some opportunities, their overall impact could be materially negative. If economic conditions worsen, our business, financial condition, and results of operations could be adversely affected.

Compliance with the laws and regulations affecting public companies could adversely affect our business, results of operations, and financial condition.

As a public company, we are subject to the reporting requirements of the Exchange Act, the Nasdaq listing standards, and other applicable securities rules and regulations. We expect that the requirements of these rules and regulations will continue to increase our legal, accounting, and financial compliance costs, make some activities more difficult, time-consuming and costly, and place significant strain on our personnel, systems, and resources. The complexity of complying with these rules may divert management’s attention from other business matters, potentially harming our operations and financial results. Although we have hired additional employees to assist with compliance, we may need to hire more or engage consultants in the future, further increasing our operating expenses.

Additionally, changing laws, regulations, and governance standards, which are subject to varying interpretations, are creating uncertainty for public companies, which may result in increased general and administrative expenses and a diversion of management’s time and attention from business operations to compliance activities. If our efforts to comply with new laws, regulations, and standards differ from the activities intended by regulatory or governing bodies due to ambiguities related to their application and practice, regulatory authorities may initiate legal proceedings against us, and our business may be harmed. Also, being a public company may make it more expensive for us to obtain director and officer liability insurance, which may result in reduced coverage or higher premiums, and may make it more difficult to attract and retain qualified directors and officers.

Public disclosures required as a public company may increase our exposure to actual or threatened litigation from competitors and other third parties. Even if these claims do not result in litigation or are resolved in our favor, the time and resources spent on resolving them could harm our business.

Failure to establish and maintain effective internal control in accordance with Section 404 of the Sarbanes-Oxley Act could have a material adverse effect on our business and stock price.

We are required to comply with the SEC’s rules implementing Sections 302 and 404 of the Sarbanes-Oxley Act, which require management to certify financial and other information in our quarterly and annual reports and provide an annual assessment of our internal controls over financial reporting. Though we will be required to disclose changes made in our internal controls and procedures on a quarterly basis, our first formal internal control assessment under Section 404 will be required after our first full fiscal year as a public company.

Establishing and maintaining effective internal controls is critical. However, we may face challenges in doing so. Without robust internal controls, we may be unable to reliably gather and report financial information, which could impair our ability to detect errors or prevent fraud. Moreover, we do not expect that disclosure control or internal control over financial reporting, even if established, will prevent all error and all fraud. Because of the inherent limitations in the control system, no evaluation of controls can provide absolute assurance that all control issues and instances of fraud, if any, will be detected. Failure of our control system to prevent error or fraud could materially adversely impact us.

Natural disasters and other events beyond our control could harm our business.

Our operations are vulnerable to disruption from natural disasters, climate-related events, cyberattacks, pandemics, geopolitical instability, and other events beyond our control. While we maintain crisis and disaster response plans, such events could hinder our ability to deliver services, reduce customer demand, or impair customers’ ability to meet contractual obligations. These disruptions may result in significant costs, data loss, operational delays, and potential legal liabilities. Our insurance coverage may not fully offset these impacts, which could adversely affect our financial condition and results of operations.

Unanticipated changes in effective tax rates or adverse outcomes resulting from examination of our income or other tax returns could adversely affect our financial condition and results of operations.

We are subject to income taxes in the United States and other jurisdictions, and our tax liabilities will be subject to the allocation of expenses in differing jurisdictions. Our future effective tax rates could be subject to volatility or adversely affected by a number of factors, including:

In addition, we may be subject to audits of our income, sales and other transaction taxes by taxing authorities. Outcomes from these audits could have an adverse effect on our financial condition and results of operations.

We may be required to take write-downs or write-offs, restructuring and impairment or other charges that could have a significant negative effect on our financial condition, results of operations and stock price, which could cause you to lose some or all of your investment.

We may be forced to later write-down or write-off assets, restructure our operations, or incur impairment or other charges that could result in losses. Even though these charges may be non-cash items, the fact that we report charges of this nature could lead to negative market perceptions and make it more difficult to obtain future financing on favorable terms or at all.

We may incur significant increased expenses and administrative burdens as a public company, which could have an adverse effect on our business, financial condition and results of operations.

As a public company, we may incur significant legal, accounting, and compliance costs associated with the Exchange Act, Sarbanes-Oxley Act, Dodd-Frank Wall Street Reform and Consumer Protection Act, and regulations subsequently implemented by the SEC. These requirements may increase our legal and financial compliance costs and may make some activities more time-consuming and costly. Our management and other personnel may need to divert attention from operational and other business matters to devote substantial time to these public company requirements. We may also need to hire additional staff with accounting and financial staff with appropriate public company expertise. Operating as a public company may make it more expensive for us to obtain director and officer liability insurance, and we may face challenges attracting and retaining qualified directors and executives.

Once we no longer qualify as an “emerging growth company,” as defined in the Jumpstart Our Business Startups Act (the “JOBS Act”), we expect to incur additional management time and cost to comply with the more stringent reporting requirements, including complying with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act. We are in the early stages of preparing necessary systems and documentation and may not complete this work in a timely fashion. The full extent and timing of these added costs remain uncertain.

We are an “emerging growth company,” and the reduced reporting and disclosure requirements applicable to emerging growth companies may make our common stock less attractive to investors.

We are an “emerging growth company,” as defined in the JOBS Act, and we may take advantage of certain exemptions from reporting requirements. Pursuant to Section 107 of the JOBS Act, as an emerging growth company, we have also elected to use the extended transition period for complying with new or revised accounting standards until those standards would otherwise apply to private companies. As a result, our financial statements may not be comparable to those of other public companies, which may make our common stock less attractive to investors. If we cease to be an emerging growth company, we will no longer be able to use the extended transition period for complying with new or revised accounting standards.

We are a “smaller reporting company,” and the reduced reporting and disclosure requirements applicable to smaller reporting companies may make our common stock less attractive to investors.

We are a “smaller reporting company,” as defined in Section 12 of the Exchange Act. For as long as we continue to be a smaller reporting company, we may take advantage of exemptions from various reporting requirements that are applicable to other public companies that are not smaller reporting companies, including not being required to comply with the auditor attestation requirements of Section 404 of Sarbanes-Oxley Act of 2002, reduced disclosure obligations regarding executive compensation in our periodic reports and proxy statements, and exemptions from the requirements of holding non-binding advisory votes on executive compensation, and stockholder approval of any golden parachute payments not previously approved. We cannot predict if investors will find our common stock less attractive because we may rely on these exemptions. If some investors find our common stock less attractive as a result, there may be a less active trading market for our common stock and our stock price may be more volatile.

If we fail to introduce or acquire new products or services that achieve broad market acceptance on a timely basis, we will not be able to compete effectively.

We operate in a highly competitive, quickly changing environment, and our future success depends on our ability to develop or acquire and introduce new products and services that achieve broad market acceptance. Because we have a limited operating history and the market for our products, including newly acquired or developed products, is rapidly evolving, it is difficult to predict our operating results, particularly with respect to any new products that it may introduce. Our future success will depend in large part upon our ability to identify demand trends in the market in which we operate and quickly develop or acquire, and design, manufacture and sell, products and services that satisfy these demands in a cost-effective manner.

To stay competitive, we will need to increase focus and capital investment in research and development. If our current or new offerings fail to gain market acceptance or if we miss opportunities in the market, our growth and financial performance could be materially adversely affected. It is also challenging to predict the impact of new products or services on existing sales, and we may not be able to quickly respond to competitors’ product announcements with competitive offerings.

In addition, we may acquire companies and technologies in the future. In these circumstances, the combined company may not be able to successfully manage integration of the new product and service lines with the combined company’s existing suite of products and services. Failure to effectively develop or integrate these new product and service lines could hinder our ability to grow sales or maintain margins.

The occurrence of one or more of the foregoing factors may result in lower quarterly revenue than expected, and we may in the future experience product or service introductions that fall short of our projected rates of market adoption.

If our products fail to achieve and sustain sufficient market acceptance, our revenue will be adversely affected.

Our success will depend on our ability to develop and market products that are recognized and accepted as reliable, enabling and cost-effective. Our potential customers may already use products similar to what we currently offer and similar to what we may offer in the future and may be reluctant to replace those products with what we currently offer or which we may offer in the future. Market acceptance of our products and technology will depend on many factors, including our ability to convince potential customers that our products and technology are an attractive alternative to existing products and technology. Prior to adopting our products and technology, some potential customers may need to devote time and effort to testing and validating our systems. Any failure of our systems to meet these customer benchmarks could result in potential customers choosing to retain their existing systems or to purchase systems other than the Company’s.

