NASDAQ: VRSN

Pursuant to our agreements with the Internet Corporation for Assigned Names and Numbers (“ICANN”), we make available files containing all active domain names registered in the .com and .net registries. Further, we also make available a summary of the active zone count registered in the .com and .net registries and the number of .com and .net domain name registrations in the domain name base. The zone counts and information on how to obtain access to the zone files can be found at https://www.verisign.com/resources/zone-file/. The domain name base is the active zone plus the number of domain names that are registered but not configured for use in the respective top-level domain zone file plus the number of domain names that are in a client or server hold status. The domain name base may also reflect compensated or uncompensated judicial or administrative actions to keep in or remove from the active zone an immaterial number of domain names. These files and the related summary data are updated at least once per day. The update times may vary each day. The number of domain names provided in this Form 10-K are as of midnight of the date reported.

We announce material financial information to our investors using our investor relations website https://investor.verisign.com, SEC filings, investor events, news and earnings releases, public conference calls and webcasts. We use these channels as well as social media to communicate with our investors and the public about our company, our products and services, and other issues. It is possible that the information we post on social media could be deemed to be material information. Therefore, we encourage investors, the media, and others interested in our company to review the information we post on the social media channels and websites listed below. This list may be updated from time to time on our investor relations website.

https://verisign.com

https://blog.verisign.com

https://facebook.com/verisign

https://x.com/verisign

https://linkedin.com/company/verisign

https://youtube.com/user/verisign

https://dnib.com

https://x.com/dnibrief

The contents of these websites are not intended to be incorporated by reference into this Form 10-K or in any other report or document we file.

Services

We operate the authoritative directory, for all .com, .net, and .name domain names (generic top-level domains, “gTLDs”), as well as for certain transliterations of .com and .net in a number of different native languages and scripts (internationalized

generic top-level domains, “IDN gTLDs”). We also operate the authoritative directory for all .cc domain names (country code top-level domain, or “ccTLD”) and operate the technical or back-end systems for the .edu top-level domain. As the registry or service provider for these top-level domains, our services allow individuals and organizations to establish their online identities, while providing the secure, always-on access they need to communicate and transact reliably with online audiences.

We operate the .com, .net, and .name gTLDs and the IDN gTLDs under registry agreements with ICANN and also, with respect to the .com gTLD, a Cooperative Agreement with the U.S. Department of Commerce (“DOC”). We operate the .cc ccTLD under an agreement with Cocos (Keeling) Islands. Under a separate agreement, we provide back-end services for the .edu top-level domain.

We also perform the Root Zone Maintainer function under an agreement with ICANN for the core of the internet’s DNS and operate two of the thirteen root zone servers that contain authoritative data for the top of the DNS hierarchy.

Our global constellation of DNS servers provides internet protocol (“IP”) address information in response to queries, enabling the use of browsers, email systems, and other systems on the internet. In addition, we own and maintain our shared registration system that allows registrars to enter new second-level domain names into Verisign-operated central directories and to submit modifications, transfers, re-registrations, and deletions for existing second-level domain names (“Shared Registration System”).

Domain names in the registries we operate can be registered for between one and 10 years. Unlike other gTLDs, the prices we charge for .com, .net and .name domain name registrations are subject to restrictions in our agreements with ICANN and our prices may be increased only according to those restrictions. Retail pricing for these domain name registrations is established by registrars. For .com domain name registrations, we pay ICANN on a quarterly basis $0.2575 for each annual domain name registration. For .name domain name registrations, we pay ICANN on a quarterly basis $0.25 for each annual domain name registration. For .net domain name registrations, we remit to ICANN a $0.75 fee per annual domain name registration that is collected from registrars.

Revenues for .cc domain names and our IDN gTLDs are based on prices that are not subject to the same pricing restrictions as those for the .com, .net and .name gTLDs. The fee for our performance of back-end services for the .edu top-level domain is based on the terms of our agreement.

