Exhibit 99.3

RISK FACTORS

The following risk factors amend and supplement those included in our annual report on Form 20-F for the fiscal year ended December 31, 2022 filed by Perfect Corp. (together with its subsidiaries, “we”, “our”, “us”, “Perfect” or the “Company”) with the U.S. Securities and Exchange Commission on March 30, 2023 (the “Annual Report”). Investing in the Company’s ordinary shares involves a high degree of risk. You should carefully consider the risks described below, and all other information contained in or incorporated by reference in the Annual Report, before making an investment decision regarding the Company’s securities. These risk factors should be read in conjunction with (i) the Annual Report; and (ii) the other exhibits to our Form 6-K, dated October 3, 2023. Defined terms used, but not defined, in these “Risk Factors” have the meaning ascribed to them in the Annual Report.

Issues relating to the responsible use of our technologies, including AI in our offerings, may result in reputational and financial harm and liability.

Concerns relating to the responsible use of new and evolving technologies, such as AI, in our products and services may result in reputational and financial harm and liability, and may cause us to incur costs to resolve such issues. We are increasingly building AI capabilities into many of our products and services. AI poses emerging ethical issues and presents risks and challenges that could affect its adoption, and therefore our business. If we enable or offer solutions that draw controversy due to their perceived or actual impact on society, such as AI solutions that have unintended consequences or are controversial because of their impact on human rights, privacy, employment, or other social, economic or political issues, or if we are unable to develop effective internal policies and frameworks relating to the responsible development and use of AI models and systems offered through our sales channels, we may experience brand or reputational harm, become less competitive or incur legal liability. Compliance with government regulations relating to AI technologies and AI ethics may also increase the cost of related research and development, and changes in AI-related regulations could disproportionately impact and put us at a disadvantage, requiring us to change our business practices and technologies, which may negatively impact our financial results. Our failure to address concerns relating to the responsible use of AI by us or others could undermine public confidence in AI and slow adoption of AI in our products and services or cause financial and reputational harm.

Our business is subject to complex and evolving U.S. and international laws and regulations regarding privacy and data protection. These laws and regulations are subject to change and uncertain interpretation, which could result in claims, changes to our data and other business practices, regulatory investigations, monetary penalties, increased cost of operations, or declines in consumer growth or engagement, or otherwise harm our business.

Regulatory authorities and governments around the world have implemented and are considering further legislative and regulatory proposals regarding privacy and data protection. New laws and regulations governing new areas of data protection or those imposing more stringent requirements may be introduced in various jurisdictions, including the United States, the European Union, the United Kingdom and the PRC, in which we conduct business or where we may expand. In addition, the interpretation and application of consumer privacy and data protection laws in such jurisdictions are often uncertain, complicated and subject to change, including differentiated requirements for different groups of people or different types of data. It is possible that existing or newly introduced laws and regulations, or their interpretation, application or enforcement, could significantly affect the value of the data collected and generated by us during operation, force us to change our data and other business practices and cause us to incur significant compliance costs.

In the United States, various federal and state regulators, including governmental agencies like the Federal Trade Commission (the “FTC”), have adopted, or are considering adopting, laws and regulations concerning privacy and data protection, such as the Biometric Information Privacy Act in Illinois (the “BIPA”), which has restricted the collection and use of biometric identifiers and biometric information. Certain U.S. state laws may be more stringent or broader in scope, or offer greater individual rights, with respect to personal information than federal, international or other state laws, and such laws may differ from each other, all of which may complicate compliance efforts. For instance, several class action lawsuits have been brought under BIPA, as the statute is broad and still being interpreted by the courts. Certain of our customers and we have been named parties in lawsuits that allege violations of the BIPA through deploying our product and technology, including virtual try-on solutions that may be perceived as subject to these laws and regulations. These lawsuits, any future similar legal proceedings and any government enforcement actions we may become subject to under applicable privacy and data protection laws may cause us significant losses in addition to legal costs, which could adversely affect our business, results of operations and financial condition.

