Atara Biotherapeutics (ATRA) Risk Analysis

In some countries, particularly Member States of the EU and the UK, the pricing of prescription drugs is subject to governmental control. In these countries, pricing negotiations with governmental authorities can take considerable time after receipt of regulatory approval for a product. In addition, there can be considerable pressure by governments and other stakeholders on prices and reimbursement levels, including as part of cost containment measures. Political, economic and regulatory developments may further complicate pricing negotiations, and pricing negotiations may continue after reimbursement has been obtained. Reference pricing used by various EU Member States and parallel distribution, or arbitrage between low-priced and high-priced Member States, can further reduce prices. In some countries, we, or our collaborators, may be required to conduct a clinical study or other studies that compare the cost-effectiveness of our product and product candidates to other available therapies in order to obtain or maintain reimbursement or pricing approval. Publication of discounts by third party payors or authorities may lead to further pressure on the prices or reimbursement levels within the country of publication and other countries. If reimbursement of our products is unavailable or limited in scope or amount, or if pricing is set at unsatisfactory levels, our business could be adversely affected.

The regulations that govern, among other things, regulatory approvals, coverage, pricing and reimbursement for new drug products vary widely from country to country. In the U.S. and some foreign jurisdictions, there have been a number of legislative and regulatory changes and proposed changes regarding the healthcare system that could prevent or delay regulatory approval of our product candidates, restrict or regulate post-approval activities and affect our ability to successfully sell any product and product candidates for which we obtain regulatory approval. In particular, in March 2010, the Patient Protection and Affordable Care Act, as amended by the Health Care and Education Reconciliation Act, collectively, the Affordable Care Act (ACA), was enacted, which substantially changed the way healthcare is financed by both governmental and private insurers, and continues to significantly impact the U.S. pharmaceutical industry. The Affordable Care Act and its implementing regulations, among other things, addressed a new methodology by which rebates owed by manufacturers under the Medicaid Drug Rebate Program are calculated for certain drugs and biologics, including our product candidates, increased the minimum Medicaid rebates owed by manufacturers under the Medicaid Drug Rebate Program, extended the Medicaid Drug Rebate Program to utilization of prescriptions of individuals enrolled in Medicaid managed care organizations, subjected manufacturers to new annual fees and taxes for certain branded prescription drugs, provided incentives to programs that increase the federal government's comparative effectiveness research. Other legislative changes have been proposed and adopted in the U.S. since the ACA was enacted. In August 2011, the Budget Control Act of 2011, among other things, created measures for spending reductions by the U.S. Congress. This includes aggregate reductions of Medicare payments to providers of 2% per fiscal year, which went into effect in April 2013. As a result of the COVID-19 pandemic, this reduction was temporarily suspended from May 1, 2020 through March 31, 2022, with subsequent reductions to 1% from April 1, 2022 until June 30, 2022. The 2% reduction was then reinstated and has been in effect since June 30, 2022, and will remain in effect (with additional reductions of 2.25% in the first half of 2030 and 3% in the second half of 2030 to offset the COVID-19 suspension) until 2031 unless additional Congressional action is taken. In January 2013, the American Taxpayer Relief Act of 2012 was enacted which, among other things, further reduced Medicare payments to several providers, including hospitals and outpatient clinics, and increased the statute of limitations period for the government to recover overpayments to providers from three to five years. There have been judicial and Congressional challenges to numerous elements of the ACA, as well as efforts by both the executive and legislative branches of the federal government to repeal or replace certain aspects of the ACA. While the U.S. Congress has not passed comprehensive repeal legislation, it has enacted laws that modify certain provisions of the ACA, such as removing penalties, starting January 1, 2019, for not complying with the ACA's individual mandate to carry health insurance and eliminating the implementation of certain mandated fees. On June 17, 2021, the U.S. Supreme Court dismissed a legal challenge to the law brought by several states arguing that, without the individual mandate, the entire ACA was unconstitutional. The Supreme Court dismissed the lawsuit without ruling on the merits of the states' constitutionality arguments. Further, the IRA, signed into law in August 2022, extended the provision of enhanced subsidies for individuals purchasing health coverage through the ACA marketplace. The enhanced subsidies, which were originally passed as part of the American Rescue Plan Act are now extended through 2025. In the future, there may be additional challenges and/or amendments to the ACA. It is unclear how future litigation and the healthcare reform measures of the Biden administration will impact the ACA and our business. There have been, and likely will continue to be, legislative and regulatory proposals at the foreign, federal and state levels directed at broadening the availability of healthcare and containing or lowering the cost of healthcare. We cannot predict the initiatives that may be adopted in the future. The continuing efforts of governments, insurance companies, managed care organizations and other payors of healthcare services to contain or reduce costs of healthcare, including by imposing price controls, may adversely affect the demand for our product and product candidates for which we obtain regulatory approval and our ability to set a price that we believe is fair for our products. Any reduction in reimbursement from Medicare or other government programs may result in a similar reduction in payments from private payors. For example, in April 2023, the European Commission adopted a wide-ranging proposal for a new Directive and a new Regulation. If made into law, this proposal will revise and replace the existing general pharmaceutical legislation. This change will likely result in significant changes to the pharmaceutical industry. In particular, it is expected that the new Directive and Regulations will, if made into law, affect the duration of the period of regulatory protection afforded to medicinal products including regulatory data protection (also called "data exclusivity"), marketing exclusivity afforded to orphan medicinal products, as well as the conditions of eligibility to the orphan designation. Legislative and regulatory proposals have been made to expand post-approval requirements and restrict sales and promotional activities for pharmaceutical products. We cannot be sure whether additional legislative changes will be enacted, or whether the U.S. or foreign regulations, guidance or interpretations will be changed, or what the impact of these changes on the regulatory approvals of our product and product candidates, if any, may be. In the U.S., the EU and other potentially significant markets for our product and product candidates, government authorities and third party payors are increasingly attempting to limit or regulate the price of medical products and services, particularly for new and innovative products and therapies, which has resulted in lower average selling prices for certain products in certain markets. In the U.S., there have been several Congressional inquiries and proposed and enacted federal and state legislation designed to, among other things, bring more transparency to drug pricing, review the relationship between pricing and manufacturer patient programs, and reform government program reimbursement methodologies for drugs. For example, the Consolidated Appropriations Act of 2021 included several drug price reporting and transparency measures, such as a new requirement for certain Medicare plans to develop tools to display Medicare Part D prescription drug benefit information in real time and for group and health insurance issuers to report information on pharmacy benefit and drug costs to the Secretaries of Health and Human Services, Labor, and the Treasury. Additionally, the IRA allows Medicare to: beginning in 2026, establish a "maximum fair price" for certain pharmaceutical and biological products covered under Medicare Parts B and D; beginning in 2023, penalize drug companies that raise prices for products covered under Medicare Parts B and D faster than inflation; and beginning in 2025 impose new discount obligations on pharmaceutical and biological manufacturers for products covered under Medicare Part D. CMS has also taken steps to implement the IRA, including: on June 30, 2023, issuing guidance detailing the requirements and parameters of the first round of price negotiations, to take place during 2023 and 2024, for products subject to the "maximum fair price" provision that would become effective in 2026; on August 29, 2023, releasing the initial list of ten drugs subject to price negotiations; on November 17, 2023, releasing guidance outlining the methodology for identifying certain manufacturers eligible to participate in a phase-in period where discounts on applicable products will be lower than those required by the Medicare Part D Manufacturer Discount Program; and on December 14, 2023, releasing a list of 48 Medicare Part B products that had an adjusted coinsurance rate based on the inflationary rebate provisions of the IRA for the time period of January 1, 2024 to March 31, 2024. While it remains to be seen how the drug pricing provisions imposed by the IRA will affect the broader pharmaceutical industry, several pharmaceutical manufacturers and other industry stakeholders have challenged the law, including through lawsuits brought against the U.S. Department of Health and Human Services, the Secretary of the U.S. Department of Health and Human Services, CMS, and the CMS Administrator challenging the constitutionality and administrative implementation of the IRA's drug price negotiation provisions. There have also been administrative developments in the U.S. related to drug pricing. For example, on February 2, 2022, the Biden Administration signaled its continued commitment to the Cancer Moonshot initiative, which was initially launched in 2016. In its announcement, the administration noted that its new goals under the initiative include addressing inequities in order to ensure broader access to cutting-edge cancer therapeutics and investing in a robust pipeline for new treatments. On September 12, 2022, President Biden issued an Executive Order to promote biotechnology and biomanufacturing innovation. The Order noted several methods through which the Biden Administration would support the advancement of biotechnology and biomanufacturing in healthcare, and instructed the Department of Health and Human Service to submit, within 180 days of the Order, a report assessing how to use biotechnology and biomanufacturing to achieve medical breakthroughs, reduce the overall burden of disease, and improve health outcomes. On October 14, 2022 President Biden issued an Executive Order on Lowering Prescription Drug Costs for Americans, which instructed the Secretary of the Department of Health and Human Services to consider whether to select for testing by the CMS Innovation Center new health care payment and delivery models that would lower drug costs and promote access to innovative drug therapies for beneficiaries enrolled in the Medicare and Medicaid programs. The Executive Order further directed the Secretary of the Department of Health and Human Services to submit, within 90 days of the date of the Executive Order, a report regarding any models that may lead to lower cost-sharing for commonly used drugs and support value-based payment that promotes high-quality care. Most recently, on February 14, 2023, the Department of Health and Human Services issued a report in response to the October 14, 2022 Executive Order, which, among other things, selects three potential drug affordability and accessibility models to be tested by the CMS Innovation Center. Specifically, the report addresses: (1) a model that would allow Part D Sponsors to establish a "high-value drug list" setting the maximum co-payment amount for certain common generic drugs at $2; (2) a Medicaid-focused model that would establish a partnership between CMS, manufacturers, and state Medicaid agencies that would result in multi-state outcomes-based agreements for certain cell and gene therapy drugs; and (3) a model that would adjust Medicare Part B payment amounts for Accelerated Approval Program drugs to advance the developments of novel treatments. On August 29, 2023, CMS released an initial list of ten drugs subject to price negotiations. This negotiation process will occur during 2023 and 2024 and result in maximum prices that will be effective beginning in 2026. While it remains to be seen how the drug pricing provisions imposed by the Inflation Reduction Act (IRA) will affect the broader pharmaceutical industry, several pharmaceutical manufacturers and other industry stakeholders have challenged the law, including through lawsuits brought against the U.S. Department of Health and Human Services, the Secretary of the U.S. Department of Health and Human Services, CMS, and the CMS Administrator challenging the constitutionality and administrative implementation of the IRA's drug price negotiation provisions. Other proposed administrative actions may affect our government pricing responsibilities. For example, CMS has issued proposals to amend the existing Medicaid Drug Rebate Program regulations. In addition, there are pending legal and legislative developments relating to the 340B drug pricing program, including ongoing litigation challenging federal enforcement actions against manufacturers and recently introduced and enacted state legislation. It remains to be seen how these drug pricing initiatives will affect the broader pharmaceutical industry. At the state level, legislatures have increasingly passed legislation and implemented regulations designed to control pharmaceutical and biological product pricing, including price or patient reimbursement constraints, discounts, restrictions on certain product access and marketing cost disclosure and transparency measures, and, in some cases, to encourage importation from other countries and bulk purchasing. Another emerging trend at the state level is the establishment of prescription drug affordability boards, some of which will prospectively permit certain states to establish upper payment limits for drugs that the state has determined to be "high-cost". Furthermore, the increased emphasis on managed healthcare in the U.S. and on country and regional pricing and reimbursement controls in the EU will put additional pressure on product pricing, reimbursement and usage, which may adversely affect our future product sales. These pressures can arise from rules and practices of managed care groups, other insurers, judicial decisions and governmental laws and regulations related to Medicare, Medicaid and healthcare reform, pharmaceutical reimbursement policies and pricing in general. In addition, there is significant uncertainty regarding the reimbursement status of newly approved healthcare products. We may need to conduct expensive pharmacoeconomic studies in order to demonstrate the cost-effectiveness of our product and product candidates. If third party payors do not consider our product and product candidates to be cost-effective compared to other therapies, the payors may not cover our product and product candidates after approval as a benefit under their plans or, if they do, the level of payment may not be sufficient to allow us to sell our products on a profitable basis.