Risks Related to Our Securities

The trading price of our common stock may be volatile, and you could lose all or part of your investment.

The trading price of our common stock is likely to be volatile and could be subject to fluctuations in response to various factors, some of which are beyond our control. These fluctuations could cause you to lose all or part of your investment in our common stock as you might be unable to sell your shares at or above the price you paid. Factors that could cause fluctuations in the trading price of our common stock include the following:

In recent years, the stock markets generally have experienced extreme price and volume fluctuations that have often been unrelated or disproportionate to the operating performance of listed companies. Broad market and industry factors may significantly affect the market price of our common stock, regardless of our actual operating performance. If the market price of shares of our common stock does not ever exceed the price you paid for your shares, you may not realize any return on your investment in us and may lose some or all of your investment.

In addition, in the past, following periods of volatility in the overall market and in the market price of a particular company’s securities, securities class action litigation has often been instituted against these companies. This litigation, if instituted against us, could result in substantial costs and a diversion of our management’s attention.

Certain companies with public floats comparable to our public float have experienced extreme volatility that was seemingly unrelated to the underlying performance of the respective company. We may experience similar volatility, which may make it difficult for prospective investors to assess the value of our common stock.

In addition to the risks addressed above in “Risks Related to Our Securities — The trading price of our common stock may be volatile, and you could lose all or part of your investment,” our common stock may be subject to extreme volatility that is seemingly unrelated to the underlying performance of our business. Recently, companies with comparable public floats have experienced instances of extreme stock price run-ups followed by rapid price declines, and such stock price volatility was seemingly unrelated to the respective company’s underlying performance. Although the specific cause of such volatility is unclear, our public float may amplify the impact the actions taken by a few stockholders have on the price of our common stock, which may cause the price of our common stock to deviate, potentially significantly, from a price that better reflects the underlying performance of our business. Should our common stock experience run-ups and declines that are seemingly unrelated to our actual or expected operating performance and financial condition or prospects, prospective investors may have difficulty assessing the rapidly changing value of our common stock. In addition, investors of shares of our common stock may experience losses, which may be material, if the price of our common stock declines or if such investors purchase shares of our common stock prior to any price decline.

If securities or industry analysts do not publish research or publish inaccurate or unfavorable research about our business, our stock price and trading volume could decline.

The trading market for our common stock will depend in part on the research and reports that securities or industry analysts publish about our business. We do not currently have and may never obtain research coverage by securities and industry analysts. If no securities or industry analysts commence coverage of our company, the trading price for our stock would be negatively impacted. If we obtain securities or industry analyst coverage and if one or more of the analysts who cover us downgrade our stock or publish inaccurate or unfavorable research about our business, our stock price would likely decline. If one or more of these analysts cease coverage of us or fail to publish reports on us regularly, demand for our stock could decrease, which could cause our stock price and trading volume to decline.

Future sales of our common stock or securities convertible into our common stock may depress our stock price.

Sales of a substantial number of shares of our common stock or securities convertible into our common stock in the public market, or the perception that these sales could occur, could adversely affect the market price of our common stock and impair our ability to raise capital through equity offerings in the future.

Our failure to meet the continued listing requirements of Nasdaq could result in a delisting of our common stock.

We cannot assure you that our securities will continue to be listed on Nasdaq. In order to maintain our listing, we will be required to comply with certain Nasdaq continuing listing rules, including those regarding minimum stockholders’ equity, minimum share price, minimum market value of publicly held shares, corporate governance and various additional requirements. If we are unable to satisfy Nasdaq criteria for maintaining our listing, our securities could be subject to delisting. Such a delisting would likely have a negative effect on the price of our common stock and would impair your ability to sell or purchase our common stock when you wish to do so. In the event of a delisting, we can provide no assurance that any action taken by us to restore compliance with listing requirements would allow our common stock to become listed again, stabilize the market price or improve the liquidity of our common stock, prevent our common stock from dropping below the Nasdaq minimum bid price requirement or prevent future non-compliance with Nasdaq’s listing requirements.

An investment in our company may involve tax implications, and you are encouraged to consult your own advisors as neither we nor any related party is offering any tax assurances or guidance on our company or your investment.

An investment in our company generally involves complex federal, state and local income tax considerations. Neither the Internal Revenue Service nor any state or local taxing authority has reviewed the transactions described herein and may take different positions than the ones contemplated by management. You are strongly urged to consult your own tax and other advisors prior to investing, as neither we nor any of our officers, directors or related parties is offering you tax or similar advice, nor are any such persons making any representations and warrants regarding such matters.

Anti-takeover provisions in Colorado law could discourage, delay or prevent a change in control of our company and may affect the trading price of our common stock.

Some of the provisions of Colorado law may have the effect of delaying, deferring or discouraging another person from acquiring control of our company or removing our incumbent officers and directors. These provisions are expected to discourage certain types of coercive takeover practices and inadequate takeover bids. These provisions are also designed to encourage persons seeking to acquire control of us to first negotiate with our board of directors. We believe that the benefits of increased protection against an unfriendly or unsolicited proposal to acquire or restructure us outweigh the disadvantages of discouraging such proposals.

Our executive officers, directors, and principal stockholders have substantial control over our company, which could limit your ability to influence the outcome of key transactions, including a change of control.

As of the date of this Annual Report, our executive officers, directors and principal stockholders and their affiliates beneficially own an aggregate of 17,110,162 shares of our common stock, or approximately 75.7% of the outstanding shares of our common stock. As a result, these stockholders will be able to exercise a significant level of control over all matters requiring stockholder approval, including the election of directors and the approval of mergers, acquisitions or other extraordinary transactions. They may also have interests that differ from yours and may vote in a way with which you disagree, which may be adverse to your interests. This concentration of ownership may have the effect of delaying, preventing or deterring a change of control of our company, could deprive our stockholders of an opportunity to receive a premium for their common stock as part of a sale of our company and might ultimately affect the market price of our common stock.

We have never paid dividends on our capital stock, and we do not anticipate to pay for the foreseeable future.

We have never declared or paid any cash dividends on our capital stock, and we do not anticipate paying any cash dividends in the foreseeable future. The payment of dividends, if any, in the future is within the discretion of our board of directors and will depend on our earnings, capital requirements, financial condition and other relevant facts. We currently intend to retain all future earnings, if any, to finance the development and growth of our business. Accordingly, you must rely on the sale of your common stock after price appreciation, which may never occur, as the only way to realize any future gain on your investment.

Item 1B. Unresolved Staff Comments

None.

Item 1C. Cybersecurity

Item 2. Properties

Our corporate headquarters is located at 1290 N Broadway, Suite 1200, Denver, CO 80203 in leased office. The facility incorporates 5892 square feet of office space at a current monthly rent of $14,975.50 and a term running through June 2029.

We also maintain leased office facilities in West Virginia and Michigan. The WV office is located at 525 Suncrest Town Center Drive, Morgantown, WV 26505 and occupies 6,600 square feet. The lease has a term that runs through December 2035 with a current monthly rent of $12,731. The MI office occupies 1546 sq feet at a monthly rent of $2,834.33 with a term that runs through December 2030. ROC does not currently lease or own any facilities outside the United States.

All of our facilities are leased, and we do not own any real property. As we continue to grow and expand geographically, we expect to secure additional office space to support our increasing workforce and operational needs. We believe that our current facilities are adequate and appropriate for our existing operations, and that, if needed, additional or alternative facilities will be readily available to accommodate future expansion.

Item 3. Legal Proceedings.

In March, 2026, Eye Corp IT Solutions LLC filed a claim in the High Court of England and Wales (Case No. CL-2026-000062) that named Rank One Computing Corporation and certain other defendants; the Company does not believe it will result in a material adverse effect on its financial condition or results of operations.

The Company is currently not involved in any other litigation. There is no action, suit, proceeding, inquiry or investigation before or by any court, public board, government agency, self-regulatory organization or body pending or, to the knowledge of the executive officers of the Company, threatened against or affecting the company, its common stock, any of the Company’s officers or directors in their capacities as such, in which an adverse decision could have a material adverse effect.

From time to time, we may become involved in legal proceedings and claims that arise in the ordinary course of business.

The outcome of litigation is inherently uncertain. An unfavorable resolution of one or more proceedings could materially impact our future business, operating results, or financial condition. In addition, regardless of the outcome, litigation may result in significant costs, diversion of management attention, and other adverse effects.

Item 4. MINE SAFETY DISCLOSURES

Not applicable.

Part II

Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities

Market Information

Effective February 20, 2026, our common stock was listed and began trading on The Nasdaq Stock Market LLC (Nasdaq Capital Market) under the symbol “ROC”. Prior to February 20, 2026, there was no public trading market for our common stock. The last reported sales price for our common stock as reported on the Nasdaq Capital Market on March 27, 2026 was $6.81.

