NYSE: OSCR

Our Offerings

Oscar’s innovative technology-enabled model - made up of Oscar’s insurance business, +Oscar platform, and brokerage services, and enrollment platform - is uniquely positioned to meet the rising expectations of individuals, families, brokers, employers and employees, as well as +Oscar clients. Oscar's insurance business is built on our cloud-native technology platform and our focus on member experience.

Oscar's Insurance Business

Oscar's health plans are offered in the individual market. The individual market primarily consists of policies purchased by individuals and families through health insurance marketplaces, established by the ACA and operated by the federal government, as well as other marketplaces operated by individual states (collectively, “Health Insurance Marketplaces”). Individuals and families may also purchase policies in the individual market off-exchange. Employees whose employers have chosen to offer an ICHRA are also able to purchase Oscar’s health plans. Most ICHRA plans are purchased by employees off-exchange, although they may also be purchased through the Health Insurance Marketplaces.

We offer health plans in the individual market under the five metal plan categories defined by the ACA: Catastrophic, Bronze, Silver, Gold, and Platinum. These plans differ based on the size of the monthly premium and the level of sharing of medical costs between Oscar and our members. Oscar works to bring new and innovative insurance products to market, built to meet the healthcare needs of consumers from various communities. Oscar does this with an eye towards promoting health outcomes, accessibility, affordability, and closing critical gaps in benefits for consumers. Our products help remove financial barriers to high-value services, with a focus on leveraging affordable care, clinical strategies, and our innovative business model, which collectively empower and incentivize our members to have better control of their health. Some of our products incorporate benefits and programs of particular value to certain members, such as our products specifically targeting diabetes, asthma, or menopause.

5

Table of Contents

Our premium rates, along with specific rate changes, are required to be approved by applicable state and federal regulatory agencies in accordance with the ACA. Additionally, various federal and state laws have minimum Medical Loss Ratio (“MLR”) requirements. MLR is defined as provided in Part II, Item 7, “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Components of our Results of Operations—Medical Loss Ratio”. We elect to participate in a given individual market on an annual basis. Our base premiums are subject to a risk adjustment based on the health status of our members relative to the overall health status of all individuals in a given state or market. Risk adjustment is defined as provided in Part II, Item 7, “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Recent Developments, Trends and Other Key Factors Impacting Performance—Risk Adjustment”.

+Oscar Platform

Oscar’s success is built upon our superior member engagement and robust technology platform. Through the +Oscar platform, we deploy our technology to power others throughout the healthcare system. Campaign Builder, our engagement and recommendation platform for providers and payors, leverages predictive analytics to identify high value opportunities for engagement and to deliver personalized interactions with real time reporting and analytics to measure key outcomes and insights. As of December 31, 2025, +Oscar currently serves nearly 0.6 million client lives on its Campaign Builder platform, in addition to the approximately 2.0 million members enrolled in Oscar health insurance.

Brokerage Services and Enrollment Platform

Through Lucie, Inc., one of only 11 CMS-approved solutions, we provide brokers and consumers a marketplace to shop, buy, and enroll in individual medical and supplemental health products. IHC Specialty Benefits, Inc. offers individual medical and supplemental health products across carriers in all 50 states and allows us to offer consumers the supplemental health products they typically buy with health insurance. We also are a resource for consumers looking for health insurance through Healthinsurance.org. We believe these capabilities are important building blocks to support our ICHRA strategy and our long-term strategy to build the leading consumer health marketplace.

Our Provider Contracts and Network

Our health plans include access to a network of high-quality physicians and hospitals, as well as a Care Team that supports members from finding a doctor to navigating costs. As portions of the healthcare system increasingly shift towards offering more selective networks, we believe the insurers that will thrive are those that consistently deliver a high-quality experience by engaging their members and routing care to in-network facilities and physicians that offer quality care at affordable rates. Oscar has exclusive provider organization plans in most of our markets, and also offers HMO plans in select markets. We work with technology-forward, high brand-recognition health systems, including some of the largest health systems in the U.S.

While we generally have a standard set of terms that we propose for our provider contracting relationships, each health market in which we operate is unique, and therefore our negotiated contract terms are specific to each market and health provider. For instance, the fee structures for these contracts vary, and can include fee-for-service arrangements, value-based incentives and payment structures, or payments on a capitation basis.

Membership

Markets

For the 2025 policy year, we offered coverage for individuals and families in 18 states. We regularly evaluate our markets for strategic fit and enter or exit markets accordingly. We have expanded our offerings to 20 states for 2026.

Concentration

We generate the vast majority of our total revenue from health insurance policy premiums. Premiums are collected directly from the Centers for Medicare & Medicaid Services (“CMS”) as part of the advanced premium tax credits (“APTC”) program, as well as from our members. For the year ended December 31, 2025, 93% of premiums were earned directly from CMS and 7% were from our members.

6

Table of Contents

Disaggregated membership information as of December 31, 2025 and 2024 is presented in the tables below:

Membership by Offering

As of December 31,

20252024

Individual and Small Group2,042,449 1,636,400

Cigna+Oscar (1)
— 40,570

Total Members (2)
2,042,449 1,676,970

(1)Represents total membership for our co-branded partnership with Cigna. We did not renew the Cigna+Oscar Small Group arrangement after its initial term ended on December 31, 2024.

(2)Represents effectuated members. Effectuated members are those who are actively enrolled in one of our plans and whose required premium payments have either been made or are within the payment grace period. A member covered under more than one of our health plans counts as a single member for the purposes of this metric.

Membership by State

As of December 31,

20252024

Florida1,179,934871,881

Texas358,910 141,000

Georgia218,746 379,680

Tennessee91,522 31,887

Ohio63,793 82,845

New Jersey35,899 23,416

Iowa20,734 26,767

North Carolina14,427 5,403

Kansas13,986 13,816

Arizona11,398 14,386

Missouri9,482 26,119

New York8,180 10,902

Oklahoma4,260 12,153

Michigan4,258 2,909

Pennsylvania2,716 2,732

Illinois2,316 11,138

Nebraska1,648 929

Virginia240 368

California— 10,981

Connecticut— 7,658

Total2,042,449 1,676,970

Seasonality

Our business is generally affected by the seasonal patterns of our member enrollment, medical expenses, and health plan mix shift and policy design. Special Enrollment Periods (“SEP”) or other market dynamics that drive enrollment and/or mix changes throughout the year may impact the per member levels of premiums, claims, and/or risk adjustment transfers.

SEP refers to a period outside the Open Enrollment Period (“OEP”) when an eligible person can enroll in a health plan or make changes to an existing health plan. A person is generally eligible to participate in a SEP if certain qualifying life events occur, such as losing certain health coverage, moving, getting married, having a baby, or adopting a child or resulting from regulatory requirements.