We are or may become subject to numerous domestic and foreign laws and regulations regarding privacy, data protection, and data security, the scope of which is changing, subject to differing applications and interpretations and may be inconsistent among countries, or conflict with other rules. We are also subject to the terms of our contractual obligations to customers and third parties related to privacy, data protection, and data security. The actual or perceived failure by us, our customers, our vendors, or other relevant third parties to address or comply with these laws, regulations, and obligations could increase our compliance and operational costs, expose us to regulatory scrutiny, actions, fines and penalties, cause regulators to reject, limit or disrupt our clinical trial activities, result in reputational harm, lead to a loss of customers, reduce the use of our products, result in litigation and liability, and could otherwise cause a material adverse effect on our business, financial condition, and results of operations. For example, the EU General Data Protection Regulation (EU) 2016/679 (EU GDPR) imposes strict requirements on in-scope organizations regarding the processing of personal information (i.e., data which identifies an individual or from which an individual is identifiable) of individuals (or data subjects). The EU GDPR governs the collection, use, disclosure, transfer and other processing of personal information and has direct effect in all EU Member States and extraterritorial effect where organizations outside of the European Economic Area (EEA) process personal information of individuals in the EEA in relation to the offering of goods or services to those individuals or the monitoring of their behavior. The UK has implemented the EU GDPR into its national law by virtue of section 3 of the European Union (Withdrawal) Act as the UK GDPR (together, the UK GDPR and the EU GDPR, the GDPR). Under the UK GDPR, companies established in the UK and companies not established in the UK but who process personal information of individuals in the UK in relation to the offering of goods or services to those individuals, or to the monitoring of their behavior will be subject to the UK GDPR. As such, the GDPR applies to us to the extent we are established in an EU Member State or the UK, we are processing personal information in the context of an establishment in an EU Member State or the UK or we are processing personal information in relation to the offering of goods or services to individuals in the EEA or the UK or monitoring their behavior. The GDPR imposes onerous and comprehensive privacy, data protection, and data security obligations onto controllers, including, as applicable: (i) contractual privacy, data protection, and data security commitments, including the requirement to implement appropriate technical and organizational measures to safeguard personal information processed; (ii) establishing means for individuals to exercise their data protection rights (e.g., the right to erasure of personal information); (iii) limitations on retention and the amount of personal information processed; (iv) additional requirements pertaining to sensitive information (such as health data); (v) data breach notification requirements to: (x) supervisory authorities without undue delay (and no later than 72 hours where feasible) after becoming aware of the breach, unless the breach is unlikely to result in a risk to the data subjects' rights and freedoms; and/or (y) concerned individuals where the breach is likely to result in a high risk to their rights and freedoms; (vi) requirements to process personal information lawfully including specific requirements for obtaining valid consent from data subjects where consent is the lawful basis for processing; (vii) obligations to consider data protection as any new products or services are developed and designed; and (viii) accountability and transparency requirements, which require controllers to demonstrate and record compliance with the GDPR and to provide more detailed information to data subjects(such as clinical trial subjects and investigators) regarding processing. The GDPR also provides that EU Member States and the UK (as applicable) may introduce further laws and regulations limiting the processing of genetic, biometric, or health data, which could limit our ability to collect, use and share personal information subject to the GDPR, cause our compliance costs to increase, require us to change our practices, adversely impact our business, and harm our financial condition. In addition, the EU GDPR also prohibits the transfer of personal information from the EEA to countries that the European Commission does not recognize as having an "adequate" level of data protection unless the parties to the transfer have implemented specific safeguards to protect the transferred personal information. Data protection laws in the UK (as discussed below) and Switzerland impose similar restrictions. One of the primary safeguards allowing U.S. companies to import personal information from the EU and Switzerland had historically been certification to the EU-U.S. Privacy Shield framework, which is administered by the U.S. Department of Commerce, and Swiss-U.S. Privacy Shield framework respectively. However, the EU-U.S. Privacy Shield framework was invalidated as a mechanism to legitimize international transfers in July 2020 in the "Schrems II" decision handed down by the Court of Justice of the EU and imposed further restrictions on the use of standard contractual clauses (SCCs). The Schrems II decision also led to a requirement for companies to carry out a transfer impact assessment (TIA) which, among other things, assess laws governing access to personal information in the recipient country and considers whether supplementary measures that provide privacy protections additional to those under the EU SCCs will need to be implemented to ensure an "essentially equivalent" level of data protection to that afforded in the EU. Similarly, the Swiss-U.S. Privacy Shield framework was declared as inadequate by the Swiss Federal Data Protection and Information Commissioner in light of the Schrems II decision. On October 7, 2022, the U.S. President introduced an Executive Order to facilitate a new Trans-Atlantic Data Privacy Framework (DPF), and on July 10, 2023, the EC adopted its Final Implementing Decision granting the U.S. adequacy (Adequacy Decision) for EU-U.S. transfers of personal information for companies that self-certify to the DPF. Entities relying on EU SCCs for transfer to the U.S. are also able to rely on the analysis in the Adequacy Decision as support for their TIA regarding the equivalence of U.S. national security safeguards and redress. However, any transfers by us or our vendors of personal information subject to the EU GDPR may not comply with European data protection law, may increase our exposure to the EU GDPR's heightened sanctions for violations of its cross-border data transfer restrictions, and may reduce demand from companies subject to European data protection laws. Complying with the GDPR involves rigorous and time-intensive processes that may cause us to incur certain operational costs and/or require us to change our business practices. There may also be a risk that the measures will not be implemented correctly or that individuals within the business will not be fully compliant with the required procedures. If there are breaches of these measures, we could face significant administrative and monetary sanctions as well as reputational damage which may have a material adverse effect on our operations, financial condition and prospects. Assisting our customers, partners, and vendors in complying with the GDPR, or complying with the GDPR ourselves, may cause us to incur substantial operational costs or require us to change our business practices. There may also be a risk that the measures will not be implemented correctly or that individuals within the business will not be fully compliant with the required procedures. There is a risk that we could be impacted by a cybersecurity incident that results in loss or unauthorized disclosure of personal information, potentially resulting in us facing harms similar to those described above. Companies that must comply with the GDPR face increased compliance obligations and risk, including more robust regulatory enforcement of data protection requirements, potential significant fines for non-compliance of up to the greater of €20 million (under the EU GDPR) or £17.5 million (under the UK GDPR) or 4% of consolidated annual global turnover and restrictions or prohibitions on data processing. The GDPR identifies a list of points to consider when determining the level of fines to impose (including the nature, gravity and duration of the infringement). The GDPR also confers a private right of action on data subjects and consumer associations to lodge complaints with supervisory authorities, seek judicial remedies and obtain compensation for damages