Many jurisdictions have established data privacy and cybersecurity legal frameworks with which we may need to comply. For example, the European Union (the “EU”) has adopted the General Data Protection Regulation (the “GDPR”), which requires covered businesses to comply with rules regarding the processing of personal data, including its use, protection and the ability of persons whose personal data is processed to access, to correct or delete personal data about themselves. Failure to meet GDPR requirements could result in penalties of up to 4% of annual worldwide turnover or EUR 20 million (whichever is the greater). Additionally, the U.K. General Data Protection Regulation (the “U.K. GDPR”) (i.e., a version of the GDPR as implemented into U.K. law) went into effect following the withdrawal of the United Kingdom from the EU. While the GDPR and the U.K. GDPR are substantially the same, going forward there is an increasing risk for divergence in application, interpretation and enforcement of the data privacy and cybersecurity laws and regulations as between the EU and the United Kingdom, which may result in greater operational burdens, costs and compliance risks. Additionally, the GDPR and the U.K. GDPR include certain limitations and stringent obligations with respect to the transfer of personal data from the EU and the United Kingdom to third countries, and the mechanisms to comply with such obligations are also in considerable flux and may lead to greater operational burdens, costs and compliance risks.

The collection, process, and use of personal data in Taiwan is primarily subject to the Personal Data Protection Act (the “PDPA”) and the Enforcement Rules as well as other applicable rulings or regulations issued by the relevant competent authorities, in particular the sectoral rules on the security maintenance plans stipulated by the regulator of different industries. The PDPA applies in principle to all of the data collection and processing activities taking place in Taiwan without regard to whether the data subjects are Taiwanese nationals or not. Pursuant to the PDPA, violating PDPA with an intent to make unlawful profit for oneself or a third party or with an intent to damage the interest of another may lead to criminal penalties. In addition, an administrative fine may be imposed for failure to comply with the requirements under the PDPA, such as the collecting or processing of personal data without a statutory ground, using personal data outside of the scope of the specified purpose under which the personal data was collected, or failure to comply with restrictions on the cross-border transfer of personal data. For any failure to comply with the notification requirements, marketing restrictions, information security requirements, or obligations to respond to data subjects’ requests, the authority may order that correction be made by a certain deadline and impose an administrative fine if correction is not made within such deadline.

The PRC regulatory and enforcement regime with regard to privacy and data security is evolving. Over the last decade, China has been putting great emphasis on cybersecurity administration, which is considered an essential part of national security. Various laws, regulations, measures, and standards form the cybersecurity and data protection legislative framework in China. Governmental authorities, including the Cyberspace Administration of China, the Ministry of Public Security and the State Administration for Market Regulation, are putting great focus on the enforcement of data privacy and protection laws and regulations with varying and evolving standards and interpretations. Violations of data protection laws may lead to administrative penalties, including warnings, orders for rectification, suspension or termination of related businesses issued by competent authorities, revocation of business permits or licenses, or monetary fines; civil liabilities including compensation for infringement upon legitimate rights and interests of individuals and public interests litigation by the People’s Procuratorate depending on the severity and impact of the case; and even criminal liabilities in more severe cases.

As we further grow our business and expand into other markets, we will be subject to additional laws and regulations in other jurisdictions where we operate and where our brand partners and users are located.

The laws, rules and regulations of other jurisdictions may be more comprehensive, detailed and nuanced in their scope, and may impose requirements and penalties that conflict with, or are more stringent than, those we encounter in our current markets. In addition, such laws, rules and regulations may restrict the transfer of data across jurisdictions, which could impose additional and substantial operational, administrative and compliance burdens on us, and may also restrict our business activities and expansion plans, as well as impede our data-driven business strategies. Complying with laws and regulations for an increasing number of jurisdictions could require significant resources and costs, including those associated with adapting our products and solutions. Any failure, or perceived failure, by us to comply with the above and other regulatory requirements or privacy and data protection-related laws, rules and regulations could result in reputational damages or proceedings or actions against us by governmental entities, consumers or other parties. Such proceedings or actions could subject us to significant penalties and negative publicity, require us to change our data and other business practices, increase our costs and severely disrupt our business or hinder our global expansion.