7

Table of Contents

Members

Our membership is measured as of a particular point in time. Membership may vary throughout the year due to disenrollments, SEP, and other market dynamics that are in effect. Such dynamics may include but are not limited to enhancements, extensions, reductions or eliminations of APTCs; other legislative or regulatory actions, such as recent Congressional and CMS initiatives to improve the integrity in the ACA eligibility and enrollment processes and pre-enrollment verification procedures; individuals disenrolling before they become effectuated members or the removal of members for non-payment or by CMS in accordance with fraud, waste and abuse laws and regulations; Medicaid redeterminations; or other factors that may cause the overall market to grow or decline.

Claims Incurred

Our medical expenses are impacted by seasonal effects on medical costs, as members pay their contractual portion of claims responsibility, meeting their deductibles and out-of-pocket maximums over the course of the policy year, which shift more costs to us in the second half of the year as we pay a higher proportion of covered claims costs. Our medical expenses are also impacted by the number of days and holidays in a given period. Our medical and pharmacy costs can also exhibit seasonality depending on selection effects or changes in the risk profile of our membership and the proportion of our membership that is new in the calendar year. The emergence of medical and pharmacy claims is influenced by the aforementioned drivers, and further mix shifts may continue to alter claims incurred patterns in future periods.

Reinsurance

We believe our reinsurance agreements help us achieve important goals for our business, including risk management and capital efficiency. Our reinsurance agreements are contracted under two different types of arrangements: quota share reinsurance contracts and excess of loss (“XOL”) reinsurance contracts. In quota share reinsurance, the reinsurer agrees to assume a specified percentage of the ceding company’s losses in exchange for a corresponding percentage of premiums. In XOL reinsurance, the reinsurer agrees to assume all or a portion of the ceding company’s losses in excess of a specified amount. Under XOL reinsurance, the premium payable to the reinsurer is negotiated by the parties based on losses on an individual member in a given calendar year and their assessment of the amount of risk being ceded to the reinsurer. In the case of federal and state-run reinsurance programs, no reinsurance premiums are paid. The reinsurance agreements do not relieve us of our primary medical claims incurred obligations.

OUR DIFFERENTIATED TECHNOLOGY PLATFORM

Oscar’s technology stack is purpose-built to empower the modern consumer throughout different stages of life. Since inception, Oscar has been focused on building our technological infrastructure and end-to-end experience. We have built our own cloud-native single-threaded technology platform, meaning it spans all critical healthcare insurance and technology domains, including member and provider data, utilization management, claims management, billing, and benefits. Owning our platform from end to end offers us greater control over the member experience, insurance product development, engagement, and affordability, and enables us to provide a superior experience for our members and providers.

Our technology platform provides members with a simple and intuitive consumer experience that enables them to take control of their healthcare decisions. The Oscar member experience begins with trust and engagement, which we earn by providing our members with features to help them navigate the many disconnected elements of the healthcare ecosystem. Our technology is fueling advancement in member engagement and stakeholder satisfaction by focusing on:

•Powering personalized engagement to drive real-time information flow based on cultural preferences and individual health needs to reduce member friction and improve retention.

•Leveraging AI enabled member and provider service touch points to provide high quality, impactful services at scale, including chatbots to answer health, wellness and insurance plan questions.

•Improving navigation by making it easier for members to receive high-value clinical care through enhanced digital tools and process automation.

•Solving key pain points that unburden providers by reducing administrative tasks, deepening network relationships, and enabling better care delivery for our members (e.g., digitizing provider-member interactions and automating clinical and administrative workflows).

8

Table of Contents

It is the combination of all these factors—trust, engagement, and personalized insights—that enables us to help members find quality care that helps them live the lives they want to live at rates they can afford. Our ability to deliver a high-value product, in turn, engenders more trust, engagement, and ability on our part to provide personalized, data-driven insights. We refer to this virtuous cycle as our member engagement engine.

Product features such as virtual care and our Care Guides are how we build the trust, engagement, and relationships needed to help members bend the cost curve in healthcare. By leveraging Campaign Builder, our engagement and automation engine, we are able to rapidly create and iterate upon omnichannel member outreach programs to drive adherence to important clinical pathways. Owning the technologies that power our business from end to end lets us pioneer new ways of addressing frictions in the healthcare system and is the foundation for Oscar’s mission to make a healthier life accessible and affordable for all. It gives us the power to quickly build software in response to the evolving member and market needs and drive efficiency within our teams by continuously automating areas of our claims processing workflow. Today, this platform provides the foundation for our personalized data insight and analysis as well as our critical cost savings structure. As a result, engagement with our technology platform and customer satisfaction remains high, relative to industry average. During the fourth quarter of 2025, our net promoter score was well above the industry average.

Our platform is an increasingly powerful force driving the performance of Oscar's insurance business – fueling growth, engagement, and operational efficiencies. AI and machine learning technologies (“AI Technologies”) have the potential to further power what we can do. We have embedded AI Technologies across many aspects of our technology stack, including: (i) automation to drive efficiencies in our administrative functions, including virtual care and claims processing, (ii) member personalization, to improve the quality of touchpoints members have with the healthcare ecosystem; and (iii) digital self-service and member-facing agent capabilities to facilitate care and improve the member experience.

We believe competitors who lack this member engagement engine will face significant challenges in replicating our consumer experience, and our platform thus forms an important structural barrier around the innovations we have developed.

OUR STRATEGIC FOCUS

Our long-term vision is to build the consumer marketplace of the future and lead the individual market. We built our strategy around several core trends in healthcare, including rising consumer and employer healthcare costs, consumerization, digitization, and the shift towards personalization. Over time, we have been observing the overall healthcare system move towards these trends, which not only validates our strategy, but provides us with a first mover advantage. We are now a scaled health insurer with approximately 2.0 million effectuated members as of December 31, 2025. We offer an exceptional member experience, high member engagement, innovative products and our own technology stack that we have built from end to end.

We continue to believe ICHRA will disrupt employer group coverage and expand individual insurance beyond the traditional ACA market. Our goal is to position Oscar as the preferred carrier for employees enrolling in health insurance through an ICHRA program. Employers can now offer defined contributions to their employees to access Oscar’s suite of products in the markets where Oscar offers health plans. We are partnering with a variety of ICHRA platforms to transition small-, mid- and large-sized employers to the individual market where their employees can choose an Oscar product that meets their individual needs. The businesses that we purchased in 2025, including Lucie, Inc. and IHC Specialty Benefits, Inc., provide important building blocks to support our ICHRA strategy and long-term vision to build the leading consumer health marketplace.