resulting from violations of the GDPR. The UK GDPR also imposes similar restrictions on transfers of personal information from the UK to jurisdictions that the UK Government does not consider "adequate", including the U.S. It should also be noted that the UK Government has published its own form of EU SCCs known as the UK International Data Transfer Agreement together with an International Data Transfer Addendum to the new EU SCCs. The UK Information Commissioner's Office (ICO) has also published its version of the TIA and guidance on international transfers, although entities may choose to adopt either the EU or UK style TIA. Further, on September 21, 2023, the UK Secretary of State of Science, Innovation and Technology established a UK-U.S. data bridge (i.e., a UK equivalent of the Adequacy Decision) and adopted UK regulations to implement the UK-U.S. data bridge ("UK Adequacy Regulations"). Personal information may now be transferred from the UK under the UK-U.S. data bridge through the UK extension to the DPF to organizations self-certified under the UK extension to DPF. Other countries outside of Europe and the UK continue to enact or are considering enacting similar cross-border data transfer restrictions and laws requiring local data residency, which could increase the cost and complexity of delivering our services and operating our business. For example, Brazil recently enacted the General Data Protection Law (Lei Geral de Proteção de Dados Pessoais or LGPD) (Law No. 13,709/2018), which broadly regulates the processing of personal information and imposes compliance obligations and penalties comparable to those of the EU GDPR and the UK GDPR. Regulation of privacy, data protection and data security has also become more stringent in the United States. HIPAA imposes requirements to protect the privacy and security of protected health information ("PHI") and to provide notification in the event of a breach of PHI. Violations of HIPAA are punishable by civil money penalties and, in some cases, criminal penalties and imprisonment. HHS' Office for Civil Rights ("OCR"), which is responsible for enforcing HIPAA, also may enter into resolution agreements requiring the payment of a civil money penalty and/or the establishment of a corrective action plan to address violations of HIPAA. Pursuant to HIPAA, HHS has adopted privacy regulations, known as the privacy rule, to govern the use and disclosure of PHI (the "Privacy Rule"). HHS has also adopted data security regulations (the "Security Rule") that require Covered Entities (including health care providers) and Business Associates to implement administrative, physical and technical safeguards to protect the integrity, confidentiality and availability of PHI that is electronically created, received, maintained or transmitted (such as between us and our affiliated practices). Numerous state and certain other federal laws protect the confidentiality of health information and other personal information, including but not limited to state medical privacy laws, state laws protecting personal information, state data breach notification laws, state genetic privacy laws, human subjects research laws and federal and state consumer protection laws. For example, the CCPA, which took effect on January 1, 2020, give California residents expanded rights to access and delete their personal information, opt out of certain personal information sharing, and receive detailed information about how their personal information is used. The CCPA provides for civil penalties for violations, as well as a private right of action for data breaches that is expected to increase data breach litigation. The CCPA may increase our compliance costs and potential liability. The CCPA was substantially expanded on January 1, 2023, when the CPRA amendments to the CCPA became fully operative. The CPRA amendments, among other things, give California residents the ability to limit use of certain sensitive personal information, further restrict the use of cross-contextual advertising, establish restrictions on the retention of personal information, expand the types of data breaches subject to the CCPA's private right of action, provide for increased penalties for CCPA violations concerning California residents under the age of 16, and establish a new California Privacy Protection Agency to implement and enforce the new law. Regulation of privacy, data protection and data security has also become more stringent in the United States, with several new laws being enacted at the state level. For instance, additional states have enacted laws related to consumer privacy, such as Colorado, Connecticut, Utah, and Virginia. While these new laws generally include exemptions for HIPAA-covered data, they add layers of complexity to compliance in the U.S. market, and could increase our compliance costs and adversely affect our business. While these laws generally include exemptions for HIPAA-covered and clinical trial data, they impact the overall privacy landscape. Multiple other states and the federal government are considering enacting similar legislation, demonstrating a strong trend towards more stringent state privacy, data protection and data security legislation in the U.S., which could increase our potential liability and adversely affect our business. Other states have passed or amended existing state privacy laws to impose enhanced privacy and cybersecurity obligations for consumer health data, such as, the Washington My Health My Data Act and Nevada's Consumer Health Data Privacy Law. For instance, Washington State passed the "My Health My Data Act" with respect to "consumer health data" which is defined as "personal information that is linked or reasonably linkable to a consumer and that identifies a consumer's past, present, or future physical or mental health" and which will go into effect in 2024 with additional privacy rights and compliance obligations. Lawmakers and regulatory bodies at the federal level have been considering more detailed regulation regarding these subjects and the privacy and security of personal information. For example, the FTC recently published an advance notice of proposed rulemaking on "commercial surveillance" and data security, and is seeking comment on whether it should implement new trade regulation rules or other regulatory alternatives concerning the ways in which companies (1) collect, aggregate, protect, use, analyze, and retain consumer data, as well as (2) transfer, share, sell, or otherwise monetize that data in ways that are unfair or deceptive. The FTC's rulemaking may create change throughout the economy and broader data ecosystem. The FTC has also been active with respect to enforcement of its Health Breach Notification Rule and in scrutinizing the use and disclosure of sensitive personal information. Additionally, the OCR has issued a Notice of Proposed Rulemaking, which propose a number of changes to the HIPAA Privacy Rule, with updates to the HIPAA Privacy Rule expected in 2024. The Federal Trade Commission (FTC) has authority under Section 5 of the FTC Act to regulate unfair or deceptive practices, and has used this authority to initiate enforcement actions against companies that implement inadequate controls around privacy and information security in violation of their externally facing policies. The FTC has recently brought several cases alleging violations of Section 5 of the FTC Act with respect to health information, and has proposed rulemaking on privacy and data security. Compliance with applicable U.S. and foreign privacy, data protection, and data security laws and regulations may result in government investigations or cause us to incur substantial costs or require us to change our business practices and compliance procedures in a manner adverse to our business. Moreover, complying with these various laws could require us to take on more onerous obligations in our contracts, restrict our ability to collect, use and disclose data, or in some cases, impact our ability to operate in certain jurisdictions. Failure to comply with U.S. and foreign privacy, data protection, and data security laws and regulations could result in government investigations or enforcement actions (which could include civil or criminal penalties), private litigation, claims, or public statements against us and/or adverse publicity and could negatively affect our operating results and business. Claims that we have violated individuals' privacy rights, failed to comply with privacy, data protection, and data security laws, or breached our contractual obligations, even if we are not found liable, could be expensive and time consuming to defend, could result in adverse publicity and could have a material adverse effect on our business, reputation, financial performance and business, and operations. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations and policies that are applicable to the business of our customers may limit the adoption and use of, and reduce the overall demand for, our products and services.