Operations Infrastructure

Our main operations infrastructure consists of secure data centers in Dulles, Virginia; Ashburn, Virginia; and New Castle, Delaware; as well as more than 200 other points of presence around the world. Our domain name servers refer requestors to the associated authoritative name servers for second level domains in the registries we operate or support, thus enabling DNS resolution for .com and .net domain names and for domain names in the other registries that we operate, or for which we provide technical or back-end services. Our servers process hundreds of billions of transactions daily. Our operations infrastructure operates continuously, supporting the security, integrity and availability of our services, which are critical for our business and internet users. The performance and availability of our infrastructure are critical for our business. Key features of our operations infrastructure include:

•Distributed Servers: We operate a large number of high-speed servers globally to support localized transaction processing and performance demands. In conjunction with our proprietary software, processes and procedures, this purpose-built global constellation of servers offers rapid failover, global and local load balancing, and threshold monitoring on critical servers.

•Networking: We deploy and maintain a redundant and diverse global network, maintain high-speed, redundant connections to numerous internet service providers, and maintain hundreds of network interconnection relationships globally to ensure that our critical services are readily accessible to end users.

•Security and Availability: We incorporate architectural concepts such as protected domains, restricted nodes, and distributed access control in our system architecture. In addition, we employ firewalls and intrusion detection software, endpoint and network detection and response systems as well as proprietary security mechanisms at many points across our infrastructure. We perform continuous internal vulnerability testing and periodic controls, audits, and also contract with third-party security organizations to perform periodic penetration tests and security risk assessments on our systems. Software undergoes application security testing prior to deployment and our responsible disclosure program provides an opportunity for external security researchers to be compensated for submitting vulnerabilities to our Information Security team. We have engineered resiliency and diversity across our set of interconnected sites to reduce the risk of unknown vendor defects and zero-day security vulnerabilities. For our critical services, our change management and core rollout processes include testing and validation in multiple test environments, along with a careful phased rollout to the production environment.

•Data Integrity: We use several proprietary systemic integrity checks and validations to ensure data correctness when updating and publishing the DNS records for the registries we operate. These steps include multiple stages of DNSSEC validation to ensure correctness, all of which exist to ensure that the zone can be validated cryptographically so that any changes would be rejected in the event of an error or corruption.

We continuously seek to enhance our infrastructure and capabilities to support both normal and peak system load plus attack volumes based on historical experience, as well as to address reported and projected internet attack trends.

Call Centers and Service Desk: We provide customer support services over the phone, by email, by chat, and through web-based self-help systems. Our support teams are staffed with trained technical customer support personnel. Support is available for customers 24 hours a day.

Operations Support and Monitoring: Through our network operations center, we have an extensive monitoring capability that enables us to track the status and performance of our critical systems, network and services. Our network operations center monitors our systems continuously. We subscribe to an industry leading Managed Detection and Response (MDR) service providing increased security monitoring 24/7/365, in addition to our own internal Verisign Incident Response Team.

Disaster Recovery Plans: We have disaster recovery and business continuity capabilities that are designed to deal with the loss of entire data centers and other facilities. We maintain data centers with mirrored services that allow failover with no data loss and no loss of function or capacity. Our critical data services (including domain name registration) use advanced storage systems and techniques such as synchronous mirroring and remote replication to our global resolution sites to provide data protection. We periodically operate services at alternate data centers during maintenance windows to ensure the availability of our data centers for disaster recovery. Air-gapped backup solutions are regularly maintained along with local and remote disk backups. We also conduct multiple simulations/exercises a year around disaster recovery, large-scale DDoS events, systems failure, ransomware attacks, and many more to broaden and deepen our learnings beyond the normal events we encounter on a day-to-day basis.

Marketing and Distribution

We seek to expand our business through focused marketing campaigns and programs that target growth in .com, .net and .cc domain names, both domestically and internationally through our registrars. We provide tools to be used by both registrars and end users to enable them to find relevant domain names. We have marketing and account management employees in several countries around the world.

Research and Development

We believe that timely development of new and enhanced capabilities for our DNS registration and resolution infrastructure and of new and enhanced ways to ensure the security, stability, and resiliency of our services, are vital to protect our business in an ever-increasing cyberthreat environment, to adapt to evolving internet protocols and standards, and to remain competitive in the marketplace. We also invest in R&D that benefits the DNS and internet community in which we operate more broadly.