Our strategic priorities include: building an individual consumer health marketplace that prioritizes choice, quality, and affordability; driving accelerated market growth through expansion and local market excellence; running a great company with market-leading, sustainable, scalable operations; and continually investing in our superior consumer experience and bringing product innovation to the individual market.

9

Table of Contents

HUMAN CAPITAL RESOURCES

As of December 31, 2025, we had approximately 2,305 employees.

At Oscar, we are powered by people from varied and broad backgrounds, experiences, and industries. We foster a culture in which our employees share a common connection to our mission: they are passionate about making a frustrating healthcare system easier, more human, and better for everyone. These principles drive our core values:

1.What we do is a big deal. We’re solving problems that change and save lives.

2.Powered by people. Members above all. Developing and growing others is what raises the bar.

3.No genius without grit. Be relentless. Be scrappy. Trying and failing beats not trying and changing nothing.

4.Seek the truth. But never assume you’ve found it. Be scientific.

5.Inspire and provoke. Develop and display leadership at all levels. Fight to be the best.

6.Be transparent. Give and ask for direct feedback. Be grateful for and excited by the help of others.

7.Make it right. Admit your mistakes. Then learn from them. Never build alone.

Talent Recruitment and Retention

As a mission-driven company, we prioritize attracting and retaining qualified personnel who share our mission to make a healthier life affordable and accessible to all. This centers around what we believe to be a compelling employee value proposition, that includes competitive pay, and benefits, flexible work styles, opportunity to make a real impact towards the Oscar mission, and ongoing performance development.

We compete to hire and retain highly talented individuals from all backgrounds, and we offer our employees compensation packages designed to be competitive and aligned with market best practices. Our compensation packages include base salary and some of the following components, depending on the role, level, and business function: a short-term incentive that takes into account company and individual performance, long-term incentive equity, performance-based equity, commissions, and overtime pay. We believe our compensation philosophy and practice, which is rooted in data and benchmarked to a cohort of peer and broader industry companies, is transparent, systematic, and equitable.

Health and Wellbeing

At Oscar, we believe that making a healthier life affordable and accessible to all begins with our own workforce, and we continually seek opportunities to optimize our employee offerings including events, activities, benefits, perks, and community support. We have invested in a benefits package designed to be comprehensive, and affordable, providing protection and support to help our employees achieve health, financial, and wellness goals, with services including mental health care, fertility support, and family-building benefits. We also believe in the importance of investing in developmental opportunities for our employees, and all employees have access to internally created and third party skills and training programs. Lastly, we recognize that individuals may need to take time away from work for various reasons, so we offer paid time off and leave packages to all full-time employees. This includes wellness days, parental leave, and sabbatical leaves for more tenured employees.

Building Community

We believe that having a varied and broad employee base empowers our community, drives better business outcomes, and ultimately allows us to better serve our members.

10

Table of Contents

Internally, we aim to promote a transparent, systematic approach to our human capital frameworks and operations. Specifically, with respect to compensation, all of our compensation decisions are rooted in benchmarking data and creating parity within like roles and we further reward employees based on performance, where it is warranted, in compliance with applicable federal and other laws and regulations. Our employees are able to view their total compensation package, including their salary band and leveling, which helps employees understand their pay and encourages proactive conversation between managers and employees. We believe our Employee Resource Groups (“ERGs”) are another important part of maintaining different perspectives and fostering connections across our organizations. In 2025, we had nine ERGs which are open to all employees and focused on building community and awareness based on the values that are shared within those groups.

COMPETITION

We operate in a highly competitive environment in an industry subject to significant and ongoing changes, including business and hospital system consolidations, new strategic alliances, market pressures, scientific and technological advances in medical care and therapeutics, as well as regulatory and legislative challenges and reform both at the federal and state levels. This reform includes, but is not limited to, the federal and state healthcare reform legislation described under “—Government Regulation.” In addition, changes to the political environment may drive additional shifts in the competitive landscape.

We compete directly and through independent intermediaries to enroll new and retain existing members, as we currently derive substantially all of our revenue from direct policy premiums. We believe that our principal competitive features affecting our ability to retain and increase membership include the range and prices of health plans offered, breadth and quality of provider network, comprehensiveness of coverage, benefits and wellness programs, quality of service, and member experience, responsiveness to member needs, market presence, financial stability, and reputation.

As attracting new members depends in part on our ability to provide access to competitive provider networks, we compete in establishing such provider networks. We believe that the factors providers consider in deciding whether to contract with a health insurer or HMO (a “Health Insurance Entity”) include existing and potential member volume, reimbursement rates, timeliness and accuracy of claims payment and administrative service capabilities. While our Health Insurance Subsidiaries are required to meet various federal and state requirements regarding the size and composition of our participating provider networks, our business model is based on contracting with selected healthcare systems and other providers, not all systems and providers in a given area. This allows us to work more closely with high quality healthcare systems that engage with us using our technology and to negotiate more favorable reimbursement rates from these healthcare systems.

The relative importance of each of the competitive factors mentioned in the above paragraphs and the identity of our principal competitors for members and providers varies by market and geography. Our principal competitors in the individual market primarily consist of plans offered by national carriers, regional carriers, Medicaid-focused insurers offering Health Insurance Marketplaces products, and local Blue Cross plans.

SALES AND MARKETING

Our marketing and sales initiatives focus on member growth through three primary avenues: acquiring members through brokers, acquiring members directly through Health Insurance Marketplaces, and acquiring members directly through our digital platform. As a part of our ICHRA initiatives, we also partner with ICHRA platform companies to enroll employees in Oscar plans through their platforms.

The vast majority of our membership is acquired through the broker channel, and brokers typically use an EDE platform to enroll the members in plans offered on the Health Insurance Marketplace. As such, we compete through the commissions and bonus structures we pay these partners. As a greater proportion of enrollment in the Health Insurance Marketplaces comes through independent brokers, the amount of compensation paid to these third parties impacts both our ability to retain our current members and obtain new members. Our digital engagement platform, a key element of our retention strategy, is used by brokers and consumers.

Enterprise marketing and sales strategies also include brand awareness campaigns, account-based marketing, business development initiatives, member communications that are focused on member acquisition, and member engagement. We also use the data generated in member support interactions to constantly refine and improve our marketing campaigns.