In April 2023, the EC published proposals to revise the existing European legislation on medicinal products (EU Pharma Law Review). The revisions consist of two proposals, a new directive and a new regulation (EU Pharma Law Proposal) that would amend and/or repeal and replace the relevant legislation concerning medicinal products for human use, including legislation concerning orphan medicinal products and medicinal products for pediatric use. The EU pharma Law Review could have a significant impact on the designation of and incentives offered to orphan medicinal products in the EU. If adopted in current form, the EU Pharma Law Proposal would introduce the possibility for the Commission, by way of delegated acts, to derogate from the current prevalence criterion, and introduce specific criteria for certain conditions, due to the characteristics of such conditions or other scientific reasons. The EU Pharma Law Proposal also proposes changes to the current orphan market exclusivity (OME) approach. If adopted in the current form, the EU Pharma Law Proposal would in most cases reduce the duration of the OME and replace the current system of separate OME periods for each new indication with a system with a single OME period for each active substance.

Changes to regulations, recommendations or other guidelines advocating alternative therapies for the indications we treat could result in decreased use of our products. For example, although treatment with EBV-specific T cells is recognized as a recommended treatment for persistent or progressive EBV+ PTLD as set forth in the National Comprehensive Cancer Network Guidelines, future guidelines from governmental agencies, professional societies, practice management groups, private health/science foundations and other organizations could lead to decreased ability to develop our product candidates, or decreased use of our products once approved by applicable regulatory authorities.

Even if we, or our partners obtain regulatory approval for a product candidate, it would be subject to ongoing requirements by the FDA and comparable foreign regulatory authorities governing the manufacture, quality control, further development, labeling, packaging, storage, distribution, adverse event reporting, safety surveillance, import, export, advertising, promotion, recordkeeping and reporting of safety and other post-marketing information. These requirements include submissions of safety and other post-marketing information and reports, registration, as well as continued compliance by us and/or our CMOs and CROs for any post-approval clinical studies that we conduct. They also include any post-approval requirements or commitments imposed by FDA or comparable foreign regulatory authorities as a condition of approval, or any risk evaluation or mitigation strategies (REMS), if applicable. The safety profile of any product will continue to be closely monitored by the FDA and comparable foreign regulatory authorities after approval. If the FDA or comparable foreign regulatory authorities become aware of new safety information after approval of any of our product candidates, they may require labeling changes or establishment of a risk evaluation and mitigation strategy, impose significant restrictions on a product's indicated uses or marketing or impose ongoing requirements for potentially costly post-approval studies or post-market surveillance. In addition, manufacturers of drug products and their facilities are subject to initial and continual review and periodic inspections by the FDA and other regulatory authorities for compliance with current cGMP, current GCP, current cGTP and other regulations. If we or a regulatory agency discover previously unknown problems with a product, such as adverse events of unanticipated severity or frequency, or problems with the facility where the product is manufactured, a regulatory agency may impose restrictions on that product, the manufacturing facility or us, including requiring recall or withdrawal of the product from the market or suspension of manufacturing. If we, our products, product candidates, or the manufacturing facilities for our products or product candidates fail to comply with applicable regulatory requirements, a regulatory agency may: - issue warning letters or untitled letters;- mandate modifications to promotional materials or require us to provide corrective information to healthcare practitioners;- require us or our partners to enter into a consent decree, which can include imposition of various fines, reimbursements for inspection costs, required due dates for specific actions and penalties for noncompliance;- seek an injunction or impose civil or criminal penalties or monetary fines;- suspend, withdraw or modify regulatory approval;- suspend or modify any ongoing clinical studies;- refuse to approve pending applications or supplements to applications filed by us;- suspend or impose restrictions on operations, including costly new manufacturing requirements; or - seize or detain products, refuse to permit the import or export of products, require us to withdraw product from the market, or require us to initiate a product recall. The occurrence of any event or penalty described above may also generate negative publicity or inhibit our ability to successfully commercialize our products. Advertising and promotion of any product candidate that obtains approval in the U.S. will be heavily scrutinized by the FDA, the Department of Justice (DOJ), the Office of Inspector General of the Department of Health and Human Services (HHS), state attorneys general, members of the U.S. Congress and the public. Additionally, advertising and promotion of any product candidate that obtains approval outside of the U.S. will be heavily scrutinized by comparable foreign entities and stakeholders. For example, a company may not promote "off-label" uses for its drug products. An off-label use is the use of a product for an indication that is not described in the product's FDA-approved label in the U.S. or for uses in other jurisdictions that differ from those approved by the applicable regulatory agencies. Physicians, on the other hand, may prescribe products for off-label uses. Although the FDA and other regulatory agencies do not regulate a physician's choice of drug treatment made in the physician's independent medical judgment, they do restrict promotional communications from companies or their sales force with respect to off-label uses of products for which marketing clearance has not been issued. However, companies may share truthful and not misleading information that is otherwise consistent with a product's FDA approved labeling. Violations, including actual or alleged promotion of our products for unapproved or off-label uses, are subject to enforcement letters, inquiries and investigations, and civil and criminal sanctions by the FDA or comparable foreign bodies. Any actual or alleged failure to comply with labeling and promotion requirements may result in fines, warning letters, mandates to corrective information to healthcare practitioners, injunctions, or civil or criminal penalties.

In addition to regulations in the U.S., to market and sell our products in the EU, the UK, many Asian countries and other jurisdictions, we, or our current or future commercialization partners, must obtain separate regulatory approvals and comply with numerous and varying regulatory requirements, both from a clinical and manufacturing perspective. The approval procedure varies among countries and can involve additional testing. The time required to obtain approval may differ substantially from that required to obtain FDA approval. The regulatory approval process outside the U.S. generally includes all of the risks associated with obtaining FDA approval and may include additional risks. Clinical studies accepted in one country may not be accepted by regulatory authorities in other countries. In addition, many countries outside the U.S. require that a product be approved for reimbursement before it can be approved for sale in that country. A product candidate that has been approved for sale in a particular country may not receive reimbursement approval in that country. We or our partners may not be able to obtain approvals from regulatory authorities or payor authorities outside the U.S. on a timely basis, if at all. Approval by a regulatory agency or payor does not ensure approval by any other regulatory or payor authorities in other countries or jurisdictions. We may not be able to file for regulatory approvals and may not receive necessary approvals to commercialize our products in any market. If we or our partners are unable to obtain approval of any of our product candidates by regulatory or payor authorities in the US, EU, the UK, Asia or elsewhere, the commercial prospects of that product candidate may be significantly diminished.