Our future success will depend, in large part, on our ability to continue to maintain and enhance our current technologies and services and to develop new ones. We actively investigate and incubate new concepts and evaluate new business ideas through our innovation pipeline. We expect that most of the future enhancements to our existing services and our new services will be the result of internal development efforts in collaboration with suppliers, other vendors, customers, and the technology community. Under certain circumstances, we may also acquire or license technology from third parties.

Competition

We face competition in the domain name registry space from other gTLD and ccTLD registries that are competing for the business of entities and individuals that are seeking to obtain a domain name registration. In addition to the registries we operate or for which we provide technical or back-end services, there are numerous other operational gTLD registries, ASCII ccTLD registries, IDN ccTLD registries, and IDN gTLD registries. Under our agreements with ICANN, we are subject to certain restrictions in the operation of .com, .net and .name on pricing, bundling, marketing, methods of distribution, introduction of new registry services, and use of registrars, that do not apply to ccTLDs and other gTLDs and therefore may create a competitive disadvantage. Among our competitors operating gTLD and ccTLD registries are CentralNic, China Internet Network, DENIC eG, GoDaddy, Google, Identity Digital, Information Center (CNNIC), Nominet, Public Interest Registry (PIR), Radix, and .xyz.

Demand for domain names could be negatively impacted to the extent end-users establish their online identities using social media (such as Facebook, Instagram or TikTok) or transact business on e-commerce platforms (such as Amazon, Etsy

and Taobao) instead of registering domain names. Furthermore, demand for domain names could also be negatively impacted by the activities of providers of web and mobile applications that allow end-users to locate and access content.

Alternative namespaces, new technologies and the expansion of existing technologies, including Artificial Intelligence (“AI”), may increase competitive pressure. Our industry is characterized by collaborative relationships involving our competitors. In the past, certain of our competitors have consolidated or vertically integrated. Our ability to participate and benefit from such collaborative arrangements or consolidations may be limited and such collaborative arrangements and consolidations could harm our competitive position and adversely impact our business.

Industry Regulation

The DNS is governed under a multi-stakeholder model comprised of civil society, the private sector, including for-profit and not-for-profit organizations such as ICANN, governments, including the U.S. government, academia, non-governmental organizations, and international organizations. ICANN plays a central coordination role in this bottom-up multi-stakeholder system. ICANN is mandated through its bylaws to uphold a private sector-led multi-stakeholder approach to internet governance for the public benefit. ICANN’s multi-stakeholder policy development processes have created, and will continue to create, policies, programs, and standards that directly or indirectly impact our business. Certain policies can be adopted as Consensus or Temporary Policies, which we are obligated to follow under our agreements with ICANN.

We are also subject to country-level laws and regulations in the United States and in international locations. In China, we are required to maintain licenses for .com, .net, and .cc under regulations issued by the Ministry of Industry and Information Technology. Additionally, in many jurisdictions in which we operate, including California, the European Union, the United Kingdom, China and elsewhere, strict data security and data privacy regulations have been, or are being, adopted. Because we do not possess extensive personal registrant information, we have not yet experienced significant impacts from these regulations. However, compliance costs and other business impacts could become significant if we begin to receive personal registrant information in our .com and .net gTLDs. Other regulations, or changes to regulations, including those related to cybersecurity, may also significantly impact our business operations.

.com Generic Top-Level Domain

Our operation of the .com gTLD is subject to the terms of a registry agreement with ICANN (as amended, the “.com Registry Agreement”). The current term of the .com Registry Agreement is six years and must be renewed or extended by November 30, 2030. Although the .com Registry Agreement contains a “presumptive” right of renewal, ICANN could terminate or refuse to renew the Registry Agreement in certain prescribed circumstances. See “Risk Factors - Any loss or modification of our right to operate the .com and .net gTLDs could have a material adverse impact on our business and result in loss of revenues.” in Part I, Item 1A of this Form 10-K for further information.

Other significant terms within the .com Registry Agreement include performance specifications and service level agreements, including for example, for the availability of our DNS resolution services, our Shared Registration System, and our Registration Data Directory services, which include our Whois and Registration Data Access Protocol services. The .com Registry Agreement contains marketing limitations, including limitations on our ability to bundle products and the manner in which we provide marketing support to ICANN-accredited registrars. We are also required under the .com Registry Agreement to provide ICANN-accredited registrars with nondiscriminatory access to our systems to register or take other actions related to domain names. In order to introduce new Registry Services or make material changes to existing Registry Services, we must follow prescribed procedures which permit ICANN to review and approve such services.