Holders of Record

As of March 27, 2026, there were 15 holders of record of our common stock. Because many of our shares of common stock are held by brokers and other institutions on behalf of stockholders, we are unable to estimate the total number of stockholders represented by these record holders.

Dividend Policy

Prior to the revocation of our Subchapter S election in 2024, the Company made distributions to shareholders in connection with our status as an S corporation, including distributions to assist shareholders with their pass-through tax obligations. These distributions were made in our capacity as an S corporation and were not dividends declared on our capital stock. Since our conversion to C corporation status in 2024, we have not declared or paid any cash dividends on our capital stock, and we do not anticipate paying any cash dividends in the foreseeable future.

We intend to retain any future earnings for the foreseeable future. Any future determination to declare cash dividends will be made at the discretion of our Board of Directors, subject to applicable laws, and will depend on a number of factors, including our financial condition, results of operations, capital requirements, contractual restrictions, general business conditions, and other factors that our Board of Directors may deem relevant. In addition, we may enter into credit agreements or other borrowing arrangements in the future that may restrict our ability to declare and pay cash dividends.

Securities Authorized for Issuance Under Equity Compensation Plans

The information required by Item 5 of Part II of this Annual Report regarding equity compensation plans is incorporated herein by reference to Item 12 of Part III of this Annual Report. 

Recent Sales and Issuances of Unregistered Securities

The Company has not sold any securities within the past three years that were not registered under the Securities Act.

Use of Proceeds from Registered Securities

On February 23, 2026, we closed our initial public offering (the “IPO”) in which we issued and sold 4,000,000 shares of common stock, and on March 26, 2026, as part of the IPO, we closed on a partial exercise of overallotment option in which we issued and sold 58,477 shares of common stock. The shares sold in our IPO were registered under the Securities Act pursuant to (i) our Registration Statement on Form S-1, as amended (File No. 333-291913), which was declared effective by the SEC on January 30, 2026, and (ii) our Registration Statement on Form S-1MEF (File No. 333-293601), which became effective automatically upon filing. Our shares of common stock were sold at an IPO price of $6.00 per share, which generated net proceeds of approximately $21.5 million after deducting underwriting discounts and commissions of approximately $1.7 million, expenses paid to or for underwriters of approximately $0.4 million, and other expenses of approximately $0.8 million. We incurred offering expenses of approximately $2.9 million.

The IPO closed after December 31, 2025, and thus we had not used any amount of the net proceeds as of December 31, 2025.

There has been no material change in our planned use of net proceeds from our IPO as described under the heading “Use of Proceeds” in our final prospectus, filed with the SEC on February 20, 2026 pursuant to Rule 424(b)(4) under the Securities Act.

The Benchmark Company, LLC acted as representative of the underwriters.

Issuer Purchases of Equity Securities

We have not performed any stock repurchases on our capital stock in any month within the fourth quarter of the year ended December 31, 2025.

Item 6. RESERVED

Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations.

The following discussion of our plan of operation and results of operations should be read in conjunction with the consolidated financial statements and related notes to the consolidated financial statements included elsewhere in this Annual Report. This discussion contains forward-looking statements that relate to future events or our future financial performance. These statements involve known and unknown risks, uncertainties and other factors that may cause our actual results, levels of activity, performance or achievements to be materially different from any future results, levels of activity, performance or achievements expressed or implied by these forward-looking statements. These risks and other factors include, among others, those listed under “Cautionary Note Regarding Forward-Looking Statements” and Part I, Item 1A. “Risk Factors” and those included elsewhere in this report. 

Overview

Founded in 2015, ROC is a consistently top-tier rated U.S.-built, U.S.-owned, and U.S.-operated provider of advanced biometric, facial recognition, and Vision AI solutions. We develop and deploy innovative technologies that enhance safety, security, and convenience globally, while upholding principles of fairness and privacy. Our solutions are trusted by U.S. and international military branches, law enforcement agencies, financial technology firms, and commercial enterprises, with our multimodal capabilities consistently demonstrating robust performance in rigorous government evaluations and in over 300 million annual identity verification transactions for major financial institutions. We believe our customer-centric approach and superior algorithms allow us to displace foreign incumbents and offer a transparent alternative to address the growing threat of “Poison AI” as discussed below.

Factors and Trends Affecting Our Business and Results of Operations

Several factors and trends affect our business and results of operations. These include the increasing importance of identity solutions, the evolving nature of biometric technologies, and our strategic approach to market opportunities.

Financial Considerations and Strategic Investments

We are making strategic investments to capitalize on market opportunities. ROC’s expenses reflect these investments, which are aimed at driving future growth and enabling us to provide a platform that supports a wide range of identity-related needs.

Government Policy and Geopolitical Factors

We believe ROC is also well-positioned to benefit from U.S. federal government policies focused on greater efficiency through technology, and our unique placement as a U.S.-based provider. Additionally, there is a general aversion to Chinese and Russian technology around the globe, which creates opportunities for ROC. We believe ROC is particularly well-positioned for winning automated biometric identification system (“ABIS”) contracts around the world, where there are clear indications of aversion to legacy Western players, primarily due to a history of vendor lock-in and poor service.

The Growing Importance of Identity Solutions

Identity is becoming a critical global currency, with increasing recognition that robust identity management is essential for security, efficiency, and trust. The increasing focus on digital identity initiatives highlights the growing significance of effective and comprehensive identity management systems. This trend increases the demand for effective and comprehensive identity management systems.

Evolution of Biometric Technologies

While specific biometric modalities are becoming more commoditized, the focus is shifting towards efficiency, plug-and-play capabilities, and multi-biometric systems. The differentiators around specific accuracy algorithms are becoming less important, with efficiency and the ability to integrate various technologies becoming key. This shift favors companies like us that offer versatile, data-agnostic, and privacy-protecting solutions. We believe that our ability to provide a “Swiss Army knife” of identity solutions, capable of addressing diverse use cases, positions us for success in this evolving market.

Poison AI

“Poison AI” is a shorthand term that refers to the practice of data poisoning, a type of machine learning attack where malicious data is deliberately introduced into an AI model’s training dataset to manipulate its behavior or outputs, causing it to malfunction or become biased. An illustrative example of Poison AI is the Nightshade tool offered by the University of Chicago (https://nightshade.cs.uchicago.edu/whatis.html). Nightshade allows creators to prevent their digital artwork from being fed into generative AI models without consent by “turn[ing] any image into a data sample that is unsuitable for model training. More precisely, Nightshade transforms images into “poison” samples, so that models training on them without consent will see their models learn unpredictable behaviors that deviate from expected norms.” In the national security field, we believe Poison AI poses a serious and growing risk wherein adversarial state actors seek to intentionally create security vulnerabilities in AI models that are used in critical U.S. national security missions. As a solution provider to the U.S. national security community, we believe that our ability to closely manage our training data to prevent the introduction of “poison” samples would mitigate the risk of Poison AI and differentiate our offerings for our prospective government customers.

Our Strategic Response

ROC’s strategy is aligned with these trends. We recognize that having a great algorithm alone is no longer sufficient. Customers demand a full stack of capabilities, the ability to turn features on and off, and accommodation of complex demands. Our approach involves:

Revenue

Our revenue consists of the sale of access to its software platforms, maintenance services and professional services.

Cost of Sales

Cost of sales consists primarily of the purchase price of goods and cost of services rendered.

Operating Expenses

Operating expenses consist of selling, general and administrative expenses, and research and development.

Research and Development

Research and development represent costs incurred by us for the discovery and development of our product and include:

Selling, General and Administrative Expenses

Selling, general and administrative expenses consist of personnel-related costs, including salaries, benefits and stock-based compensation expense, for our personnel in executive, finance and accounting, human resources, business operations and other administrative functions, investor relations activities, legal fees related to corporate matters, fees paid for accounting and tax services, consulting fees and facility-related costs.

Other Income

Other income consists primarily of rebates earned under our corporate credit card program.

Results of Operations

Comparison of the Years Ended December 31, 2025 and 2024

Revenue

The following table sets forth our financial results for the periods indicated. All information is derived from the statements of income for the fiscal years ended December 31, 2025 and December 31, 2024.

Revenue increased by $3,274,977, or 24%, for the year ended December 31, 2025, compared to the year ended December 31, 2024. The increase was driven by growth in product revenues, primarily from ROC Watch, partially offset by a decrease in Government R&D services revenue. 