If we were deemed an investment company under the Investment Company Act of 1940, applicable restrictions could have a material adverse effect on our business and the price of our Class A Ordinary Shares.

We believe that we are not an “investment company”, and we do not intend to become registered as an “investment company” under the Investment Company Act of 1940, as amended, or the Investment Company Act. Generally, a company is an “investment company” if it is or holds itself out as being engaged primarily in the business of investing, reinvesting or trading in securities or owns or proposes to own investment securities having a value exceeding 40% of the value of its total assets (exclusive of U.S. government securities and cash items) on an unconsolidated basis, unless an exception, exemption or safe harbor applies. We do not hold ourselves out as being primarily engaged, or proposing to engage primarily, in the business of investing, reinvesting or trading in securities. Rather, we are primarily engaged in the business of providing online cloud-based SaaS solutions to clients in the beauty and fashion industry, and offering certain consumer mobile beauty apps to end users. As of October 3, 2023, we believe that we do not hold any investment securities. We intend to continue to conduct our operations so that we will not be deemed an investment company.

If, at any time, we become or are determined to be primarily engaged in the business of investing, reinvesting or trading in investment securities, we could become subject to regulation under the Investment Company Act. If we were to become subject to the Investment Company Act, any violation of the Investment Company Act could subject us to material adverse consequences, including potentially significant regulatory penalties and the possibility that certain of our contracts would be deemed unenforceable. Additionally, as a foreign private issuer, we would not be eligible to register under the Investment Company Act. Accordingly, we would either have to obtain exemptive relief from the SEC, modify our contractual rights or dispose of investments in order to fall outside the definition of an investment company, each of which may have a material adverse effect on us. Furthermore, we may have to forego potential future acquisitions of interests in companies that may be deemed to be investment securities within the meaning of the Investment Company Act. Failure to avoid being deemed an investment company under the Investment Company Act could also make us unable to comply with our reporting obligations as a public company in the United States and lead to our being delisted from New York Stock Exchange, which would have a material adverse effect on the liquidity and value of our Class A Ordinary Shares. We would also be unable to raise capital through the sale of securities in the United States or to conduct business in the United States. In addition, we may be subject to SEC enforcement actions or civil litigation for alleged violations of U.S. securities laws. Defending ourselves against any such enforcement action or lawsuits would require significant attention from our management and divert resources from our existing businesses and could have a material adverse effect on our results of operations and financial condition.

We may become a passive foreign investment company (“PFIC”), which could result in adverse United States federal income tax consequences to United States investors.

We believe that we were not a PFIC in our prior taxable year, and we do not expect to become a PFIC in the current taxable year or the foreseeable future. However, the determination of whether or not we are a PFIC is made on an annual basis and will depend on the composition of our income and assets from time to time. Specifically, we will be classified as a PFIC for United States federal income tax purposes if either: (1) 75% or more of our gross income in a taxable year is passive income, or (2) the average percentage of our assets by value in a taxable year which produce or are held for the production of passive income (which includes cash) is at least 50%. It is therefore possible that we could become a PFIC in a future taxable year. In addition, our PFIC status may depend in part upon the value of our goodwill which is based on the market value for our Shares. Accordingly, we could become a PFIC in our current taxable year or in the future if there is a substantial decline in the value of our active assets, including a decline in the value of our Shares, or if the amount of cash and other passive assets that we hold increases (for example if a substantial number of Warrants are exercised). If we are or were to become a PFIC, such characterization could result in adverse United States federal income tax consequences to a holder of our Class A Ordinary Shares or Warrants if such holder is a United States investor. For example, if we are a PFIC, our United States investors will become subject to increased tax liabilities under United States federal income tax laws and regulations and will become subject to burdensome reporting.