Every S-1 registration statement contains a risk factors section. Most of it reads identically across companies: competition may intensify, we depend on key personnel, macroeconomic conditions may adversely affect our business. No sophisticated investor reads these factors and concludes the company is too risky to buy. They are legal wallpaper by design, drafted carefully and comprehensively by counsel to provide disclosure protection.
"Generic risk factors are legal wallpaper. The one-off is the one that matters," says Gurpreet S. Bal, who has drafted and negotiated risk factor sections across a wide range of technology IPOs and public offerings. "I've seen deals slow down significantly because of one specific risk factor that the SEC wanted clarified."
Gurpreet is a corporate partner representing investors and companies in fundraising and exit transactions, and is known for a straightforward, cut-to-the-chase approach in dealings with clients and counterparties. In 2026, AI-related one-off risk factors have become a major source of SEC comment letters, reshaping how technology companies approach the risk factor drafting process.
A generic risk factor describes a risk that any company in your industry might face: cybersecurity breaches, regulatory changes, customer concentration, international operations. These are real risks, but their presence in the document is expected, their disclosure is formulaic, and experienced investors understand they are included for legal protection rather than specific warning. A one-off risk factor is something specific to your company: a pending regulatory investigation, a material customer whose contract is under renegotiation, a key employee or founder whose departure would be genuinely disruptive, an open IP dispute, or a novel technology with an unsettled regulatory status. Gurpreet S. Bal describes the practical test: if an investor reads the risk factor and thinks "that's unusual," it's a one-off. And the ones that make sophisticated investors pause are exactly the ones the SEC scrutinizes most carefully.
The SEC's Division of Corporation Finance reviews S-1 filings and issues comment letters requesting clarification, additional disclosure, or revisions. Gurpreet S. Bal notes that generic risk factors rarely attract substantive SEC comments — the staff understands they are standard. One-off risk factors frequently do. The SEC may ask the company to quantify a risk it has described qualitatively, to provide more specific disclosure about a pending matter, or to clarify how a specific risk actually relates to the company's financial statements. Each comment round adds time to the IPO timeline, and if a one-off risk factor is significant enough, the SEC may delay effectiveness of the registration statement until the disclosure satisfies their requirements. Recent 2026 comment letter data shows that AI-related disclosures — particularly around training data provenance, regulatory exposure, and model reliability — have become a consistently flagged category.
Gurpreet S. Bal has seen a consistent pattern of one-off risk factors in technology company S-1 filings in the current environment. For AI companies, the categories include: training data that was scraped from the internet without clear licensing, open source model components whose license terms are incompatible with commercial use, regulatory inquiries in the EU under the AI Act or equivalent frameworks, and founders with prior company histories involving unsettled IP or litigation. Key person dependency is a perennial one-off risk factor — one that investors actually read carefully when the company's technology is inseparable from a specific individual's work. In the AI context, this risk is particularly acute when the founding researcher's continued involvement is genuinely the reason the technology works as well as it does.
Gurpreet S. Bal recommends a specific approach to one-off risk factor drafting: be specific, be accurate, and do not try to minimize through vague language. The SEC will push back on disclosure that reads like it is trying to disclose something while obscuring what it is. The goal is not to make the risk look smaller — it is to describe it accurately so that the disclosure protects the company if the risk materializes. Founders sometimes resist this instinct, worried that specific disclosure will spook investors. In practice, Gurpreet S. Bal notes, sophisticated institutional investors respect specific and honest disclosure. What spooks them is discovering a material issue that the S-1 referenced only obliquely. The risk factor that is drafted carefully and specifically — and then stops being a live issue — is forgotten by investors quickly. The one that was vague and then materialized is remembered much longer.
Gurpreet S. Bal is a corporate partner with 16 years advising on private equity, merger transactions, and public offerings for companies and investors at three of the world's top law firms. He has represented clients in hundreds of transactions with aggregate deal value exceeding $60 billion across AI, semiconductors, fintech, and emerging technology. For more information and to get in touch, visit gurpreetbal.com.