The .com Registry Agreement permits an increase to the Maximum Price (as defined in the .com Registry Agreement) of .com domain name registrations by up to 7% over the previous year in each of the final four years of each six-year period. The current such six-year period began on October 26, 2024. The restrictions in the .com Registry Agreement relating to vertical integration apply solely to the .com gTLD.

Our operation of the .com gTLD is also subject to the terms of a Cooperative Agreement with the DOC. The Cooperative Agreement has undergone various amendments with the most recent, Amendment 35, on October 26, 2018. On November 30, 2024, the Cooperative Agreement was automatically renewed on the same terms for a successive six-year term and will automatically renew on November 30, 2030, unless the DOC provides written notice of non-renewal within 120 days prior to the end of the then-current term. The Cooperative Agreement requires the mutual consent of the DOC and the Company to change its terms. In addition, under Amendment 35, we have agreed to continue to operate the .com gTLD in a content-neutral manner and to work within ICANN processes to promote the development of content-neutral policies for the operation of the DNS.

The Cooperative Agreement further provides that we shall be entitled at any time during the term of the .com Registry Agreement to seek to remove the pricing restrictions contained in the .com Registry Agreement if we demonstrate to the DOC that market conditions no longer warrant pricing restrictions in the .com Registry Agreement, as determined by the DOC.

DOC approval of changes to or the renewal of the .com Registry Agreement was limited by Amendment 35 to only the following circumstances: (1) changes to the pricing provisions (other than as approved in Amendment 35, which are described above), (2) changes to the vertical integration provisions, (3) changes to the security, stability and resiliency posture as reflected in the functional or performance specifications (including the service level agreements), (4) changes to the conditions for renewal or termination of the .com Registry Agreement, or (5) changes to the Whois service (except as mandated by ICANN through Temporary or Consensus Policies). As was the case with prior amendments, Amendment 35 is not intended to confer federal antitrust immunity on the Company with respect to the .com Registry Agreement.

.net Generic Top-Level Domain

Our operation of the .net gTLD is subject to the terms of a registry agreement with ICANN (as amended, the “.net Registry Agreement”). The .net Registry Agreement was renewed on June 29, 2023. The current term of this agreement is six years and must be renewed or extended by July 1, 2029. The terms of the .net Registry Agreement are substantially similar to the terms of the .com Registry Agreement, except as to ICANN fees as described earlier and that the annual price for new and renewal .net domain name registrations may be increased by 10% each year. Our operation of the .net gTLD is not subject to the terms of the Cooperative Agreement.

Root Operations

We operate two of the world’s thirteen root servers. Along with the ICANN community, we are involved in discussions to establish criteria for operations of the root server system including the root servers that we operate. We also publish the root zone file, as the Root Zone Maintainer, under the Root Zone Maintainer Service Agreement (“RZMA”) with ICANN. The RZMA was renewed on October 20, 2024 and the current term of the RZMA ends on October 20, 2032. The RZMA is subject to an automatic eight-year renewal, unless earlier modified or terminated.

The descriptions of the .com Registry Agreement, the Cooperative Agreement, and the .net Registry Agreement are qualified in their entirety by reference to the text of the complete agreements that are incorporated by reference as exhibits in this Form 10-K.

Human Capital Management

Our employees are mission driven and values focused. Their dedication to these principles forms the backbone that enables Verisign to provide for the security, stability, and resiliency of the DNS and the internet. We recognize the importance of talent and culture in driving an environment that fosters high performance, collaboration, belonging, and integrity in all aspects of our work.

We are committed to attracting, developing, and retaining the best talent, and we routinely monitor and present our progress in these areas to executive management and the Compensation Committee of our Board of Directors. As of December 31, 2025, we had 928 employees, of which 926 were full-time. 859 employees (representing approximately 93% of our total workforce) were based in the U.S., and 69 employees (representing approximately 7% of our total workforce) were based outside the U.S. As of December 31, 2025, approximately 30% of our global workforce was female, and approximately 46% of our U.S. employees were ethnically and racially diverse. No U.S.-based employees are represented under collective bargaining agreements. Based on periodic monitoring, we believe that our employee turnover is relatively low compared to competitive benchmarks and historical trends. We attribute our strong retention rates to our employees’ passion for and focus on the Company’s mission and values, our continual development of talent, and our delivery of competitive and equitable reward programs. We regularly review our workforce policies, procedures, and training programs, as well as our overall workforce demographics, in an effort to create a high performing, ethical, respectful, and collaborative work environment where employees can thrive.