Operating Expenses

The following table sets forth selected operating data for the periods indicated. All information is derived from the statements of earnings for the fiscal years ended December 31, 2025, and December 31, 2024, and we provide additional explanation below.

Selling, General and Administrative Expenses

Selling, general and administrative expenses increased by $796,073, or 11%, for the year ended December 31, 2025 compared to the year ended December 31, 2024. The increase was primarily driven by higher labor costs associated with continued investment in our business development and administrative functions to support the growth of our product offerings and markets served and our continued focus on operational execution.

Research and Development

Research and development expenses increased by $1,087,778, or 19%, for the year ended December 31, 2025, compared to the year ended December 31, 2024. The increase was primarily driven by higher labor costs associated with growth in R&D headcount, partially offset by the capitalization of costs related to internally developed software.

Other Income and Expenses

Total other expense increased by $33,479 for the year ended December 31, 2025, compared to the year ended December 31, 2024. The increase was primarily driven by a $79,388 increase in interest expense, partially offset by a $41,114 decrease in other expense.

Net Loss Attributable to Common Stockholders

Loss for the year ended December 31, 2025, and 2024 was $2,676,846 and $697,678, respectively, primarily attributable to the items discussed above and the impact of income tax provision items.

Long-Term Liquidity and Capital Resources

As of December 31, 2025, we had cash and cash equivalents of $0.3 million and a working capital deficit of $1.5 million. In 2026, we completed our initial public offering, in which we issued and sold shares of common stock, resulting in net proceeds to the Company of approximately $21.5 million, including net proceeds from the partial exercise of the overallotment option, after deducting underwriting discounts, commissions, and offering expenses.

As previously disclosed in our Registration Statement on Form S-1, as amended (File No. 333-291913), which was declared effective by the SEC on January 30, 2026, management had concluded as of September 30, 2025 that substantial doubt existed about the Company’s ability to continue as a going concern. At that time, the Company had cash of $72,151, limited borrowing capacity, and estimated it would require approximately $10 million of additional funding over the twelve-month look-forward period. Following the completion of our initial public offering and the resulting improvement in our liquidity, management has concluded that the conditions that previously raised substantial doubt have been alleviated and substantial doubt no longer exists as of December 31, 2025.

We believe that our available cash resources, including the net proceeds from our initial public offering, together with expected cash flows from operations, will be sufficient to fund our planned operations and meet our obligations for at least twelve months from the date these financial statements are issued. Our future capital requirements will depend on many factors, including our rate of revenue growth, the timing and extent of our product development and sales and marketing activities, the pace of customer acquisition, and general market conditions. We may seek additional equity or debt financing in the future to fund our growth strategy, though there can be no assurance that such financing will be available on acceptable terms, or at all.

Cash flow activity below is a vital financial metric that represents the net amount of cash moving into and out of a business. The table below provides details about cash flow performance for the year ended December 31, 2025, compared to the year ended December 31, 2024.

Operating Activities

Net cash provided by (used in) operating activities was $(997,670) and $21,428 for the years ended December 31, 2025 and 2024, respectively. This increase in cash used in operations is primarily due to a higher net loss partially offset by changes in our non-cash working capital and non-cash expenses.

Investing Activities

Net cash provided by (used in) investing activities was ($726,582) and ($46,825) for the years ended December 31, 2025 and 2024, respectively. The increase in cash used in investing activities was primarily due to an increase in spending related to capitalized software in the year ended December 31, 2025, as compared to December 31, 2024.

Financing Activities

Net cash provided by (used in) financing activities was $1,268,376 and $(863,287) for the years ended December 31, 2025 and 2024, respectively. The increase in cash provided from financing activities is primarily attributable to the net proceeds from the line of credit offset by a decrease in distributions.

Critical Accounting Policies and Estimates

The preparation of our consolidated financial statements in conformity with accounting principles generally accepted in the United States requires management to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenues, and expenses, as well as related disclosures of contingent assets and liabilities. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets and liabilities that are not readily apparent from other sources. Actual results may differ materially from these estimates. We consider the following accounting estimates to be critical because they involve significant management judgment and the resulting reported amounts could differ materially under different assumptions or conditions. For a complete description of our significant accounting policies, see Note 2 to our consolidated financial statements included elsewhere in this Annual Report.

Revenue Recognition

We recognize revenue in accordance with ASC 606, Revenue from Contracts with Customers. While the application of the five-step revenue recognition model is described in Note 2 to our consolidated financial statements included elsewhere in this Annual Report, the estimates and judgments involved in revenue recognition represent a critical accounting policy for the following reasons.

Certain of our contracts, particularly government R&D service arrangements, require us to recognize revenue over time based on progress toward completion. We measure progress using an input method, and the determination of the appropriate measure of progress requires management judgment regarding the estimated effort or costs necessary to satisfy the performance obligation relative to actual effort or costs incurred to date. Changes in these estimates, such as revisions to the total expected level of effort, could result in a material change in the amount of revenue recognized in a given period. If our estimates of total effort to complete a performance obligation were to increase, revenue recognized in the current and future periods would decrease, and vice versa.

In instances where our contracts include multiple performance obligations, we exercise judgment in determining the standalone selling price for each obligation. We establish standalone selling prices by evaluating market data for comparable services and considering our historical pricing practices. The aggregate standalone selling price of all performance obligations is calculated, and each individual obligation’s proportionate share of the total is determined. This ratio is then applied to the overall contract price to allocate the transaction price among the performance obligations accordingly. If the relative standalone selling price allocated to a given performance obligation were to change, the timing and amount of revenue recognized for that obligation could differ materially from current reported amounts.

Allowance for Expected Credit Losses

We maintain an allowance for expected credit losses on our accounts receivable based on our assessment of the collectability of customer accounts. This assessment requires significant management judgment applied to specific customer balances and circumstances. In evaluating collectability, we consider factors including the age of the receivable balance, the customer’s payment history and current creditworthiness, the nature of the customer relationship, communications with the customer regarding outstanding balances, and broader economic conditions that may affect our customers’ ability to pay. Given the concentration of our revenue among a limited number of customers, the credit risk associated with any individual customer balance can be significant relative to our total receivables.

The allowance for expected credit losses was $161,723 and $60,040 for the years ended December 31, 2025 and 2024, respectively. The increase reflects management’s assessment of evolving customer-specific circumstances over the course of 2025 for new and existing customer balances. Because our allowance is based in part on judgment applied to individual customer balances rather than a formulaic calculation, different assumptions regarding the likelihood and timing of collection from specific customers could result in a materially different allowance and a corresponding change in selling, general and administrative expense in the period of the revision.

Stock-Based Compensation

We account for stock-based compensation in accordance with ASC 718, Compensation - Stock Compensation. We estimate the fair value of stock option awards at the date of grant using the Black-Scholes option-pricing model. This model requires management to make several significant assumptions, each of which can materially affect the resulting fair value and, consequently, the amount of compensation expense recognized over the vesting period.

Expected volatility is a particularly significant input because the Company did not have a public trading history during the periods in which our outstanding options were granted. We therefore estimated expected volatility based on the historical volatility of comparable publicly traded peer companies. The selection of peer companies and the measurement period used to calculate their historical volatility involve judgment, and different peer groups or measurement periods could yield materially different volatility estimates. A higher assumed volatility increases the estimated fair value of the option and the resulting expense, while a lower volatility decreases it.

Due to our limited historical data related to employee stock option exercise behavior, we use the simplified method permitted by Staff Accounting Bulletin No. 110 to estimate the expected term for our stock options. The risk-free interest rate is based on U.S. Treasury securities with maturities consistent with the expected term, and we assume a dividend yield of zero. As our public trading history develops, we expect to transition to using our own historical volatility data and actual exercise behavior to inform these assumptions, which could result in materially different fair values for future grants. For additional information regarding the assumptions used in our stock-based compensation calculations, see Note 8 to our consolidated financial statements included elsewhere in this Annual Report.

Capitalized Software Development Costs

We account for costs incurred in the development of software to be sold, leased, or otherwise marketed in accordance with ASC 985-20, Costs of Software to Be Sold, Leased, or Marketed. Under this guidance, software development costs incurred prior to the establishment of technological feasibility are expensed as research and development. Costs incurred after technological feasibility is established and before the product is available for general release are capitalized.

The determination of when technological feasibility has been established requires significant management judgment. Technological feasibility is established upon completion of a detailed program design or, in the absence of a detailed program design, upon completion of a working model. Through December 31, 2024, based on our development process and the level of development risk inherent in our products, technological feasibility was generally not established until products were available for general release, and accordingly all software development costs were expensed as incurred. Beginning in 2025, we commenced development of a new software project for which technological feasibility was established prior to general release, resulting in the capitalization of $0.7 million in eligible development costs during the year ended December 31, 2025.