We may seek fast track designation for one or more of our future product candidates. If a drug or biological product is intended for the treatment of a serious or life-threatening disease or condition and it demonstrates the potential to address unmet medical needs for such a disease or condition, the drug sponsor may apply for FDA fast track designation for a particular indication. We may seek fast track designation for our product candidates, but there is no assurance that the FDA will grant this designation to any of our proposed product candidates. Marketing applications submitted by sponsors of products in fast track development may qualify for priority review under the policies and procedures offered by the FDA, but the fast track designation does not assure any such qualification or ultimate marketing licensure by the FDA. The FDA has broad discretion whether or not to grant fast track designation, so even if we believe a particular product candidate is eligible for this designation, there can be no assurance that the FDA would decide to grant it. Even if we do receive fast track designation, we may not experience a faster development process, review or licensure compared to conventional FDA procedures or pathways and receiving a fast track designation does not provide assurance of ultimate FDA licensure. In addition, the FDA may withdraw fast track designation at any time, including if it believes that the designation is no longer supported by data from our clinical development program.

Although we have obtained BTD for tab-cel in the U.S. for treatment of patients with EBV+ PTLD who have failed rituximab, these designations may not lead to faster development or regulatory review and does not increase our likelihood of success. A breakthrough therapy is defined as a drug or biologic that is intended, alone or in combination with one or more other drugs or biologics, to treat a serious or life-threatening disease or condition and preliminary clinical evidence indicates that the drug, or biologic in our case, may demonstrate substantial improvement over existing therapies on one or more clinically significant endpoints, such as substantial treatment effects observed early in clinical development. For product candidates that have been designated as breakthrough therapies, interaction and communication between the FDA and the sponsor of the study can help to identify the most efficient path for clinical development while minimizing the number of patients placed in ineffective control regimens. Biologics designated as breakthrough therapies by the FDA may also be eligible for other expedited review programs, such as priority review. Based on our BTD, we may pursue a rolling submission strategy for our BLA for tab-cel for EBV+ PTLD in the U.S. While a rolling review process may provide the opportunity for ongoing communications with and feedback from the FDA, it may not result in a faster timeline to marketing approval and has no bearing on whether or not tab-cel is ultimately approved. The FDA may raise issues and pose questions to us that may delay the initiation and completion of our BLA submission, acceptance of the complete BLA for filing, and approval of the BLA. We may not be able to provide a satisfactory or a timely response to FDA questions or we may not be able to gather the required data to prepare our BLA submissions as we plan. If we are unable to address all questions or concerns that the FDA may raise or if we do not have timely access to the data required for the preparation of the BLA, we may not be able to initiate and complete our BLA in a timely manner and ultimately receive FDA approval. In addition, even if we submit our BLA under the rolling review process, the FDA may decide not to review portions of our BLA under the rolling review process until the submission is deemed to be complete. PRIME designation supports the development and accelerated review by the EMA of new therapies to treat patients with unmet medical need. Despite this designation and the associated opportunity for accelerated assessment, the EMA may decide that additional time is needed for the MAA review and convert the MAA to a standard review timeline. For example, the EMA converted the tab-cel MAA review timeline from accelerated to standard. Designation as a breakthrough therapy is at the discretion of the FDA, and access to PRIME is at the discretion of the EMA. Receipt of a BTD or PRIME designation for a product candidate may not result in a faster development process, review or approval compared to drugs considered for approval under non-expedited FDA or EMA review procedures and does not assure ultimate approval by either the FDA or EMA. In addition, the FDA or EMA, respectively, may later decide that the product no longer meets the conditions for qualification and rescind the BTD or PRIME designation or decide that the time period for FDA or EMA, respectively, review or approval will not be shortened. For example, in June 2022, FDA published a draft guidance document outlining considerations for the FDA in rescinding BTD for products that no longer meet the requirements for that designation.

From time to time, we or our partners may announce or share with regulatory authorities interim "top line" or preliminary data from clinical studies. Interim data from clinical studies are subject to the risk that one or more of the clinical outcomes may materially change as patient enrollment continues and more patient data become available. Preliminary or "top line" data also remain subject to audit and verification procedures that may result in the final data being materially different from the preliminary data previously announced. As a result, interim and preliminary data should be viewed with caution until the final data are available. Adverse differences between preliminary or interim data and final data could impact the regulatory approval of, and significantly harm the prospects of any product candidate that is impacted by the applicable data.

The research and development and process and analytical development labs within ARC and our facility in Aurora, Colorado, currently support our preclinical and mid/late development activities. Product-specific qualification to support clinical development and commercial production qualification activities are ongoing for product candidates at our CMOs' facilities. If the appropriate regulatory approvals for manufacturing product candidates at our CMOs' facilities are delayed, we may not be able to manufacture sufficient quantities of our product candidates, which would limit our development activities and our opportunities for growth. In addition to the similar manufacturing risks described in "Risks Related to Our Dependence on Third Parties," our facilities, and our CMOs' facilities, will be subject to ongoing, periodic inspection by the FDA, EMA or other comparable regulatory agencies to ensure compliance with cGMP and GTP. Our, or our partner's, failure to follow and document adherence to these regulations or other regulatory requirements may lead to significant delays in the availability of products for clinical or, in the future, commercial use, may result in the termination of or a hold on a clinical study, or may delay or prevent filing or approval of commercial marketing applications for our product candidates. We also may encounter problems with the following: - achieving adequate inventory of clinical-grade materials that meet regulatory agency standards or specifications with consistent and acceptable production yield and costs;- shortages of qualified personnel, raw materials or key contractors; and - achieving and maintaining ongoing compliance with cGMP regulations and other requirements of the FDA, EMA or other comparable regulatory agencies. Failure to comply with applicable regulations could also result in sanctions being imposed on us, including fines, injunctions, civil penalties, a requirement to suspend or put on hold one or more of our clinical studies, failure of regulatory authorities to grant marketing approval of our product candidates, delays, suspension or withdrawal of approvals, license revocation, seizures or recalls of product candidates, operating restrictions and criminal prosecutions, any of which could harm our business. Developing advanced manufacturing techniques and process controls is costly, time consuming and is required to fully utilize our or our CMOs' facilities. Failure to advance manufacturing techniques and process controls could lead to a delay in obtaining approval for our product candidates. Without further investment, advances in manufacturing techniques may render the facilities and equipment that manufacture our product candidates inadequate or obsolete. A number of the product candidates in our portfolio, if approved by applicable regulatory authorities, may require significant commercial supply to meet market demand. In these cases, we may need to increase, or "scale up," the production process by a significant factor over the initial level of production. If we are unable to do so, are delayed, or if the cost of this scale up is not economically feasible for us or we cannot find a third party supplier, we may not be able to produce our product candidates in sufficient quantities to meet future demand.