Employee Engagement: In order to deliver on our mission, we believe it is important to have a highly engaged workforce that exhibits our values, which include: being stewards of the internet, being passionate about technology, respecting others, exhibiting integrity, taking responsibility, and holding ourselves to a higher standard. We strive to create an environment where employees feel a sense of belonging and feel empowered to bring their diverse set of skills, perspectives, and talents to bear. These principles are integrated into our operating model and are foundational to our ability to attract, retain, and develop top talent and allow us to drive stronger overall performance and decision making. To monitor engagement levels and well-being we routinely conduct employee surveys and review key workforce statistics. In our most recent survey conducted in November 2025, approximately 93% of our employee population participated. The survey results indicated that our employees remain highly engaged, have a strong commitment to our mission and values, and are proud to work at Verisign. These sentiments are reflected in our workforce statistics, especially our average employee tenure of approximately 11 years.

Compensation, Pay Equity, and Employee Benefits: To align with our philosophy of providing impactful total rewards, we have practices in place to deliver fair and equitable compensation for employees based on their contribution and performance. We benchmark and regularly review our compensation and benefits against the market to confirm they remain competitive. We

offer a broad and comprehensive set of benefits to meet the diverse needs of our workforce. In addition, we regularly perform analyses on base pay, annual incentives, and long-term incentives to help calibrate compensation and ensure pay equity.

Talent Development and Acquisition: We are committed to the continued development of our people. Strategic talent reviews and succession planning occur on a regular basis where leadership is actively involved in identifying and developing top talent and potential successors for both emergency and long-term succession opportunities. We believe that employee development is anchored in acquiring skills and work experiences that meet the needs of the business and the individual. We focus on leadership capability development and provide opportunities that enhance technical and soft skills to equip our workforce for current and future growth. Our learning opportunities are a blend of on-the-job experiences, instructor-led training, and on-demand learning sessions that meet the unique development needs of our workforce. Additionally, all employees are required to complete annual ethics and compliance and monthly data security trainings. Our managers regularly hold conversations with employees about career management, coaching, and other development opportunities to help encourage and drive the growth of our talent. We are focused on the competitive labor market, and we work diligently to ensure comprehensive sourcing strategies are in place which enable the attraction of the best talent.

Employee Health, Safety and Well-being: We are committed to maintaining a safe and healthy environment for our employees. We have a robust physical safety and security program, including a life safety program which trains employees on appropriate emergency responses. We also offer a holistic wellness experience for our employees through our Mindful Connections program that supports employees across three pillars: physical, emotional, and financial. We support a hybrid work posture where our employees operate under team agreements that set the foundation for operating norms. Most employees are in the office a minimum of two days per week which fosters collaboration while providing employees the flexibility to manage a healthy work-life balance. Our offices remain essential to enabling collaboration, networking, and strategic discussion.

The following table shows a comparison of our consolidated employee headcount, by function:

As of December 31,

202520242023

Employee headcount by function:

Cost of revenues256 256 247

Research and development240 246 244

Selling, general and administrative432 430 417

Total928 932 908

Intellectual Property

We rely on a combination of copyrighted software, trademarks, service marks, patents, trade secrets, know-how, restrictions on disclosure, and other methods to protect our proprietary assets. We also enter into confidentiality and/or intellectual property assignment agreements with our employees, consultants, customers and business partners. We also control access to and distribution of proprietary documentation and other confidential information.

We have been issued numerous patents in the U.S. and abroad, covering a wide range of our technologies. Additionally, we continue to file patent applications with respect to certain of our technologies in the U.S. Patent and Trademark Office and internationally. Patents may not be awarded with respect to these applications and even if such patents are awarded, they may not provide sufficient protection of our technologies. We continue to consider opportunities for strategic growth and use of our patent portfolio.