This estimate is critical because the point at which technological feasibility is deemed to have been achieved directly determines whether development costs are capitalized as an asset or expensed in the current period, and the difference can be material. If we were to conclude that technological feasibility was established earlier in the development cycle, a greater amount of costs would be capitalized, reducing research and development expense and increasing reported operating income. Conversely, if technological feasibility were determined to occur later, fewer costs would be capitalized and current period expense would increase. Once capitalized, these costs are subject to ongoing recoverability assessment. At each balance sheet date, we compare the unamortized capitalized costs of each product to the net realizable value of that product, and any excess of unamortized cost over net realizable value is written down and charged to cost of sales. Given the rapid pace of technological change in our industry, there is inherent uncertainty in estimating both the future revenue streams that support recoverability and the estimated economic life over which capitalized costs will be amortized once the related product is available for general release.

Deferred Tax Asset Valuation Allowance

We recognize deferred tax assets to the extent that we believe it is more likely than not that these assets will be realized. In evaluating the recoverability of our deferred tax assets, we consider all available positive and negative evidence, including our history of operating losses, the lack of taxable income in recent periods, the nature and timing of future reversal of existing taxable and deductible temporary differences, tax planning strategies, and forecasted future taxable income. As of December 31, 2025, we were in a net deferred tax liability position of $13,703. We maintained a valuation allowance against our net deferred tax assets to the extent that it is not more likely than not that such assets will be realized. In determining the required valuation allowance, we consider all available evidence, including the future reversal of existing taxable temporary differences.

The determination of whether a valuation allowance is necessary, and the amount of any such allowance, requires significant management judgment. The most significant factor in our assessment was our cumulative loss history, which represents objectively verifiable negative evidence that is difficult to overcome without sufficient positive evidence of future profitability. While the completion of our IPO in 2026 improved our liquidity position, the realization of our deferred tax assets ultimately depends on generating sufficient taxable income in future periods. If our assessment of future taxable income were to change, for example as a result of sustained profitability or the execution of significant new contracts, we could determine that some or all of the valuation allowance is no longer required. A full or partial release of the valuation allowance would result in a corresponding income tax benefit and an increase in net income in the period of the release, which could be material. Conversely, to the extent we generate additional net operating losses or other deferred tax assets, we would expect to maintain the full valuation allowance until positive evidence supports a different conclusion. For additional information regarding our deferred tax assets and the related valuation allowance, see Note 9 to our consolidated financial statements included elsewhere in this Annual Report.

Emerging Growth Company Accounting Election

Section 102(b)(1) of the JOBS Act exempts emerging growth companies from being required to comply with new or revised financial accounting standards until private companies are required to comply with the new or revised financial accounting standards. The JOBS Act provides that a company can elect not to take advantage of the extended transition period and to comply with the requirements that apply to non-emerging growth companies, and any such election to not take advantage of the extended transition period is irrevocable. We expect to be an emerging growth company and will have the benefit of the extended transition period. We intend to take advantage of the benefits of this extended transition period. As a result, our consolidated financial statements may not be comparable to the financial statements of issuers who are required to comply with the effective dates for new or revised accounting standards that are applicable to public companies. See Note 2 to our consolidated financial statements included elsewhere in this Annual Report for a discussion of recently issued accounting pronouncements and their expected impact on our financial statements.

Recent Accounting Pronouncements

The recent accounting pronouncements that are material to our financial statements are disclosed in Note 2 of our consolidated financial statements included elsewhere in this Annual Report.

Item 7A. Quantitative and Qualitative Disclosures about Market Risk.

Not applicable.

Item 8. Financial Statements and Supplementary Data

See our index to financial statements, financial statements, and corresponding notes thereto called for by this item beginning on page F-1 of this Annual Report, which are incorporated herein by reference.

Item 9. Changes in and Disagreements With Accountants on Accounting and Financial Disclosures

None.

Item 9A. Controls and Procedures

Disclosure Controls and Procedures

We maintain “disclosure controls and procedures,” as that term is defined in Rule 13a-15(e), promulgated by the SEC pursuant to the Exchange Act. Disclosure controls and procedures include controls and procedures designed to ensure that information required to be disclosed in our Company’s reports filed under the Exchange Act is recorded, processed, summarized and reported within the time periods specified in the SEC’s rules and forms, and that such information is accumulated and communicated to our management, including our principal executive officer and principal financial officer to allow timely decisions regarding required disclosure. Our management, with the participation of our principal executive officer and principal financial officer, evaluated the effectiveness of our Company’s disclosure controls and procedures as of the end of the period covered by this Annual Report. Based on this evaluation, our principal executive officer and principal financial officer concluded that as of December 31, 2025, our disclosure controls and procedures were effective.

Management’s Annual Report in Internal Control Over Financial Reporting

Management of the Company is responsible for establishing and maintaining adequate internal control over financial reporting (as defined in Section 13a-15(f) of the Exchange Act). Internal control over financial reporting is a process designed by, or under the supervision of, the Company’s principal financial officer to provide reasonable assurance regarding the reliability of financial reporting and the preparation of the Company’s financial statements for external reporting purposes in conformity with U.S. generally accepted accounting principles and include those policies and procedures that (i) pertain to the maintenance of records that in reasonable detail accurately and fairly reflect the transactions and disposition of the assets of the company; (ii) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the Company are being made only in accordance with authorization of management and directors of the Company; and (iii) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the Company’s assets that could have a material effect on the financial statements.

As of December 31, 2025, management conducted an assessment of the effectiveness of the Company’s internal control over financial reporting based on the framework established in Internal Control — Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Based on the criteria established by COSO, management has not identified control deficiencies in the Company’s financial reporting process that constitute material weaknesses in the Company’s internal control over financial reporting and concluded that the Company’s internal controls over financial reporting were effective as of December 31, 2025. A material weakness is a deficiency, or combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the annual or interim financial statements will not be prevented or detected on a timely basis. The Company has no material weaknesses related to internal controls.

This Report does not include an attestation report of the Company’s independent registered public accounting firm regarding internal control over financial reporting as smaller reporting companies are not required to include such report and emerging growth companies are exempt from this requirement entirely until they are no longer an emerging growth company. Management’s report is not subject to attestation by the Company’s independent registered public accounting firm.

Changes in Internal Control

There were no changes in the Company’s internal control over financial reporting (as defined in Rules 13a-15(f) and 15d-15(f) of the Exchange Act) during the year ended December 31, 2025, that has materially affected, or is reasonably likely to materially affect, the Company’s internal control over financial reporting.

Item 9B. Other Information.

Not applicable.

Item 9C. Disclosure Regarding Foreign Jurisdiction that Prevent Inspections.

Not applicable.

Part III

Item 10. Directors, Executive Officers and Corporate Governance

Executive Officers and Directors

The following table sets forth information regarding our executive officers and directors as of the date of this Annual Report.

B. Scott Swann – Chief Executive Officer, Director

B. Scott Swann has served as our Chief Executive Officer since January 2021. Mr. Swann has over 25 years of leadership experience spanning both government and private sector organizations, with a focus on driving innovation and growth in the biometrics and computer vision sectors. Prior to joining ROC, Mr. Swann held multiple key leadership positions, including President and Chief Executive Officer at IDEMIA National Security Solutions from 2017 to 2020, Vice President of Federal Operations & Innovation and Senior Director of Innovation at Safran Morpho-Morphotrak, LLC from 2014 to 2017, Special Assistant at the FBI Director’s Office from 2011 to 2014, and Unit Chief at the FBI’s Criminal Justice Information Services Division from 2009 to 2011. Mr. Swann holds a bachelor’s degree in business from Salem-Teikyo University and a master’s degree in software engineering from West Virginia University.

We believe that Mr. Swann is well qualified to serve as our CEO and director because of his extensive leadership experience in the biometrics and computer vision sector, his track record of driving innovation across federal and commercial markets, and his background in managing large-scale operations and coordination with government agencies. His experience includes leading teams to deliver cloud-based SaaS solutions, commercializing video analytics portfolios, and driving innovation across both public and private sectors. Mr. Swann’s extensive expertise aligns with the Company’s growth strategy in regulated and security-sensitive markets.

Brendan Klare – President, Chief Scientist, Board Chairman

Brendan Klare co-founded ROC in 2015 and has been a key contributor to the Company’s technological advancements since its inception. Dr. Klare was named Chief Scientist and Board Chair in 2020. As Chief Scientist, he leads the development of ROC’s advanced algorithms for face, fingerprint, and iris recognition, consistently achieving top global rankings in NIST evaluations for accuracy and efficiency. He also played a key role in launching ROC SDK 3, which features these industry-leading modalities. Dr. Klare’s technical expertise and commitment to research and development, supported by the Company’s substantial investment in R&D, have advanced ROC’s biometric technology offerings.