11

Table of Contents

INTELLECTUAL PROPERTY

We believe that our intellectual property rights are important to our business, and our commercial success depends, in part, on our ability to protect our core technologies, intellectual property and proprietary rights (such as source code, information, data, processes and other forms of information, know-how and technology). We primarily rely on copyright, trademark, and trade secret laws, as well as confidentiality procedures and contractual arrangements to establish and protect our intellectual property. As of December 31, 2025, we exclusively owned four registered trademarks in the United States for our name and names used by our subsidiaries and have applied for five additional trademark registrations covering marks for parts of our business. In addition, we have registered domain names for websites that we use or may use in our business. As of December 31, 2025, we owned no issued patents or pending patent applications anywhere in the world, and therefore, we do not have patent protection for any of our proprietary technology, which includes our full stack technology platform, proprietary software, mobile application (“app”), or web portal. However, our software and other proprietary information are protected by copyright law in the United States upon creation. Copyright registrations, which have so far not been necessary, may be sought on an as-needed basis.

We seek to control access to and distribution of our proprietary information, including our algorithms, source and object code, designs, and business processes, through security measures and contractual arrangements. We seek to limit access to our confidential and proprietary information to a “need to know” basis and enter into confidentiality and nondisclosure agreements with our employees, consultants, members, vendors, and partners that may receive or otherwise have access to any confidential or proprietary information. We also obtain written invention assignment agreements from our employees and consultants that assign to us all right, interest, and title to inventions and work product developed during their employment or service engagement, respectively, with us. In the ordinary course of business, we provide our intellectual property to external third parties through licensing or restricted use agreements. For information on risks associated with our intellectual property rights, see Part I, Item 1A. “Risk Factors—Risks Related to our Business—Failure to secure, protect, or enforce our intellectual property rights could harm our business, results of operations, and financial condition.”

INFORMATION TECHNOLOGY

Our business is dependent on effective, resilient, and secure information systems that assist us in, among other things, monitoring utilization, and other cost factors, processing provider claims, providing data to our regulators, and implementing our data security measures. Our members also depend upon our information systems for enrollment, primary care and specialist physician roster access, and other information, while our providers depend upon our information systems for eligibility verifications, claims status, and other information.

We partner with third parties, including Amazon and Google, to support our information technology systems. We have entered into agreements with third-party vendors who manage certain elements of our information technology infrastructure services including, among other things, our information technology operations, end-user services, and platforms for cloud computing. As a result of such agreements, we have been able to reduce our administrative expenses over time, while improving the reliability of our information technology functions, and maintain targeted levels of service and operating performance. A segment of the infrastructure services is managed within our cloud platform, while other portions of the infrastructure services are managed externally by vendors. Our use of cloud service providers in particular is strategic, due to platform level redundancy in networking and computer hardware. As an example, we distribute our Amazon Web Services (“AWS”) hosted platform across multiple availability zones in an effort to reduce the likelihood of infrastructure failure.

We have established a program of security measures intended to protect our computer systems from security breaches and malicious activity and have implemented controls designed to protect the confidentiality, integrity, and availability of data, including protected health information (“PHI”) and the systems that store and transmit such data. We have employed various technology and process-based methods, such as network isolation, intrusion detection systems, vulnerability assessments, penetration testing, use of threat intelligence, content filtering, endpoint security (including anti-malware and detection response capabilities), email security mechanisms, and access control mechanisms. We also use encryption techniques for data at rest and in transit.

12

Table of Contents

Our information systems and applications require continual maintenance, upgrading, and enhancement to meet our current and expected operational needs and regulatory requirements. We aim to regularly upgrade and expand our information systems’ capabilities. For information on risks associated with our information technology systems, see Part I, Item 1A. “Risk Factors—Risks Related to our Business—If we are unable to integrate and manage our information systems effectively, our operations could be disrupted” and “Risk Factors—Risks Related to our Business—If we or our partners or other third parties with whom we collaborate fail to protect confidential information and/or sustain a data security incident, we could suffer increased costs, material financial penalties, exposure to significant liability, adverse regulatory consequences, and reputational harm, which would materially adversely affect our business, results of operations, and financial condition.”

GOVERNMENT REGULATION

General

Our operations are subject to comprehensive and detailed federal, state, and local laws and regulations throughout the jurisdictions in which we do business. These laws and regulations, which can vary significantly from jurisdiction to jurisdiction, restrict how we conduct our businesses and result in additional burdens and costs to us. Further, federal, state, and local laws and regulations are subject to amendments and changing interpretations in each jurisdiction. In addition, there are numerous proposed healthcare laws and regulations at the federal, state, and local levels. For information on risks associated with our regulatory framework, see Part I, Item 1A. “Risk Factors—Most Material Risks to Us—Any changes to the ACA and its regulations could materially and adversely affect our business, results of operations, and financial condition” and “Risk Factors—Risks Related to the Regulatory Framework that Governs Us.”

Supervisory agencies, including federal and state regulatory and enforcement authorities, have broad authority to:

•grant, suspend, deny, and revoke certificates of authority to transact insurance or licenses to operate as an agency or producer;

•regulate our products and services;

•regulate, limit, or suspend our ability to market and sell products, including the exclusion of our products from Health Insurance Marketplaces, and regulate any applicable commission structures;

•monitor our network of contracted providers to ensure we meet specific state and/or federal quality, adequacy, credentialing, availability and accessibility requirements on an ongoing basis and require regulatory assessment and approval annually as a condition of offering our products;

•approve premium rates;

•monitor our solvency and reserve adequacy;

•scrutinize our investment activities on the basis of quality, diversification, and other quantitative criteria;

•monitor adherence to EDE technical, operational, and monitoring requirements; and

•impose criminal, civil, or administrative monetary penalties, and other sanctions for non-compliance with regulatory requirements.

To carry out the above tasks, CMS, state insurance regulators and other agencies periodically examine our current and past business practices, financials, accounts and other books and records, operations and performance of our health plans, compliance with contracts, adherence to governing rules and regulations and the quality of care we provide to our members, including the quality, credentialing, availability and accessibility of contracted network providers. This information and these practices may be subject to routine surveys, mandatory data reporting and disclosure requirements, regular and special investigations and audits, and from time to time, we may receive subpoenas and other requests for information from government entities. The health insurance business also may be adversely impacted by court decisions that expand or invalidate the interpretations of existing statutes and regulations. It is uncertain whether we can recoup, through higher premiums or other measures, the increased costs caused by potential legislation, regulation, or court rulings.