Our future success is dependent on the successful development and commercialization of T-cell immunotherapies and our next-generation CAR T programs in general and our development product candidates in particular. Because these programs, particularly our pipeline of allogeneic T-cell product and product candidates that are bioengineered from donors, represent a new approach to immunotherapy for the treatment of cancer and other diseases, developing and commercializing our product candidates subject us to a number of challenges, including: - obtaining regulatory approval from the FDA and other regulatory authorities, which have limited experience with regulating the development and commercialization of T-cell immunotherapies, particularly allogeneic T-cell products and product candidates;- developing and deploying consistent and reliable processes for procuring blood from consenting third party donors, isolating T cells from the blood of such donors, activating the isolated T cells against a specific antigen, characterizing and storing the resulting activated T cells for future therapeutic use, selecting and delivering a sufficient supply and breadth of appropriate partially HLA-matched cell line from among the available T-cell lines, and finally infusing these activated T cells into patients;- utilizing these product candidates in combination with other therapies (e.g., immunomodulatory approaches such as checkpoint inhibitors), which may increase the risk of adverse side effects;- educating medical personnel regarding the potential side effect profile of our product and each of our product candidates, particularly those that may be unique to our allogeneic T-cell product and product candidates and to our next-generation CAR T programs;- understanding and addressing variability in the quality of a donor's T cells, which could ultimately affect our ability to manufacture products and product candidates in a reliable and consistent manner;- developing processes for the safe administration of these product and product candidates, including long-term follow-up and registries, for all patients who receive these product candidates;- establishing or making arrangements with third party manufacturers to manufacture, or manufacturing on our own, product and product candidates to our specifications and in a timely manner to support our clinical studies and, if approved, commercialization;- sourcing clinical and, if approved by applicable regulatory authorities, commercial supplies for the materials used to manufacture and process these product and product candidates that are free from viruses and other pathogens that may increase the risk of adverse side effects;- developing a manufacturing process and distribution network that can provide a stable supply with a cost of goods that allows for an attractive return on investment;- establishing favorable terms with commercialization partners that possess appropriate sales and marketing capabilities ahead of and after obtaining any regulatory approval to gain market acceptance, and obtaining adequate coverage, reimbursement and pricing by third party payors and government authorities; and - developing therapies for types of diseases beyond those initially addressed by our current product and product candidates. We cannot be sure that the manufacturing processes used in connection with our T-cell immunotherapy product and product candidates will yield a sufficient supply of satisfactory products that are stable, safe, pure, and potent, or comparable to those T cells historically produced by our partners, be scalable or profitable. Moreover, actual or perceived safety issues, including adoption of new therapeutics or novel approaches to treatment, may adversely influence the willingness of subjects to participate in clinical studies, or, if one of our product candidates is approved by applicable regulatory authorities, of physicians to subscribe to the novel treatment mechanics or of patients to provide consent to receive a novel treatment despite its regulatory approval. The FDA or other applicable regulatory authorities may require specific post-market studies or additional information that communicates the benefits or risks of our products. New data may reveal new risks of our product candidates at any time prior to or after regulatory approval. The FDA may also modify or enhance trial requirements which may affect enrollment. In August 2023, the FDA published a guidance document, Informed Consent, Guidance for IRBs, Clinical Investigators, and Sponsors, which supersedes past guidance and finalizes draft guidance on informed consent. The FDA's new guidance presents evolving requirements for informed consent which may affect recruitment and retention of patients in clinical trials. Effects on recruitment and retention of patients may hinder or delay a clinical trial and could cause a significant setback to an applicable program. Physicians, hospitals and third party payors often are slow to utilize new products, technologies and treatment practices that require additional upfront costs and training. Physicians may not be willing to undergo training on this novel therapy, may decide the therapy is too complex to adopt without appropriate training or not cost-efficient, and may choose not to administer the therapy. Based on these and other factors, hospitals and payors may decide that the benefits of this new therapy do not or will not outweigh its costs.

Undesirable side effects caused by our product and product candidates, their delivery methods or dosage levels could cause us or regulatory authorities to interrupt, delay or halt clinical studies and could result in a more restrictive label or the delay or denial of regulatory approval by the FDA or other comparable foreign regulatory authority. As a result of safety or toxicity issues that we or our partners may experience in our clinical studies, we or our partners may not receive approval to market any product candidates, which could prevent us from ever generating product or royalty revenues for such product candidates or achieving profitability. Results of our studies could reveal an unacceptably high severity and incidence of side effects, or risks that outweigh the benefits of our product and product candidates. In such an event, our studies could be suspended or terminated, and the FDA or comparable foreign regulatory authorities could order us to cease further development of or deny approval of our product candidates for any or all targeted indications. The drug-related side effects could affect patient recruitment or the ability of enrolled subjects to complete the study or result in potential product liability claims. Additionally, if any of our product candidates receives regulatory approval, and we or others later identify undesirable side effects caused by such product, a number of potentially significant negative consequences could result, including that: - we may be forced to suspend marketing of that product;- regulatory authorities, IRBs, or other clinical trial oversight bodies may place a hold on any ongoing clinical trials;- regulatory authorities may withdraw or change their approvals of that product;- regulatory authorities may require additional warnings on the label or limit access of that product to selective specialized centers with additional safety reporting and with requirements that patients be geographically close to these centers for all or part of their treatment;- we may be required to conduct post-marketing studies;- we may be required to change the way the product is administered;- we could be sued and held liable for harm caused to subjects or patients;- our products may be seized, or we may be required to recall our products;- our products may become less competitive in the marketplace; and - our reputation may suffer. Any of these events could diminish the usage or otherwise limit the commercial success of our product and product candidates and prevent us from achieving or maintaining market acceptance of the affected product candidate, if approved by applicable regulatory authorities.