Dr. Klare earned a Ph.D. in Computer Science with a specialization in pattern recognition and biometrics from Michigan State University in 2012, where his doctoral research focused on computer vision and machine learning algorithms for automatically searching databases of face photographs using query images from alternate modalities, such as hand drawn sketches or infrared imagery. Additional research measured the impact of different covariates (age, gender, race, time lapse, feature representations) on face recognition algorithm accuracy, and he has published dozens of highly cited peer-reviewed academic articles. Prior to co-founding ROC, Dr. Klare was Manager of the Vision Analytics Lab at Noblis, Inc. from 2012 to 2015, where he was the Principal Investigator for testing and evaluation of the Intelligence Advanced Research Projects Activity (“IARPA”) JANUS program on unconstrained face recognition and a Lead Investigator on the FBI’s Video Analytics Major Issues Study. Dr. Klare’s contributions to the field have been recognized by the biometrics research community through frequent requests to deliver keynote and thought leader presentations from organizations, including the Institute of Electrical and Electronics Engineers (“IEEE”) International Conference on Biometrics: Theory, Applications, and Systems in 2019, and he received the Distinguished Alumni Award from Michigan State University in 2023.

We believe that Dr. Klare is well qualified to serve as our director because of his extensive expertise in the biometrics and computer vision sector, his leadership in advancing ROC’s technologies, and his deep understanding of the Company’s strategic direction as a co-founder.

Joshua Klontz – Chief Technology Officer, Director

Joshua Klontz has been our Chief Technology Officer and Director since 2020. Mr. Klontz co-founded the Company in 2015 and has played an instrumental role in shaping its technology strategy and direction. As Chief Technology Officer, he oversees ROC’s technology strategy and R&D initiatives and has contributed significantly to the Company’s product offerings. Under Mr. Klontz’s technical leadership, ROC has consistently achieved top-tier rankings in NIST evaluations for accuracy and efficiency in face, fingerprint, and iris recognition.

Prior to founding ROC, Mr. Klontz served as a Computer Vision Software Engineer at Noblis and played a critical role in the IARPA Janus program from 2013 to 2015. His work focused primarily on face detection and recognition, including the development of the APIs for Janus. He has a Bachelor of Science in Computer Science from Harvey Mudd and was invited by Michigan State Professor Anil Jain (nationally renowned leader in Computer Vision and Pattern Recognition) to design unconstrained face recognition algorithms in the Pattern Recognition and Image Processing lab. Mr. Klontz’s academic background is further highlighted by his contributions to the field through numerous publications.

We believe that Mr. Klontz is well qualified to serve as our director because of his extensive technical experience in biometric systems, his leadership in developing key technologies like the OpenBR framework and ROC SDK, and his role in shaping the Company’s technology strategy since its founding. His commitment to research and development is a driving force behind ROC’s success as a leading provider of American-made biometric technology.

J. Blake Moore – Chief Operating Officer

J. Blake Moore has been our Chief Operating Officer since October 2024. He previously served as Senior Vice President Product & Customer Success at the Company from 2022 to 2024, where he gained direct knowledge of the Company’s operations and customer base.

Prior to joining ROC, Mr. Moore held various leadership roles at IDEMIA National Security Solutions, a global leader in identity solutions and an authorized enrollment provider for TSA PreCheck. At IDEMIA National Security Solutions, he served as Senior Director of New Product Introduction from 2020 to 2021. At IDEMIA Identity & Security USA LLC (and its predecessor MorphoTrust USA, Inc.), Mr. Moore served as Senior Director of U.S. Business Operations for Enrollment Services from 2017 to 2020, and at MorphoTrust USA, he served as Director of Customer & Business Services, Business Analysis, and Financial Operations. He has an undergraduate degree from Saint Louis University and an MBA from Washington University, along with certifications in SAFe Agile, Lean Six Sigma, Certified Public Accountant, and Certified Internal Auditor.

We believe that Mr. Moore is well qualified to serve as our Chief Operating Officer because of his diverse leadership and operational experience across multiple functions, including operational strategy, cross-functional team management, innovation, and scalability, all of which are essential for a rapidly growing technology company like ROC.

Cody Barnes – Chief Financial Officer

Cody Barnes has been our Chief Financial Officer since December 2021. Earlier in his career at ROC, Mr. Barnes held the position of Director of Finance & Operations from 2016 to 2021, where he developed a strong understanding of the Company’s financial and operational dynamics.

Prior to joining ROC, Mr. Barnes worked as Vice President in Liquidity Reporting at Citigroup Inc. (“Citi”) from 2011 to 2016, where he gained significant experience in financial markets, cash flow management, and regulatory compliance. His experience at Citi, a publicly traded company, provides insight into public company financial operations and regulatory requirements. Mr. Barnes has an undergraduate degree from the University of South Florida and is a licensed Certified Public Accountant with expertise in accounting principles and financial reporting standards.

We believe that Mr. Barnes is well qualified to serve as our Chief Financial Officer because of his proven experience managing the financial operations and growth of the Company, his understanding of the organization’s operational dynamics, and his background at Citi.

Anthony Brown – Chief of Staff

Anthony Brown has been our Chief of Staff since October 2024. Prior to this, he was our Chief Operating Officer from January 2023 to October 2024, where he oversaw all operations of the company and managed the growth of personnel, product lines, and internal corporate processes. Prior to joining ROC as the Chief Operating Officer, he served as the strategic advisor to the ROC executive team from March 2021 to January 2023, providing strategic input to the market, team, and product development of the company.

Prior to his tenure at ROC, Mr. Brown created and grew a consulting company focused on corporate strategy and organizational development, where he advised senior corporate, federal civilian, and military leaders in building programs to commercialize emerging technologies. Mr. Brown has experience managing both startup companies and large teams within both public and private companies. He holds an undergraduate degree from Cornell University and an MBA from Georgetown University.

We believe that Mr. Brown is well qualified to serve as our Chief of Staff based on his decades of experience managing operations and building organizations in both the private and public sectors as they navigate growth.

David Ray – General Counsel

David Ray has returned as our General Counsel as of January 2026, having previously served in the same role from December 2017 to April 2025, with additional roles as our Chief Operating Officer from 2018 to 2022 and our Chief Privacy & Partnership Officer from 2022 to 2025. In these roles, he developed significant experience in software licensing, employment law, strategic partnerships, government relations, patents and business operations.

Prior to joining ROC, Mr. Ray worked as a corporate attorney at Simpson Thacher & Bartlett LLP (“Simpson Thacher”) from 2012 to 2015, Kendall, Koenig & Oelsner, PC (“KKO”) from 2015 to 2016 and Bold Legal, LLC (“Bold Legal”) from 2016 to 2017. As an Associate at Simpson Thacher, an Attorney at KKO and a Founding Partner at Bold Legal, Mr. Ray gained significant experience in both private equity and middle-market mergers and acquisitions and both public and private securities offerings. Mr. Ray started his career as a CDO Banking Analyst at Lehman Brothers, Inc. from 2007 to 2008 and an Associate Strategy Consultant at Axia, Ltd. from 2008 to 2009. During his hiatus from ROC, Mr. Ray served as SVP of Business Development & Legal at Respondus, Inc. from April 2025 to January 2026. Mr. Ray has an undergraduate degree from Harvard College and a law degree from Columbia Law School and is licensed to practice law in Minnesota, California (inactive) and Colorado (inactive).

We believe that Mr. Ray is well qualified to serve as our General Counsel based on his proven experience managing the legal risks of the Company over the last eight years, and his prior career experiences in corporate law practice, securitization banking and corporate strategy.

Edward Davis – Director

Edward Davis has joined ROC’s Board of Directors as an independent director in January 2026. Mr. Davis served as Commissioner at the Boston Police Department for seven years and in leadership positions in local law enforcement departments for over 20 years. He is a public safety leader with 35+ years in law enforcement and has been nationally recognized for crisis leadership during the Boston Marathon bombing, pioneering community policing, and advising both government and private sector on security, intelligence, and resilience.

Mr. Davis has a master’s degree in criminal justice and corrections from Anna Maria College, a fellowship in political science and government from the Harvard Kennedy School, and a bachelor’s degree in criminal justice from Southern New Hampshire University

Brian Hibbeln – Director

Brian Hibbeln has joined ROC’s Board of Directors as an independent director in January 2026. Currently, Mr. Hibbeln serves as a senior fellow at the Potomac Institute for Policy Studies, a senior advisor for Blackstone Private Equity, and a venture partner for SineWave Ventures, LLC. Other key roles include serving as Chief Innovation Officer for NineTwelve, an accelerator connecting innovators with certified demonstration labs and co-founder of the United States Technology Leadership Council, advancing U.S. technology leadership.