We have obtained trademark registrations for the VERISIGN mark and VERISIGN logo in the U.S. and certain countries and have pending trademark applications for the VERISIGN logo in a number of other countries. We have common law rights in other proprietary names. We take steps to enforce and monitor potential infringement of Verisign’s trademarks. We rely on the strength of our Verisign brand to help differentiate ourselves in the marketing of our products and services.

Our principal intellectual property consists of, and our success is dependent upon, proprietary software used in our business and certain methodologies (many of which are patented or for which patent applications are pending) and technical expertise and proprietary know-how we use in both the design and implementation of our current and future registry services. We own our proprietary Shared Registration System through which registrars submit second-level domain name registrations for each of the registries we operate, as well as the ATLAS distributed lookup system which processes hundreds of billions of queries per day. Some of the software and protocols used in our business are in the public domain or are otherwise available to our competitors, and some are based on open standards set by organizations such as the Internet Engineering Task Force. To the extent any of our patents are considered “standard essential patents,” we may be required to license such patents to our competitors on fair, reasonable and non-discriminatory terms or otherwise be limited in our ability to assert such patents.

Information About Our Executive Officers

The following table sets forth information regarding our executive officers as of February 5, 2026:

NameAgePosition

D. James Bidzos70
Executive Chairman, President, and Chief Executive Officer

John D. Calys
66 Executive Vice President, Chief Financial Officer

Danny R. McPherson51
Executive Vice President, Technology and Chief Security Officer

Thomas C. Indelicarto62 Executive Vice President, General Counsel and Secretary

D. James Bidzos has served as Executive Chairman since August 2009 and Chief Executive Officer since August 2011 and President since April 2024. He also served as President from August 2011 to February 2020. He served as Executive Chairman and Chief Executive Officer on an interim basis from June 2008 to August 2009 and served as President from June 2008 to January 2009. He served as Chairman of the Board since August 2007 and from April 1995 to December 2001. He served as Vice Chairman of the Board from December 2001 to August 2007. Mr. Bidzos served as Vice Chairman of RSA Security Inc., an internet identity and access management solution provider, from March 1999 to May 2002, and Executive Vice President from July 1996 to February 1999. Prior thereto, he served as President and Chief Executive Officer of RSA Data Security, Inc. from 1986 to February 1999.

John D. Calys has served as Executive Vice President, Chief Financial Officer since May 2025. From 2020 to May 2025, Mr. Calys served as Senior Vice President and Global Controller and as Vice President and Global Controller from 2010 through 2020. He also served as its interim Chief Financial Officer in 2011 and 2012 and Chief Accounting Officer from April 2024 to May 2025. Prior to joining the company Mr. Calys served as Vice President and Controller for XO Communications, Inc., Vice President and Assistant Treasurer for Sprint Nextel Corporation, and Vice President and Assistant Controller for Nextel Communications, Inc. Mr. Calys graduated with a Master of Science, and Bachelor of Science in Accounting and Business Administration from the University of Kansas.

Danny R. McPherson has served as Executive Vice President, Technology and Chief Security Officer since April 2022. From May 2010 to April 2022, he served in various roles of increasing responsibility, including as Chief Security Officer. Prior to joining the Company, Mr. McPherson was Chief Security Officer with Arbor Networks, a cybersecurity solutions company, and prior to that held technical leadership positions in architecture, engineering and operations with Amber Networks, a network technology company; Qwest Communications, Inc., a telecommunications company; Genuity, Inc., a technology company; MCI Communications, Inc., a telecommunications company; and the U.S. Army Signal Corps.

Thomas C. Indelicarto has served as General Counsel and Secretary since November 2014. From September 2008 to November 2014, he served as Vice President and Associate General Counsel. From January 2006 to September 2008, he served as Litigation Counsel. Prior to joining the Company, Mr. Indelicarto was in private practice as an associate at Arnold & Porter LLP and Buchanan Ingersoll (now, Buchanan Ingersoll & Rooney, PC). Mr. Indelicarto also served as a U.S. Army officer for nine years. Mr. Indelicarto holds a J.D. degree from the University of Pittsburgh School of Law and a B.S. degree from Indiana University of Pennsylvania.