13

Table of Contents

State Regulation of Insurance Companies and HMOs

Our Health Insurance Subsidiaries must obtain and maintain regulatory approvals to sell specific health plans in the jurisdictions in which they conduct business. The nature and extent of state regulation varies by jurisdiction, and state insurance regulators generally have broad administrative authority with respect to all aspects of the insurance business. The Model Audit Rule, where adopted by states, requires expanded governance practices, risk and solvency assessment reporting and the filing of periodic financial and operating reports. Most states have adopted these or similar measures to expand the scope of regulations relating to corporate governance and internal control activities of Health Insurance Entities. Health Insurance Entities are subject to state examination and periodic regulatory approval renewal proceedings. Some of our business activity is subject to other healthcare-related regulations and requirements, including utilization review, pharmacy service, or provider-related regulations and regulatory approval requirements. These requirements differ from state to state and may contain network adequacy, contracting, product and rate, licensing and financial and reporting requirements. There are laws and regulations that set specific standards for, among other things, delivery of services, appeals, grievances, payment of claims, the quality, credentialing, availability and accessibility of contracted providers participating in our networks, fraud prevention, protection of consumer health information, pricing and underwriting practices, and covered benefits and services.

In addition, we are regulated as an insurance holding company and are subject to the insurance holding company laws of the states in which our Health Insurance Subsidiaries are domiciled. These laws and other laws that govern operations of Health Insurance Entities contain certain reporting requirements, as well as restrictions on transactions between a Health Insurance Entity and its affiliates, and may restrict the ability of our Health Insurance Subsidiaries to pay dividends to our holding companies. For example, under the regulations of certain states, our Health Insurance Subsidiaries may not declare or distribute a dividend to shareholders except out of earned surplus. Holding company laws and regulations generally require registration with applicable state departments of insurance and the filing of reports describing capital structure, ownership, financial condition, certain intercompany transactions, enterprise risks, corporate governance, and general business operations. In addition, state insurance holding company laws and regulations generally require notice or prior regulatory approval of certain transactions including acquisitions, material intercompany transfers of assets, and guarantees and other transactions between the regulated companies and their affiliates, including parent holding companies. Applicable state insurance holding company acts also restrict the ability of any person to obtain control of a Health Insurance Entity without prior regulatory approval. These acts generally define “control” as the direct or indirect power to direct or cause the direction of the management and policies of a person and is presumed to exist if a person directly or indirectly owns or controls 10% or more of the voting securities of another person. Some state laws have different definitions or applications of this standard. Dispositions of control generally are also regulated under applicable state insurance holding company laws.

The states of domicile of our Health Insurance Subsidiaries have statutory risk-based capital (“RBC”) requirements for Health Insurance Entities. Most of our Health Insurance Subsidiaries are subject to requirements based on the National Association of Insurance Commissioners’ (“NAIC”) Risk-Based Capital For Health Organizations Model Act, with a few Health Insurance Subsidiaries subject to state-specific RBC requirements that are not based on, but function similarly to, the Model Act. These RBC requirements are intended to assess the capital adequacy of Health Insurance Entities, taking into account the risk characteristics of a company’s investments and products. In general, under these laws, a Health Insurance Entity must submit a report of its RBC level to the insurance regulator of its state of domicile. These laws typically require increasing degrees of regulatory oversight and intervention if a company’s RBC declines below certain thresholds. As of December 31, 2025, the RBC levels of our Health Insurance Subsidiaries are expected to meet or exceed all applicable mandatory RBC requirements. For more information on RBC capital and additional liquidity and capital requirements, see Part II, Item 7, “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Liquidity and Capital Resources—Overview.”

Additionally, as a company that directly or indirectly controls insurers, we have an obligation to adopt a formal enterprise risk management (“ERM”) function and file enterprise risk reports on an annual basis. The ERM function and reports must address any activity, circumstance, event, or series of events involving the insurer that, if not remedied promptly, is likely to have a material adverse effect upon the financial condition or liquidity of the insurer, including anything that would cause the insurer’s RBC to fall below certain threshold levels or that would cause further transaction of business to be hazardous to policyholders or creditors, or the public. Similarly, in accordance with the NAIC Risk Management and Own Risk Solvency Assessment Model Act, we must complete an annual “own risk and solvency assessment,” which is an internal assessment, appropriate to the nature, scale, and complexity of our company, of the material and relevant risks associated with the current business plan, and of the sufficiency of capital resources to support those risks.

14

Table of Contents

Ongoing Requirements and Changes to the ACA

The ACA significantly changed the United States healthcare system. While we anticipate continued changes with respect to the ACA, either through Congress, court challenges, executive actions, or administrative action, we expect the major portions of the ACA to remain in place and continue to significantly impact our business operations and results of operations, including pricing, minimum MLRs, administration of the risk adjustment program, and the geographies in which our products are available.

The ACA prohibits annual and lifetime limits on essential health benefits, member cost-sharing on specified preventive benefits, and pre-existing condition exclusions. Further, the ACA includes requirements for insurers, including the minimum MLR provision that requires insurers to pay rebates to members when insurers do not meet or exceed the specified annual MLR thresholds and requirements related to the quality, credentialing, availability and accessibility of contracted providers participating in our healthcare professional networks. In addition, the ACA includes a combination of federal and state oversight and strict rules on how health insurance is rated, what benefits must be offered, the assessment of new taxes and fees, the creation of public Health Insurance Marketplaces for individuals and small employer group health insurance and the availability of premium subsidies for qualified individuals. The ACA allows individual states to choose to enact additional state-specific requirements that extend ACA mandates and some of the states where we operate have implemented higher MLR percentage requirements, lower tobacco user rating ratios, and different age curve variations. Changes to our business environment are likely to continue as elected officials at the national and state levels continue to enact, and both elected officials and candidates for election continue to propose significant modifications to existing laws and regulations. For information on risks associated with ACA and changes to ACA, see Part I, Item 1A. “Risk Factors—Most Material Risks to Us—Any changes to the ACA and its regulations could materially and adversely affect our business, results of operations, and financial condition.”

In general, the individual market risk pool that includes Health Insurance Marketplaces has changed significantly since its inception in 2014 and continues to exhibit risk volatility. Based on our experience in Health Insurance Marketplaces to date, we have made adjustments to our premium rates and participation footprint, and we will continue to evaluate the performance of our products going forward.

In addition, insurers have faced uncertainties related to federal government funding for various ACA programs. The ACA established significant subsidies to support the purchase of health insurance by individuals, in the form of APTCs, available through Health Insurance Marketplaces. APTCs are available to most individuals and families making between 100% and 400% of the federal poverty level (“FPL”). The American Rescue Plan Act (“ARPA”) increased the size of APTCs for individuals and families at every income level during 2021 and 2022, and the Inflation Reduction Act of 2022 renewed the eAPTCs for three years through the end of 2025. The eAPTCs resulted in $0 premiums for members under 150% FPL and lower premiums for all income brackets, with no member paying more than 8.5% of their income in premium. The eAPTCs expired at the end of 2025 and the pre-ARPA APTC structure has been reinstated. It is possible Congress may take action in 2026 to reinstate the eAPTC structure. For information on risks associated with the expiration and/or potential renewal of eAPTCs, see “Risk Factors—Most Material Risks to Us—Our success and ability to grow our business depend in part on retaining and expanding our member base. If we fail to add new members or retain current members, or manage our membership growth appropriately to meet our business objectives, our business, revenue, operating results, and financial condition could be harmed”, “—Failure to accurately estimate our incurred medical expenses or overall market morbidity, or effectively manage our medical costs or related administrative costs could negatively affect our financial position, results of operations, and cash flows” and “—Any changes to the ACA and its regulations could materially and adversely affect our business, results of operations, and financial condition.”