Prior to entering the private sector, Mr. Hibbeln served over three decades in the U.S. Defense Department and Intelligence Community, with senior roles including Assistant Deputy Undersecretary of Defense for Special Capabilities in the Office of the Secretary of Defense; First Director of the Special Capabilities Office where he oversaw $2B+ in resources and leading Joint Capability Technology Demonstrations for intelligence, space, airborne, and other remote-sensing operations; Director of the Remote Sensing Center-National Capital Region, where he managed $8B+ in government contracts, while delivering tech demonstrations and operational support to combatant commanders globally; and Chief Scientist and Chief Systems Engineer of Measurement and Signature Intelligence (MASINT) Staff at the National Reconnaissance Office (NRO), where he developed methods to address hard intelligence problems and advanced space based MASINT architectures, while providing recommendations to the Director of Central Intelligence, Congressional staffs, senior policy decisionmakers, and numerous operational and intelligence customers.

Mr. Hibbeln earned a Master of Science degree in Physics from the Air Force Institute of Technology and a Bachelor of Science degree in Physics from the United States Air Force Academy.

Steven Martinez – Director

Steven Martinez has joined ROC’s Board of Directors as an independent director in January 2026. Mr. Martinez is a veteran intelligence leader with 25+ years at the FBI, where he oversaw the Bureau’s Science & Technology Branch, including the Laboratory, Operational Technology, and Criminal Justice Information Services divisions. He has been recognized for advancing biometric innovation, forensic science, and national-scale identity systems across U.S. and allied missions.

Since leaving public service, Mr. Martinez served as Head of Global Security, MGM Resorts International, where he oversaw all activities undertaken by the MGM Resorts International Corporate Security Department and coordinated the comprehensive security function for the enterprise. Mr. Martinez has a Master of Arts degree in political science from the University of California, Berkeley, and a Bachelor of Arts degree in government from Saint Mary’s College of California.

Dawn Meyerriecks – Director

Dawn Meyerriecks has joined ROC’s Board of Directors as an independent director in January 2026. Ms. Meyerriecks is a former Deputy Director of the Central Intelligence Agency (“CIA”) for Science and Technology and is a mission-driven technologist with 40+ years in CIA & national programs. She has led the development and execution of numerous new technology products that support the CIA mission, and she brings both technical and operational experience, aligning innovation and engineering with national security imperatives.

Ms. Meyerriecks has a Master of Science degree in computer science from Loyola Marymount University and a Bachelor of Science degree in Electrical Engineering & Business from Carnegie Mellon University.

Family Relationships

There are no family relationships between or among any of the current directors, executive officers or persons nominated or charged to become directors or executive officers.

Number and Terms of Office of Officers and Directors

Our business and affairs are organized under the direction of our board of directors. As of the date of this Annual Report, our board of directors consists of 7 directors, including 3 executive directors and 4 independent directors. Our bylaws, amended, provide that the number of directors will be fixed by the board of directors or shareholders and that the directors need not be shareholders.

Our officers are appointed by the board of directors and shall hold office at the discretion of the board of directors until their successors are duly appointed and qualified, until the expiration of their term in office if appointed for a specified period of time, or until their earlier death, resignation or removal. Our board of directors is authorized to appoint officers to the offices set forth in our bylaws, as amended.

Board Committees

Our board of directors has established an Audit Committee, a Compensation Committee and a Nominating and Corporate Governance Committee. Our board of directors adopted a charter for each of these three committees. Copies of each committee’s charter are posted on the Investor Relations section of our website, https://investors.roc.ai/. Each of the committees of our board of directors shall have the composition and responsibilities described below. Our board of directors may, from time to time, establish other committees as it deems appropriate.

Audit Committee

As of the date of this Annual Report, Edward Davis, Brian Hibbeln, and Steven Martinez serve as members of our Audit Committee, with Edward Davis serving as the chairman of the Audit Committee. Each of our Audit Committee members satisfies the “independence” requirements of the Nasdaq listing rules and meets the independence standards under Rule 10A-3 under the Exchange Act. Our board of directors has determined that Edward Davis possesses accounting or related financial management experience that qualifies him as an “audit committee financial expert” as defined by the rules and regulations of the SEC. Our Audit Committee oversees our accounting and financial reporting processes and the audits of our financial statements. Our Audit Committee performs several functions, including:

Compensation Committee

As of the date of this Annual Report, Brian Hibbeln, Edward Davis, and Steven Martinez serve as members of our Compensation Committee, with Brian Hibbeln serving as the chairman of the Compensation Committee. All of our Compensation Committee members satisfy the “independence” requirements of the Nasdaq listing rules and meet the independence standards under Rule 10A-3 under the Exchange Act. The functions of this committee include, among other things:

Nominating and Corporate Governance Committee

As of the date of this Annual Report, Steven Martinez and Ed Davis serve as members of our Nominating and Corporate Governance Committee, with Steven Martinez serving as the chairman of the Nominating and Corporate Governance Committee. All of our Nominating and Corporate Governance Committee members satisfy the “independence” requirements of the Nasdaq listing rules and meet the independence standards under Rule 10A-3 under the Exchange Act. The functions of this committee include, among other things:

The nominating and corporate governance committee takes into account many factors in determining recommendations for persons to serve on the board of directors, including the following:

Role of Board in Risk Oversight Process

Our Chief Executive Officer, President, and Chief Technology Officer positions are held by B. Scott Swann, Brendan Klare, and Joshua Klontz, respectively, who currently beneficially own approximately 6.5%, 24.1%, and 24.1%, respectively, of the voting power of our outstanding common stock. Periodically, our board of directors assesses these roles and the board of directors leadership structure to ensure the interests of our company and our stockholders are best served. Our board of directors has determined that our current leadership structure is appropriate. Each of B. Scott Swann, Brendan Klare, and Joshua Klontz has extensive knowledge of all aspects of our company, our business and risks. 

While management is responsible for assessing and managing risks to our company, our board of directors is responsible for overseeing management’s efforts to assess and manage risk. This oversight will be conducted primarily by our full board of directors, which has responsibility for general oversight of risks, and standing committees of our board of directors. Our board of directors will satisfy this responsibility through full reports by each committee chair regarding the committee’s considerations and actions, as well as through regular reports directly from officers responsible for oversight of particular risks within our company. Our board of directors believes that full and open communications between management and the board of directors are essential for effective risk management and oversight.

Compensation Committee Interlocks and Insider Participation

None of our executive officers serves, or in the past has served, as a member of the board of directors or compensation committee, or other committee serving an equivalent function, of any entity that has one or more executive officers who serve as members of our board of directors or our compensation committee. None of the members of our compensation committee will be, or will have ever been, an officer or employee of our company.

Code of Business Conduct and Ethics

We have adopted a written code of business conduct and ethics that applies to our employees, officers, and directors. A current copy of the code is posted on the Investor Relations section of our website, https://investors.roc.ai/. We intend to disclose future amendments to certain provisions of our code of business conduct and ethics, or waivers of such provisions applicable to any principal executive officer, principal financial officer, principal accounting officer or controller, or persons performing similar functions, and our directors, on our website identified above or in filings with the SEC. A copy of the code of business conduct and ethics has been filed herewith, as Exhibit 14.1.

Insider Trading Policies

We have adopted an insider trading policy governing the purchase, sale, and other dispositions of our securities by directors, senior management, and employees. A copy of the insider trading policy has been filed herewith, as Exhibit 19.1.

Involvement in Certain Legal Proceedings

To the best of our knowledge, none of our directors or executive officers has, during the past ten years:

From time to time, we may be subject to various legal or administrative claims and proceedings arising in the ordinary course of business. Litigation or any other legal or administrative proceeding, regardless of the outcome, is likely to result in substantial cost and diversion of our company’s resources, including our company’s management’s time and attention.

Section 16(a) Beneficial Ownership Reporting Compliance

Section 16(a) of the Exchange Act requires our directors and officers, and the persons who beneficially own more than 10% of our common stock, to file reports of ownership and changes in ownership with the SEC. Copies of all filed reports are required to be furnished to us pursuant to Rule 16a-3 promulgated under the Exchange Act. Based solely on the reports received by us and on the representations of the reporting persons, we believe that these persons have complied with all applicable filing requirements during the year ended December 31, 2025.