Clinical testing is expensive and can take many years to complete, and its outcome is inherently uncertain. Failure can occur at any time during the clinical study process. Product candidates in later stages of clinical studies may fail to show the desired safety and efficacy traits despite having progressed through preclinical and clinical studies. We may experience delays in our ongoing or future clinical studies and we do not know whether clinical studies will begin or enroll subjects on time, will need to be redesigned or will be completed on schedule, if at all. There can be no assurance that the FDA or comparable foreign regulatory authorities will not put clinical studies of any of our product candidates on clinical hold in the future. Clinical studies may be delayed, suspended or prematurely terminated for a variety of reasons, such as: - delays in enrollment due to travel, shelter-in-place or quarantine policies, or other factors, related to the COVID-19 pandemic or other epidemics or pandemics;- delay or failure in reaching agreement with the FDA or a comparable foreign regulatory authority on a study design that we are able to execute;- delay or failure in obtaining authorization to commence a study or inability to comply with conditions imposed by a regulatory authority regarding the scope or design of a study;- delay or failure in reaching agreement on acceptable terms with prospective contract research organizations (CROs) and clinical study sites, the terms of which can be subject to extensive negotiation and may vary significantly among different CROs and study sites;- delay or failure in obtaining institutional review board (IRB) approval or the approval of other reviewing entities, including comparable foreign regulatory authorities, to conduct a clinical study at each site;- withdrawal of clinical study sites from our clinical studies or the ineligibility of a site to participate in our clinical studies;- delay or failure in recruiting and enrolling eligible subjects to participate in a study;- delay or failure in subjects completing a study or returning for post-treatment follow-up;- clinical sites and investigators deviating from study protocol, failing to conduct the study in accordance with regulatory requirements, or dropping out of a study;- an FDA or other regulatory authority clinical site inspection reveals serious violations of regulations applicable to clinical investigations, which may result in requests for additional data analyses and/or rejection of data deemed unreliable;- inability to identify and maintain a sufficient number of study sites, including because potential study sites may already be engaged in competing clinical study programs enrolling the same population;- failure of our third-party clinical study managers to satisfy their contractual duties, meet expected deadlines or return trustworthy data;- delay or failure in adding new study sites;- interim results or data that are ambiguous or negative or are inconsistent with earlier results or data;- feedback from the FDA, the IRB, data safety monitoring boards or comparable foreign authorities, or results from earlier stage or concurrent preclinical and clinical studies, that might require modification to the protocol for a study;- a decision by the FDA, the IRB, comparable foreign authorities, or us, or a recommendation by a data safety monitoring board or comparable foreign authority, to suspend or terminate clinical studies for non-compliance with regulatory requirements, safety issues, including a finding that our product candidates have undesirable side effects or other unexpected characteristics, or a finding that the participants are being exposed to unacceptable health risk, or for any other reason;- unacceptable benefit/risk profile, unforeseen safety issues or adverse side effects;- failure to demonstrate a benefit from using a product candidate;- difficulties in manufacturing or obtaining from third parties sufficient quantities and breadth of appropriate partially HLA matched cell lines from among the available T-cell lines to start or to use in clinical studies;- lack of adequate funding to continue a study, including the incurrence of unforeseen costs due to enrollment delays, requirements to conduct additional studies or increased expenses associated with the services of our CROs and other third parties; or - changes in governmental regulations or administrative actions or lack of adequate funding to continue a clinical study. Patient enrollment, a significant factor in the timing of clinical studies, is affected by many factors including: - the size and nature of the patient population;- the possibility that the rare diseases that many of our product candidates address are under-diagnosed;- changing medical practice patterns or guidelines related to the diseases or conditions we are investigating;- the severity of the disease under investigation;- our ability to open clinical study sites;- the proximity of subjects to clinical sites;- the patient referral practices of physicians;- the design and eligibility criteria of the clinical study;- ability to obtain and maintain patient consents;- risk that enrolled subjects will drop out or die before completion;- competition for patients from other clinical studies;- our or our partner's ability to manufacture the requisite materials for a study;- risk that we do not have appropriately matched HLA cell lines;- clinicians' and patients' perceptions as to the potential advantages and risks of the drug being studied in relation to other available therapies, including any new drugs that may be approved for the diseases or conditions we are investigating; and - disruptions caused by man-made or natural disasters or public health pandemics or epidemics, including, for example, the COVID-19 pandemic. As an example, we activated additional clinical sites for the ALLELE study of tab-cel over the course of 2018 and increased HLA coverage during this period. As a result, enrollment in our studies was limited in the early part of 2018 and increased through the course of the year as we increased clinical sites and HLA coverage. However, in May 2019, we announced that enrollment in our Phase 3 studies of tab-cel for patients with EBV+ PTLD was proceeding slower than anticipated. Many of our product candidates are designed to treat rare diseases, and as a result, the pool of potential patients with respect to a given disease is small. We may not be able to initiate or continue to support clinical studies of tab-cel or any other product candidates if we are unable to locate and enroll a sufficient number of eligible participants in these studies as required by the FDA or other regulatory authorities. We experienced some transient delays in clinical trial site initiation and patient enrollment in certain of our clinical trials, including our ALLELE study, as a result of the COVID-19 pandemic. Even if we are able to enroll a sufficient number of patients in our clinical studies, if the pace of enrollment is slower than we expect, the development costs for our product candidates may increase and the completion of our studies may be delayed or our studies could become too expensive to complete. We rely on CROs, other vendors and clinical study sites to ensure the proper and timely conduct of our clinical studies, and while we have agreements governing their committed activities, we have limited influence over their actual performance. Furthermore, these third parties may also have relationships with other entities, some of which may be our competitors. Reliance on CROs entails risks to which we would not be subject if we conducted our clinical studies ourselves, including reliance on the CRO for clinical site initiation and monitoring, the possibility that the CRO does not maintain the financial resources to meet its obligations under our agreements, the possibility of breach of these agreements by the CRO because of factors beyond our control, including a failure to properly perform their obligations under these agreements, and the possibility of termination or non-renewal of the agreements by the CROs, based on their own business priorities, at a time that is costly or damaging to us. Our reliance on these third parties for research and development activities will reduce our control over these activities but will not relieve us of our regulatory responsibilities. For example, we will remain responsible for ensuring that each of our clinical trials is conducted in accordance with the general investigational plan, study protocols for the trial, statistical analysis plan and other study-specific documents (for example, monitoring and blinding plans). Moreover, the FDA requires us to comply with standards, commonly referred to as Good Clinical Practice (GCP), International Council for Harmonization of Technical Requirements for Pharmaceuticals for Human Use, or ICH, guidelines, and regulations regarding the informed consent process, safety reporting requirements, data collection guidelines, and other regulations for conducting, recording and reporting the results of clinical trials to assure that data and reported results are credible and accurate and that the rights, integrity and confidentiality of trial participants are protected. The EMA also requires us to comply with similar standards. Regulatory authorities enforce these GCP requirements through periodic inspections of trial sponsors, principal investigators and trial sites. If we or any of our CROs fail to comply with applicable GCP requirements, the clinical data generated in our clinical trials may be deemed unreliable and the FDA, EMA or comparable foreign regulatory authorities may require us to perform additional clinical trials before approving our marketing applications. We cannot assure that upon inspection by a given regulatory authority, such regulatory authority will determine that any of our clinical trials comply with GCP and other applicable regulations. In addition, our clinical trials must be conducted with product produced under applicable current Good Manufacturing Practices (cGMP) and current Good Tissue Practices (cGTP) regulations. Our failure to comply with these regulations may require us to conduct new clinical trials, which would delay the marketing approval process. We also are required to register certain ongoing clinical trials and post the results of certain completed clinical trials on a government-sponsored database, ClinicalTrials.gov, within certain timeframes. Failure to do so can result in fines, adverse publicity and civil and criminal sanctions. If we experience delays or quality issues in the conduct, completion or termination of any clinical study of our product candidates, the approval and commercial prospects of such product candidate will be harmed, and our ability to generate product revenues from such product candidate will be delayed. In addition, any delays in completing our clinical studies will increase our costs, slow down our product candidate development and approval process and jeopardize our ability to generate revenues. Any delays in completing our clinical studies for our product candidates may also decrease the period of commercial exclusivity. In addition, many of the factors that could cause a delay in the commencement or completion of clinical studies may also ultimately lead to the denial of regulatory approval of our product candidates.

Part of our business strategy is to expand our product candidate pipeline by identifying and validating new product candidates, which we may develop ourselves, in-license or otherwise acquire from others. In addition, in the event that our existing product candidates do not receive regulatory approval or are not successfully commercialized, then the success of our business will depend on our ability to expand our product pipeline through internal development, in-licensing or other acquisitions. We may be unable to identify relevant product candidates. If we do identify such product candidates, we may be unable to reach acceptable terms with any third party from which we desire to in-license or acquire them. Any product candidates we identify, acquire, in-license, develop, or manufacture may not be safe or effective for their targeted diseases, and may not receive marketing authorization in a timely manner, or at all.

In addition to seeking the protection afforded by patents, we rely on trade secret protection and confidentiality agreements to protect proprietary know-how that is not patentable or that we elect not to patent, processes for which patents are difficult to enforce, and other elements of our technology, discovery and development processes that involve proprietary know-how, information or technology that is not covered by patents. The T-cell immunotherapy product candidates and platform technology we have licensed from our partners are protected primarily as confidential know-how and trade secrets. Any disclosure to or misappropriation by third parties of our confidential proprietary information could enable competitors to quickly duplicate or surpass our technological achievements, including by enabling them to develop and commercialize products substantially similar to or competitive with our product candidates, thus eroding our competitive position in the market. Trade secrets can be difficult to protect. We seek to protect our proprietary technology and processes, in part, by entering into confidentiality agreements and invention assignment agreements with our employees, consultants, CMOs, and outside scientific advisors, contractors and collaborators. These agreements are designed to protect our proprietary information. Although we use reasonable efforts to protect our trade secrets, our employees, consultants, contractors, or outside scientific advisors might intentionally or inadvertently disclose our trade secrets or confidential, proprietary information to competitors. In addition, competitors may otherwise gain access to our trade secrets or independently develop substantially equivalent information and techniques. If any of our confidential proprietary information were to be lawfully obtained or independently developed by a competitor, we would have no right to prevent such competitor from using that technology or information to compete with us, which could harm our competitive position. Enforcing a claim that a third party illegally obtained and is using any of our trade secrets is expensive and time consuming, and the outcome is unpredictable. In addition, the laws of certain foreign countries do not protect proprietary rights such as trade secrets to the same extent or in the same manner as the laws of the U.S. Misappropriation or unauthorized disclosure of our trade secrets to third parties could impair our competitive advantage in the market and could materially adversely affect our business, results of operations and financial condition.