Further, implementation of the ACA brought with it significant oversight responsibilities by Health Insurance Entities that may result in increased governmental audits, increased assertions of alleged False Claims Act (“FCA”) liability, and an increased risk of other litigation.

15

Table of Contents

Federal regulatory agencies continue to modify regulations and guidance related to the ACA and Health Insurance Marketplaces more broadly. Some of the more significant ACA rules are described below:

•The minimum MLR threshold for the individual market, as defined by the U.S. Department of Health and Human Services (“HHS”), is 80%. Certain states require us to meet more restrictive MLR thresholds. For example, New York state law requires an 82% MLR for individual products and plans. These minimum MLR thresholds are based on definitions of an MLR calculation provided by HHS, or specific states, as applicable, and differ from our calculation of MLR based on premium revenue and benefit expense as reported in accordance with accounting principles generally accepted in the United States of America (“U.S. GAAP”). Definitions under applicable MLR regulations also impact insurers differently depending upon their organizational structure or tax status, which could result in a competitive advantage to some insurance providers that may not be available to us, resulting in an uneven playing field in the industry. Failure to meet the minimum MLR thresholds triggers an obligation to issue premium rebates to members.

•The ACA directed the HHS Secretary to develop a system that rates qualified health plans (“QHPs”), certified by the Health Insurance Marketplaces based on relative quality and price. As a QHP issuer, we must submit quality rating information in accordance with CMS guidelines as a condition of certification and participation in the Health Insurance Marketplaces. Our overall ratings, represented on a scale of 1.0 to 5.0 stars, are based on three categories: member experience, medical care, and plan administration. Quality rating information for QHPs is publicly displayed and accessible to consumers on all Health Insurance Marketplaces.

•Federal regulations require premium rate increases to be reviewed for individual products above specified thresholds that may be adjusted from time to time and enrollees to be notified of the premium rate increase in advance. The regulations provide for state insurance regulators to conduct the reviews, except in cases where a state lacks the resources or authority to conduct the required rate reviews, in which cases HHS will conduct the reviews.

•Prior to the implementation of the ACA, Health Insurance Entities were permitted to use differential pricing based on factors such as health status, gender, and age. The ACA prohibits Health Insurance Entities from selling ACA-regulated plans in the individual market from using health status and gender in the determination of the insurance premium. In addition, age rating under the ACA is limited to a 3:1 ratio for adults age 21 and older, and tobacco use rating is limited to a 1.5:1 ratio. States also may choose to enact more restrictive rules than the federal minimum standards.

•CMS administers an ACA risk adjustment program, which is a system designed to stabilize premiums across the market by redistributing funds from plans with relatively healthy members to plans with higher-risk members. Under the program, each plan is assigned a risk score based upon demographic information and current year claims information related to its members. Plans with lower than average risk scores relative to the estimated market average risk score, when applied to the statewide average premium, will have a risk adjustment payable into the pool. Inversely, plans with higher than average risk scores relative to the estimated market average risk score, when applied to the statewide average premium, will have a risk adjustment receivable from the pool. In addition, the CMS and the HHS Office of Inspector General (“HHS-OIG”) perform risk adjustment data valuation (“RADV”) audits of health insurance plans, sometimes years after the applicable payment year, to validate the coding practices of and supporting documentation maintained by healthcare providers, and such audits can result in retrospective adjustments to risk transfer payments.

•CMS has oversight of agents, brokers, and EDE entities, all of whom facilitate member enrollments in coverage in the Health Insurance Marketplaces. From time to time, CMS may issue regulations relating to administrative or operational requirements for these entities including but not limited to their licensure, program integrity requirements and processes to confirm eligibility of applicants. CMS has recently been increasingly focused on improving integrity in the eligibility and enrollment process and preventing unauthorized changes in consumer enrollments in the Health Insurance Marketplaces by agents and brokers, and we expect this focus to continue. During the second half of 2024, CMS enacted new measures to respond to increases in unauthorized changes in consumer enrollments by agents and brokers and to reduce consumer burdens related to unauthorized enrollments. While these measures are important to prevent unauthorized enrollments, they may also make it more difficult for individuals to complete valid enrollments in new plans, switch from one plan to another, or obtain APTCs. In addition, on June 25, 2025, CMS issued a rule that created stricter eligibility verification processes for APTCs, as

16

Table of Contents

well as other requirements related to ACA plan enrollment, including shorter OEPs and the suspension of certain SEPs (the “Program Integrity Rules”). On August 22, 2025, in connection with City of Columbus vs. Kennedy, in which the plaintiffs alleged certain provisions of the Program Integrity Rules are contrary to law, a federal district court in Maryland issued a nationwide stay on several provisions of the Program Integrity Rules pending a final ruling on the merits of the case. The stayed provisions were not in effect during the 2026 OEP. Many of the stayed provisions would have otherwise impacted enrollment processes and APTC eligibility during the 2026 OEP. For example, the court stayed the application of a $5 monthly premium to enrollees in $0 premium plans who do not actively reenroll during open enrollment. Provisions of the Program Integrity Rules unaffected by the stay became effective on August 25, 2025. Furthermore, on July 4, 2025, the President signed into law the One Big Beautiful Bill Act (the “OBBBA”) which, among other relevant matters, limits the eligibility of APTCs for certain populations, and requires additional verification procedures to confirm member eligibility for APTCs.

Medicaid redeterminations began on April 1, 2023 and CMS announced an SEP that began March 31, 2023 and ended November 30, 2024 to facilitate enrollment in the ACA by individuals who lost Medicaid coverage under the redetermination process. Our understanding is that in 2024 most states substantially completed the unwinding-related renewals for beneficiaries enrolled in Medicaid or the Children's Health Insurance Program (“CHIP”). We believe these Medicaid redeterminations contributed to increases in our membership in 2024; however, we do not believe that we experienced significant growth in our membership from the Medicaid redetermination process in 2025. We believe that members who have enrolled in the ACA through the Medicaid redetermination process have increased the overall morbidity of the Health Insurance Marketplaces.