Item 11. Executive Compensation

The following table sets forth the aggregate compensation paid to our named executive officers for the fiscal years ended December 31, 2025 and 2024. Individuals we refer to as our “named executive officers” include our Chief Executive Officer and two other most highly compensated executive officers whose compensation for services rendered in all capacities equaled or exceeded $100,000 during the fiscal years ended December 31, 2025.

Summary Compensation Table

Employment Arrangements with our Executive Officers and Directors

B. Scott Swann

In January 2021, we entered into an employment agreement with B. Scott Swann (the “Swann Employment Agreement”) in connection with his appointment as our Chief Executive Officer. The material terms of the Swann Employment Agreement are as follows: (i) an annual base salary of $250,000; (ii) eligibility for an annual, performance-based cash bonus of up to 100% of Mr. Swann’s base salary subject to achievement of certain financial performance goals; (iii) an option grant to purchase 501,000  shares of our common stock that was granted at the our first board meeting following the completion of the third-party valuation of our common stock; and (iv) eligibility to participate in our retirement or benefit plans and arrangements that may be made available to our employees.

The above description of the Swann Employment Agreement does not purport to be complete and is subject to and qualified in its entirety by reference to the Swann Employment Agreement, a copy of which is included as Exhibit 10.3 to this Annual Report.

Equity Compensation Plan Information

Our equity compensation program focuses the efforts of our named executive officers on the achievement of long-term objectives and aligns the interests of our named executive officers with those of our shareholders through the grant of equity awards, the value of which depends on our stock performance, to achieve strong long-term performance. In addition, our equity compensation program is intended to allow the Company to recruit and retain exceptional employees, officers, directors and consultants and to provide incentives for such individuals to perform at the highest levels for the benefit of the Company. We have historically granted limited equity awards to motivate and retain key executive talent and align their interests with the long-term interests of shareholders.

2018 Equity Incentive Plan

On September 18, 2018, our Board adopted and our shareholders approved the 2018 Equity Incentive Plan (as amended, “2018 Plan”), which will terminate automatically on September 18, 2028, unless terminated earlier by the Company, and no grants may be granted under the 2018 Plan following such termination. The 2018 Plan provides for (a) the grant of incentive stock options, (b) nonstatutory stock options, (c) stock appreciation rights, and (d) restricted stock.

Any shares subject to an outstanding grant made under the 2018 Plan will be returned to the 2018 Plan’s share reserve and will be available for issuance in connection with subsequent grants under the 2018 Plan to the extent: (a) any option expires or otherwise terminates, in whole or in part, without having been exercised in full; (b) any shares of common stock issued under a restricted stock award or option are subsequently repurchased by the Company; or (c) any stock appreciation rights expire or otherwise terminate, in whole or in part, without having been realized.

In the event that the Company is subject to a change in control, merger, consolidation or similar transaction, the board of directors may (i) arrange for the surviving corporation or acquiring corporation to assume the equity incentives; (ii) arrange for lapse of or assignment to the surviving corporation or acquiring corporation of any reacquisition or repurchase rights held by the Company; (iii) accelerate vesting of the equity incentives; (iv) cancel or arrange for cancellation of the equity incentives or (v) make a payment equal to the value of the property the participant would have received upon exercise of the equity incentive immediately prior to the transaction over any exercise price payable in connection with such exercise.

The 2018 Plan will be administered by the Board, acting subject to the 2018 Plan. Subject to the general purposes, terms, and conditions of the 2018 Plan, and any charter adopted by the Board governing the actions of the Compensation Committee, the Compensation Committee will have full power to implement and carry out the 2018 Plan, including determining the terms and conditions of, and to institute, any exchange program (including an option repricing without shareholder approval) and delegate any of its duties under the 2018 Plan to one or more officers or employees pursuant to a specific delegation as permitted by the terms of the 2018 Plan and applicable law.

The Company may amend the 2018 Plan or any grant in any respect the Company deems necessary or advisable, subject to the limitations of applicable law and the 2018 Plan.

2026 Equity Incentive Plan

On January 8, 2026, our Board adopted and our shareholders approved the 2026 Equity Incentive Plan (“2026 Plan”), which will terminate automatically on January 7, 2036, unless terminated earlier by the Company, and no grants may be granted under the 2026 Plan following such termination. The 2026 Plan provides for (a) the grant of incentive stock options, (b) nonstatutory stock options, (c) stock appreciation rights, (d) restricted stock awards, (e) restricted stock unit awards, (f) performance awards and (g) other stock awards.

The total number of shares of common stock reserved and available for issuance pursuant to the 2026 Plan will not exceed the initial share reserve of 1,000,000 shares plus an annual automatic increase on January 1, 2027 and each year thereafter equal to the lesser of (i) 3% of the total number of shares of common stock outstanding on the last day of the immediately preceding fiscal year, or (ii) such lesser number of shares of common stock as may be determined by the Board. If any equity incentive under the 2026 Plan (i) expires or otherwise terminates without all of the shares of common stock having been issued or (ii) is settled in cash, such expiration, termination or settlement will not reduce the number of shares available for issuance under the 2026 Plan. If any shares of common stock issued pursuant to any form of stock award under the 2026 Plan are forfeited back to or repurchased by the Company because of the failure to meet a contingency or condition required to vest such shares, then the shares that are forfeited or repurchased will revert to and again become available for issuance under the 2026 Plan. Any shares reacquired by or withheld by the Company in satisfaction of tax withholding obligations on any form of stock award or as consideration for the exercise or purchase price of any form of stock award will again become available for issuance under the 2026 Plan.

In the event that the Company is subject to a change in control, merger, consolidation or similar transaction, the board of directors may (i) arrange for the surviving corporation or acquiring corporation to assume or continue the equity incentives under the 2026 Plan or substitute a similar equity incentive; (ii) arrange for lapse of or assignment to the surviving corporation or acquiring corporation of any reacquisition or repurchase rights held by the Company; (iii) accelerate vesting of the equity incentives; (iv) cancel or arrange for cancellation of the equity incentives or (v) make a payment equal to the value of the property the participant would have received upon exercise of the equity incentive immediately prior to the transaction over any exercise price payable in connection with such exercise.

The 2026 Plan will be administered by the Board, acting subject to the 2026 Plan. Subject to the general purposes, terms, and conditions of the 2026 Plan, and any charter adopted by the Board governing the actions of the Compensation Committee, the Compensation Committee will have full power to implement and carry out the 2026 Plan, including determining the terms and conditions of, and to institute, any exchange program (including an option repricing without shareholder approval) and delegate any of its duties under the 2026 Plan to one or more officers or employees pursuant to a specific delegation as permitted by the terms of the 2026 Plan and applicable law.

The Company may amend the 2026 Plan or any grant in any respect the Company deems necessary or advisable, subject to the limitations of applicable law and the 2026 Plan.

Compensation of Directors

We have no formal plan for compensating our directors for their service in their capacity as directors, although our directors may receive stock options to purchase common stock or other equity incentives as awarded by our board of directors or our compensation committee. Directors are entitled to reimbursement for reasonable travel and other out-of-pocket expenses incurred in connection with attendance at meetings of our board of directors. Our board of directors may award special remuneration to any director undertaking any special services on our behalf other than services ordinarily required of a director. No director received and/or accrued any cash compensation for their services as a director, including committee participation and/or special assignments. 

Outstanding Equity Awards at Fiscal Year-End

The following table provides information regarding outstanding options to acquire our common stock held by each of the named executive officers as of December 31, 2025 including the vesting dates for the portions of these awards that had not vested as of that date. The named executive officers did not hold any other outstanding equity awards as of that date.

Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters

Security Ownership of Certain Beneficial Owners and Management

The following table sets forth certain information concerning the ownership of our common stock as of March 27, 2026, with respect to: (i) each person, or group of affiliated persons, known to us to be the beneficial owner of more than 5% of our common stock; (ii) each of our directors; (iii) each of our named executive officers; and (iv) all of our current directors and executive officers as a group.

Applicable percentage ownership is based on 19,080,127 shares of common stock outstanding as of March 27, 2026.

We have determined beneficial ownership in accordance with the rules of the SEC. These rules generally attribute beneficial ownership of securities to persons who possess sole or shared voting or investment power with respect to such securities. In addition, pursuant to such rules, we deemed outstanding shares of common stock subject to options, warrants, and other securities held by that person that are exercisable or convertible currently or within 60 days of March 27, 2026, if any. We did not deem such shares outstanding, however, for the purpose of computing the percentage ownership of any other person. Except as indicated by the footnotes below, we believe, based on the information furnished to us, that the beneficial owners named in the table below have sole voting and investment power with respect to all shares of our common stock that they beneficially own, subject to applicable community property laws.