44/264 We also are subject to payment card association operating rules, certification requirements, and rules governing electronic funds transfers, which could change or be reinterpreted to make it more difficult for us to comply. Currently, we are fully compliant with the Payment Card Industry Data Security Standard v3.2 (“PCI DSS”), a security standard with which companies that collect, store, or transmit certain data regarding credit and debit cards, credit and debit card holders, and credit and debit card transactions are required to comply. This is an annual certification exercise, and if we fail to comply, we may violate payment card association operating rules, U.S. federal and state laws and regulations, and the terms of our contracts with payment processors and merchant banks. Such failure to comply fully also may subject us to fines, penalties, damages, and civil liability, and may result in the loss of our ability to accept credit and debit card payments. Further, there is no guarantee that, even if we are in compliance with PCI DSS, we will maintain PCI DSS compliance or that such compliance will prevent illegal or improper use of our payment systems or the theft, loss, or misuse of data pertaining to credit and debit cards, credit and debit card holders, and credit and debit card transactions. If we fail to adequately control fraudulent credit card transactions, we may face civil liability, diminished public perception of our security measures, and significantly higher credit cardrelated costs, each of which could adversely affect our business, financial condition, and results of operations. If we are unable to maintain our chargeback rate or refund rates at acceptable levels, credit card and debit card companies may increase our transaction fees or terminate their relationships with us. Any increases in our credit card and debit card fees could adversely affect our results of operations, particularly if we elect not to raise our rates for our Premium Service to offset the increase. The termination of our ability to process payments on any major credit or debit card would significantly impair our ability to operate our business. We are subject to a number of risks related to other payment solution providers. We accept payments through various payment solution providers, such as telco integrated billings and prepaid codes vendors. These payment solution providers provide services to us in exchange for a fee, which may be subject to change. Furthermore, we rely on their accurate and timely reports on sales and redemptions. If such accurate and timely reports are not being provided, it will affect the accuracy of our reports to our licensors, and also affect the accuracy of our financial reporting. We face many risks associated with our international expansion, including difficulties obtaining rights to stream music on favorable terms. We are continuing to expand our operations into additional international markets. However, offering our Service in a new geographical area involves numerous risks and challenges. For example, the licensing terms offered by rights organizations and individual copyright owners in countries around the world are currently expensive. Addressing licensing structure and royalty rate issues in any new geographic market requires us to make very substantial investments of time, capital, and other resources, and our business could fail if such investments do not succeed. There can be no assurance that we will succeed or achieve any return on these investments. In addition to the above, continued expansion around the world exposes us to other risks such as: • lack of wellfunctioning copyright collective management organizations that are able to grant us music licenses, process reports, and distribute royalties in markets; • fragmentation of rights ownership in various markets causing lack of transparency of rights coverage and overpayment or underpayment to record labels, music publishers, artists, performing rights organizations, and other copyright owners; • difficulties in obtaining license rights to local repertoire; • difficulties in achieving market acceptance of our Service in different geographic markets with different tastes and interests; 37
Spotify F1 | Interactive Prospectus Page 43 Page 45