The Notice of Benefit and Payment Parameters (“NBPP”) final rule is issued annually and contains comprehensive updates to ACA regulations. The NBPP for policy year 2026 was released on January 13, 2025, and the NBPP for policy year 2027 was proposed on February 9, 2026. QHP issuers on the Federal Marketplace have historically been permitted to offer unlimited non-standard plans. State Based Marketplaces have discretion on whether to impose limits on non-standard plans and approaches vary. In the NBPP for policy year 2024, CMS imposed a limit of four non-standardized plan options on the federal marketplace and in the NBPP for policy year 2025, CMS limited the number of non-standard plan options that QHP issuers may offer on the federal ACA marketplace to two per product network type, per metal level (excluding catastrophic plans). The rule also created an exceptions process for plans offered beyond the limit of two non-standardized plans if they provide twenty five percent reduced cost-sharing for chronic and high-cost condition benefits. This exceptions process provides a limited opportunity for innovation for products designed to serve members with chronic and high-cost condition benefits.The NBPP for policy year 2027 proposes to repeal non-standard plan limits. The NBPP for policy year 2027 also proposes additional provisions that, if enacted, could significantly impact the Health Insurance Marketplace. For more information see “Part I, Item 1, “Business–Government Regulation–Ongoing Requirements and Changes to the ACA”, and Part I, Item 1A. “Risk Factors-Any changes to the ACA and its regulations could materially and adversely affect our business, results of operations, and financial condition.”

Privacy, Confidentiality and Data Standards Regulation

The Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 (together, “HIPAA”) and the administrative simplification provisions of HIPAA impose a number of requirements on covered entities (including Health Insurance Entities group health plans, certain providers, and clearinghouses) and their business associates relating to the use, disclosure and safeguarding of PHI. These requirements include uniform standards of common electronic healthcare transactions and privacy and security regulations, and unique identifier rules for employers, health plans, and providers.

In addition, HIPAA and corresponding implementing regulations have imposed additional requirements on the use and disclosure of PHI such as additional breach notification and reporting requirements, contracting requirements for HIPAA business associate agreements, and strengthened enforcement mechanisms and increased penalties for HIPAA violations. Federal consumer protection laws may also apply in some instances to our privacy and security practices related to personally identifiable information.

17

Table of Contents

On December 27, 2024, HHS, through its Office for Civil Rights (“OCR”), issued a proposed rule to improve cybersecurity and better protect the U.S. health care system from a growing number of cyberattacks. The proposed rule would modify the HIPAA Security Rule to require health plans and payers (Health Insurance Entities), and most health care providers, and their business associates, to strengthen cybersecurity protections for individuals’ PHI. This proposed rule is the latest step taken by OCR to address more frequent cyberattacks targeting the U.S. health care system, consistent with the HHS Healthcare and Public Health critical infrastructure sector Cybersecurity Performance Goals.

We maintain an internal HIPAA compliance program, which is designed to comply with HIPAA privacy and security regulations, adapt to new requirements if finalized, and have dedicated resources to monitor compliance with this program.

In addition, Health Insurance Marketplaces are required to adhere to privacy and security standards with respect to personally identifiable information and to impose privacy and security standards that are at least as protective as those the marketplaces must follow. These standards may differ from, and be more stringent than, HIPAA.

The use and disclosure of certain data that we collect or process about or from individuals are also regulated in some instances by other federal laws, including the Gramm-Leach-Bliley Act (“GLBA”), and state statutes implementing GLBA, in connection with insurance transactions in the states where we operate. Additionally, in response to the growing threat of cyber-attacks in the insurance industry, certain jurisdictions, including New York, have begun to consider new cybersecurity measures, including the adoption of cybersecurity regulations. In March 2017, the New York Department of Financial Services promulgated Cybersecurity Requirements for Financial Services Companies, which were amended in 2023 and require covered financial institutions to establish, implement and maintain a cybersecurity program and cybersecurity policies and procedures that meet specific requirements. Additionally, in 2017 the NAIC adopted the Insurance Data Security Model Law, which established standards for data security and for the investigation and notification of insurance commissioners of cybersecurity events involving unauthorized access to, or the misuse of, certain nonpublic information. A number of states have enacted the Insurance Data Security Model Law or similar laws, and we expect more states to follow.

There are also numerous state and federal laws and regulations related to the privacy and security of health information. Laws in all 50 states require businesses to provide notices to affected individuals whose personal information has been disclosed as a result of a data breach, and certain states require notifications for data breaches involving individually identifiable health information. Most states require holders of personal information to maintain safeguards and take certain actions in response to a data breach, such as maintaining reasonable security measures and providing prompt notification of the breach to affected individuals and the state’s attorney general. For further discussion, see Part I, Item 1A. “Risk Factors—Risks Related to the Regulatory Framework that Governs Us—If we or any of our vendors fail to comply with laws, regulations and standards relating to the handling of information about individuals or applicable consumer protection laws, we may face significant liability, negative publicity, and/or erosion of trust, which could materially affect our business, reputation, results of operations, financial position, and cash flows; additionally, compliance with these laws, regulations, and standards involves significant expenditure and resources.”

Furthermore, states have begun enacting more comprehensive privacy laws and regulations addressing consumer rights to data protection or transparency that may affect our privacy and security practices. The California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act of 2023 (“CPRA”) began a trend toward more stringent privacy legislation in the United States, and multiple states have enacted, or are expected to enact, similar laws, including the Oregon Consumer Privacy Law which took effect on July 1, 2024, and the Minnesota Consumer Data Privacy Act which took effect on July 31, 2025, not all of which exempt Health Insurance Entities categorically. Newer federal regulations requiring additional transparency could also materially impact our operations. These regulations include federal regulation on data interoperability requiring member data to be made available to third parties unaffiliated with Oscar, as well as federal regulations requiring hospitals and insurers to publish negotiated prices for services as well as the most accurate out-of-pocket cost estimate possible based on an individual’s health plan for procedures, drugs, durable medical equipment, and other items or services.

In addition, certain of our businesses are also subject to the Payment Card Industry Data Security Standard (“PCI-DSS”), which is a multifaceted security standard that is designed to protect credit card account data as mandated by payment card industry entities. We rely on vendors to assist us with PCI-DSS matters and to maintain PCI-DSS compliance. Our business and operations are also subject to federal, state, and local consumer protection laws governing the use of email and telephone marketing.

