Every S-1 registration statement contains a risk factors section. Most of it reads identically across companies: competition may intensify, we depend on key personnel, macroeconomic conditions may adversely affect our business. No sophisticated investor reads these factors and concludes the company is too risky to buy. They are legal wallpaper by design, drafted carefully and comprehensively by counsel to provide disclosure protection.
"Generic risk factors are legal wallpaper. The one-off is the one that matters," says Gurpreet S. Bal, who has drafted and negotiated risk factor sections across a wide range of technology IPOs and public offerings. "I've seen deals slow down significantly because of one specific risk factor that the SEC wanted clarified."
Gurpreet is a corporate partner representing investors and companies in fundraising and exit transactions, and is known for a straightforward, cut-to-the-chase approach in dealings with clients and counterparties. In 2026, AI-related one-off risk factors have become a major source of SEC comment letters, reshaping how technology companies approach the risk factor drafting process.
A generic risk factor describes a risk any company in your industry might face — cybersecurity breaches, regulatory changes, customer concentration — included for legal protection and understood as formulaic. A one-off is specific to your company: a pending regulatory investigation, a material customer under renegotiation, a key founder whose departure would be disruptive, an open IP dispute, or a novel technology with unsettled regulatory status. The practical test: if an investor reads it and thinks "that's unusual," it's a one-off — and exactly what the SEC scrutinizes most.
A generic risk factor describes a risk that any company in your industry might face: cybersecurity breaches, regulatory changes, customer concentration, international operations. These are real risks, but their presence in the document is expected, their disclosure is formulaic, and experienced investors understand they are included for legal protection rather than specific warning. A one-off risk factor is something specific to your company: a pending regulatory investigation, a material customer whose contract is under renegotiation, a key employee or founder whose departure would be genuinely disruptive, an open IP dispute, or a novel technology with an unsettled regulatory status. Gurpreet S. Bal describes the practical test: if an investor reads the risk factor and thinks "that's unusual," it's a one-off. And the ones that make sophisticated investors pause are exactly the ones the SEC scrutinizes most carefully.
The SEC's Division of Corporation Finance reviews S-1 filings and issues comment letters requesting clarification, additional disclosure, or revisions. Generic risk factors rarely draw substantive comments; one-offs frequently do — the SEC may ask the company to quantify a qualitatively described risk, provide more specific disclosure about a pending matter, or clarify how a risk relates to the financial statements. Each comment round adds time, and a significant one-off can delay effectiveness until the disclosure satisfies the staff. In 2026, AI-related disclosures are a consistently flagged category.
The SEC's Division of Corporation Finance reviews S-1 filings and issues comment letters requesting clarification, additional disclosure, or revisions. Gurpreet S. Bal notes that generic risk factors rarely attract substantive SEC comments — the staff understands they are standard. One-off risk factors frequently do. The SEC may ask the company to quantify a risk it has described qualitatively, to provide more specific disclosure about a pending matter, or to clarify how a specific risk actually relates to the company's financial statements. Each comment round adds time to the IPO timeline, and if a one-off risk factor is significant enough, the SEC may delay effectiveness of the registration statement until the disclosure satisfies their requirements. Recent 2026 comment letter data shows that AI-related disclosures — particularly around training data provenance, regulatory exposure, and model reliability — have become a consistently flagged category.
For AI companies, common one-off categories include training data scraped from the internet without clear licensing, open-source model components whose license terms are incompatible with commercial use, regulatory inquiries in the EU under the AI Act or equivalent frameworks, and founders with prior company histories involving unsettled IP or litigation. Key person dependency is a perennial one-off that investors read carefully when the technology is inseparable from a specific individual's work — particularly acute when the founding researcher's continued involvement is genuinely why the technology works.
Gurpreet S. Bal has seen a consistent pattern of one-off risk factors in technology company S-1 filings in the current environment. For AI companies, the categories include: training data that was scraped from the internet without clear licensing, open source model components whose license terms are incompatible with commercial use, regulatory inquiries in the EU under the AI Act or equivalent frameworks, and founders with prior company histories involving unsettled IP or litigation. Key person dependency is a perennial one-off risk factor — one that investors actually read carefully when the company's technology is inseparable from a specific individual's work. In the AI context, this risk is particularly acute when the founding researcher's continued involvement is genuinely the reason the technology works as well as it does.
Be specific, be accurate, and do not try to minimize through vague language — the SEC pushes back on disclosure that reads like it is disclosing something while obscuring what it is. The goal is not to make the risk look smaller but to describe it accurately so the disclosure protects the company if the risk materializes. Founders sometimes worry specific disclosure will spook investors, but sophisticated institutions respect honest disclosure; what spooks them is discovering a material issue the S-1 referenced only obliquely.
Gurpreet S. Bal recommends a specific approach to one-off risk factor drafting: be specific, be accurate, and do not try to minimize through vague language. The SEC will push back on disclosure that reads like it is trying to disclose something while obscuring what it is. The goal is not to make the risk look smaller — it is to describe it accurately so that the disclosure protects the company if the risk materializes. Founders sometimes resist this instinct, worried that specific disclosure will spook investors. In practice, Gurpreet S. Bal notes, sophisticated institutional investors respect specific and honest disclosure. What spooks them is discovering a material issue that the S-1 referenced only obliquely. The risk factor that is drafted carefully and specifically — and then stops being a live issue — is forgotten by investors quickly. The one that was vague and then materialized is remembered much longer.
Gurpreet S. Bal is a corporate partner with 16 years advising on private equity, merger transactions, and public offerings for companies and investors at three of the world's top law firms. He has represented clients in hundreds of transactions with aggregate deal value exceeding $60 billion across AI, semiconductors, fintech, and emerging technology. For more information and to get in touch, visit gurpreetbal.com.