18

Table of Contents

Fraud, Waste and Abuse Laws and the False Claims Act

Because we receive payments from federal governmental agencies, we may be subject to various laws commonly referred to as “fraud, waste, and abuse” laws, including the federal Anti-Kickback Statute, the Physician Self-Referral Law (“Stark Law”), and the FCA. These laws permit the Department of Justice (“DOJ”), the HHS-OIG, CMS, and other enforcement authorities to institute a claim, action, investigation, or other proceeding against us for violations and, depending on the facts and circumstances, to seek treble damages, criminal, civil, or administrative fines, penalties, and assessments. Violations of these laws can also result in exclusion, debarment, temporary or permanent suspension from participation in government healthcare programs, the institution of corporate integrity agreements (“CIAs”), and/or other heightened monitoring of our operations. Liability under such statutes and regulations may arise if, among other things, we knew, or it is determined that we should have known, that information we provided to form the basis for a claim for government payment was false or fraudulent, or that we were out of compliance with program requirements considered material to the government’s payment decision. Companies who receive funds from federal and state governmental agencies are required to maintain compliance programs to detect and deter fraud, waste, and abuse. Although our compliance program is designed to meet all statutory and regulatory requirements, our policies and procedures are frequently under review and subject to updates, and our training and education programs continue to evolve.

Fraud, waste, and abuse prohibitions encompass a wide range of activities, including, but not limited to, kickbacks or other inducements for referral of members or for the coverage of products (such as prescription drugs) by a plan, billing for unnecessary medical services by a healthcare provider, payments made to excluded providers, improper enrollments or manipulative practices and improper marketing and beneficiary inducements. In particular, there has recently been increased scrutiny by the DOJ on health plans’ diagnosis coding and risk adjustment practices, particularly for Medicare Advantage plans, which we offered until the plan year 2024. In addition, CMS is increasingly focusing on allegedly fraudulent behavior by brokers. Under applicable regulatory requirements and our policies, we must take appropriate measures to determine whether there is credible evidence that any of our members, particularly those who receive federal APTCs, were enrolled by brokers without their authorization. In such cases, we conduct certain outreach procedures under our policies and refer instances of potentially unauthorized enrollment to the appropriate authorities for potential rescission, which may also entail retroactive adjustment of membership numbers or rescission of federal APTCs, and if such rescissions are effected following the calculation or payment of our risk adjustment transfer payable or the settlement of claims, the resulting financial impact on us could be compounded. The regulations, contractual requirements, and policies applicable to participants in government healthcare programs are complex and subject to change. Health Insurance Entities, as well as health insurance agencies and EDE entities, are required to maintain compliance programs to prevent, detect, and remediate fraud, waste, and abuse, and are often the subject of fraud, waste, and abuse investigations and audits.

In addition to the FCA, under the federal Civil Monetary Penalties Law, the HHS-OIG has the authority to impose civil penalties against any person who, among other things, knowingly presents, or causes to be presented, certain false or otherwise improper claims. There also is FCA liability for knowingly or improperly avoiding repayment of an overpayment received from the government and/or failing to promptly report and return such overpayment. Qui tam actions can be brought by private individuals (for example, a “whistleblower,” such as a disgruntled current or former competitor, member, or employee) on behalf of the government alleging that a company has defrauded the government, and the FCA permits the private individual to share in any settlement of, or judgment entered in, the lawsuit. Qui tam actions have increased significantly in recent years, causing greater numbers of healthcare companies to have to defend a false claim action, pay substantial settlement amounts, and/or enter into a CIA and/or other heightened monitoring arrangements to avoid exclusion from government healthcare programs as a result of an investigation arising out of such action. See Part I, Item 1A. “Risk Factors—Risks Related to the Regulatory Framework that Governs Us—We are subject to extensive fraud, waste, and abuse laws that may require us to take remedial measures or give rise to lawsuits, audits, investigations and claims against us, the outcome of which may have a material adverse effect on our business, financial condition, cash flows, or results of operations.”

Further, analogous state laws and regulations, such as state anti-kickback and false claims laws, which may apply to sales or marketing arrangements and claims involving healthcare items or services reimbursed by non-governmental third-party payors, including private insurers, may be broader in scope than their federal equivalents; state insurance laws require Health Insurance Entities, as well as health insurance agencies and EDE entities, to comply with state regulations.

19

Table of Contents

Guaranty Fund Assessments

Under certain state insolvency or guaranty association laws, Health Insurance Entities can be assessed for amounts paid by guaranty funds for policyholder losses incurred when a Health Insurance Entity becomes insolvent. Most state insolvency or guaranty association laws currently provide for assessments based upon the amount of premiums received on insurance underwritten within such state (with a minimum amount payable even if no premium is received). Under many of these guaranty association laws, assessments are made or adjusted retrospectively. Some states permit Health Insurance Entities to recover assessments paid through full or partial premium tax offsets, or through future policyholder surcharges. The amount and timing of any future assessments cannot be predicted with certainty; however, future assessments may occur.

Corporate Practice of Medicine and Fee-Splitting Laws

Oscar Medical Group, which consists of five physician-owned professional corporations, functions as a direct medical service provider and, as such, our arrangements with Oscar Medical Group are subject to additional laws and regulations. Some states have corporate practice of medicine laws prohibiting specific types of entities from practicing medicine or employing physicians to practice medicine. Moreover, some states prohibit certain entities from engaging in fee-splitting practices which involve sharing in the fees or revenues of a professional practice. These prohibitions may be statutory or regulatory, or may be imposed through judicial or regulatory interpretation. The laws, regulations and interpretations in certain states have been subject to limited judicial and regulatory interpretation and are subject to change. See Part I, Item 1A. “Risk Factors—Risks Related to Our Business—We make virtual healthcare services available to our members through Oscar Medical Group, in which we do not own any equity or voting interest, and our virtual care availability may be disrupted if our arrangements with providers like the Oscar Medical Group become subject to legal challenges.”

AVAILABLE INFORMATION

Our website is www.hioscar.com. Through the “Investor Relations” section of our website (ir.hioscar.com), we make available free of charge a variety of information for investors, including our annual report on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, and any amendments to those reports, as soon as reasonably practicable after we electronically file that material with or furnish it to the Securities and Exchange Commission (“SEC”).

We announce material information to the public about us, our products and services, and other matters through a variety of means, including filings with the SEC, press releases, public conference calls, webcasts and the investor relations section of our website in order to achieve broad, non-exclusionary distribution of information to the public and to comply with our disclosure obligation under Regulation Fair Disclosure.

The information disclosed by the foregoing channels could be deemed to be material information. As such, we encourage investors, the media, and others to follow the channels listed above and to review the information disclosed through such channels.

Any updates to the list of disclosure channels through which we will announce information will be posted on the “Investor Relations” section of our website. Except as specifically indicated otherwise, the information found or available by hyperlink on our website or any other outlets we identify from time to time is not and shall not be deemed to be part of this or any other report we file with, or furnish to, the SEC.

20

Table of Contents