Third parties may infringe our patents or misappropriate or otherwise violate our intellectual property rights. Our patent applications cannot be enforced against third parties practicing the technology claimed in these applications unless and until a patent issues from the applications, and then only to the extent the issued claims cover the technology. In the future, we or our partners may elect to initiate legal proceedings to enforce or defend our or our partners' intellectual property rights, to protect our or our partners' trade secrets or to determine the validity or scope of our intellectual property rights. Any claims that we or our partners assert against perceived infringers could also provoke these parties to assert counterclaims against us or our partners alleging that we or our partners infringe their intellectual property rights or that our intellectual property rights are invalid. Interference or derivation proceedings provoked by third parties, brought by us or our partners, or brought by the USPTO or any non-U.S. patent authority may be necessary to determine the priority of inventions or matters of inventorship with respect to our patents or patent applications. We or our partners may also become involved in other proceedings, such as reexamination or opposition proceedings, inter partes review, post-grant review or other pre-issuance or post-grant proceedings in the USPTO or its foreign counterparts relating to our intellectual property or the intellectual property of others. An unfavorable outcome in any of these proceedings could require us or our partners to cease using the related technology and commercializing our product and product candidates, or to attempt to license rights to it from the prevailing party. Our business could be harmed if the prevailing party does not offer us or our partners a license on commercially reasonable terms if any license is offered at all. Even if we or our licensors obtain a license, it may be non-exclusive, thereby giving our competitors access to the same technologies licensed to us or our licensors. In addition, if the breadth or strength of protection provided by our patents and patent applications is threatened, it could dissuade companies from collaborating with us to license, develop or commercialize current or future product and product candidates. Any intellectual property proceedings can be expensive and time-consuming. Our or our partners' adversaries in these proceedings may have the ability to dedicate substantially greater resources to prosecuting these legal actions than we or our partners can. Accordingly, despite our or our partners' efforts, we or our partners may not be able to prevent third parties from infringing upon or misappropriating our intellectual property rights, particularly in countries where the laws may not protect our rights as fully as in the U.S. Even if we are successful in the relevant proceedings, we may incur substantial costs and the time and attention of our management and scientific personnel could be diverted from other activities. We could be found liable for monetary damages, including treble damages and attorneys' fees, if we are found to have willfully infringed a patent. In addition, in an infringement proceeding, a court may decide that one or more of our patents is invalid or unenforceable, in whole or in part, or may refuse to stop the other party from using the technology at issue on the grounds that our patents do not cover the technology in question. An adverse result in any litigation proceeding could put one or more of our patents at risk of being invalidated, held unenforceable or interpreted narrowly. Furthermore, because of the substantial amount of discovery required in connection with intellectual property litigation, there is a risk that some of our confidential information could be compromised by disclosure during this type of litigation. In addition, there could be public announcements of the results of hearings, motions or other interim proceedings or developments.

Filing, prosecuting, enforcing and defending patents on all of our product and product candidates in all countries throughout the world would be prohibitively expensive. Our intellectual property rights in certain countries outside the U.S. may be less extensive than those in the U.S. In addition, the laws of certain foreign countries do not protect intellectual property rights to the same extent as laws in the U.S. Consequently, we and our partners may not be able to prevent third parties from practicing our inventions in countries outside the U.S., or from selling or importing infringing products made using our inventions in and into the U.S. or other jurisdictions. Competitors may use our technologies in jurisdictions where we have not obtained patent protection or where we do not have exclusive rights under the relevant patents to develop their own products and, further, may export otherwise-infringing products to territories where we and our partners have patent protection but where enforcement is not as strong as that in the U.S. These infringing products may compete with our product and product candidates in jurisdictions where we or our partners have no issued patents or where we do not have exclusive rights under the relevant patents, or our patent claims and other intellectual property rights may not be effective or sufficient to prevent them from so competing. Many companies have encountered significant problems in protecting and defending intellectual property rights in foreign jurisdictions. The legal systems of certain countries, particularly certain developing countries, do not favor the enforcement of patents and other intellectual property protection, particularly those relating to biopharmaceuticals, which could make it difficult for us and our partners to stop the infringement of our patents or marketing of competing products in violation of our intellectual property rights generally. Proceedings to enforce our patent rights in foreign jurisdictions could result in substantial costs and divert our attention from other aspects of our business, could put our patents at risk of being invalidated or interpreted narrowly, could put our patent applications at risk of not issuing, and could provoke third parties to assert claims against us or our partners. We or our partners may not prevail in any lawsuits that we or our licensors initiate, and even if we or our licensors are successful the damages or other remedies awarded, if any, may not be commercially meaningful.

Our commercial success depends, in part, on us and our partners not infringing the patents and proprietary rights of third parties. There is a substantial amount of litigation and other adversarial proceedings, both within and outside the U.S., involving patent and other intellectual property rights in the biotechnology and pharmaceutical industries, including patent infringement lawsuits, interference or derivation proceedings, oppositions, and inter partes and post-grant review proceedings before the USPTO and non-U.S. patent offices. Numerous U.S. and non-U.S. issued patents and pending patent applications owned by third parties exist in the fields in which we are developing and may develop our product and product candidates. As the biotechnology and pharmaceutical industries expand and more patents are issued, the risk increases that our product and product candidates may be subject to claims of infringement of third parties' patent rights, as it may not always be clear to industry participants, including us, which patents cover various types of products or methods of use. The coverage of patents is subject to interpretation by the courts, and the interpretation is not always uniform or predictable. Third parties may assert infringement claims against us based on existing or future intellectual property rights, alleging that we are employing their proprietary technology without authorization. There may be third party patents or patent applications with claims to materials, formulations, methods of manufacture or methods for treatment related to the use or manufacturing of our product and product candidates that we failed to identify. For example, patent applications covering our product and product candidates could have been filed by others without our knowledge, since these applications generally remain confidential for some period of time after their filing date. Even pending patent applications that have been published, including some of which we are aware, could be later amended in a manner that could cover our product and product candidates or their use or manufacture. In addition, we may have analyzed patents or patent applications of third parties that we believe are relevant to our activities and believe that we are free to operate in relation to any of our product and product candidates, but our competitors may obtain issued claims, including in patents we consider to be unrelated, which may block our efforts or potentially result in any of our product, product candidates or our activities infringing their claims. If we or our partners are sued for patent infringement, we would need to demonstrate that our product candidates, products and methods either do not infringe the patent claims of the relevant patent or that the patent claims are invalid, and we may not be able to do this. Proving that a patent is invalid is difficult and even if we are successful in the relevant proceedings, we may incur substantial costs and the time and attention of our management and scientific personnel could be diverted from other activities. If any issued third party patents were held by a court of competent jurisdiction to cover aspects of our materials, formulations, methods of manufacture or methods for treatment, we could be forced, including by court order, to cease developing, manufacturing or commercializing the relevant product or product candidate until the relevant patent expired. Alternatively, we may desire or be required to obtain a license from such third party in order to use the infringing technology and to continue developing, manufacturing or marketing the infringing product or product candidate. However, we may not be able to obtain any required license on commercially reasonably terms, or at all. Even if we were able to obtain a license, the rights may be nonexclusive, which could result in our competitors gaining access to the same intellectual property licensed to us. We may face claims that we misappropriated the confidential information or trade secrets of a third party. If we are found to have misappropriated a third party's trade secrets, we may be prevented from further using these trade secrets, which could limit our ability to develop our product candidates. Defending against intellectual property claims could be costly and time consuming, regardless of the outcome. Thus, even if we were to ultimately prevail, or to settle before a final judgment, any litigation could burden us with substantial unanticipated costs. In addition, litigation or threatened litigation could result in significant demands on the time and attention of our management team, distracting them from the pursuit of other company business. During the course of any intellectual property litigation, there could be public announcements of the results of hearings, rulings on motions, and other interim proceedings in the litigation and these announcements may have negative impact on the perceived value of our product, product candidates, programs or intellectual property. In the event of a successful intellectual property claim against us, we may have to pay substantial damages, including treble damages and attorneys' fees if we are found to have willfully infringed a patent, or to redesign our infringing product and product candidates, which may be impossible or require substantial time and monetary expenditure. In addition to paying monetary damages, we may lose valuable intellectual property rights or personnel and the parties making claims against us may obtain injunctive or other equitable relief, which could impose limitations on the conduct of our business. We may also elect to enter into license agreements in order to settle patent infringement claims prior to litigation, and any of these license agreements may require us to pay royalties and other fees that could be significant. As a result of all of the foregoing, any actual or threatened intellectual property claim could prevent us or our partners from developing or commercializing a product or product candidate or force us to cease some aspect of our business operations.

We are exposed to the risk of employee fraud or other misconduct, including intentional failures to comply with FDA regulations or similar regulations of comparable foreign regulatory authorities, provide accurate information to the FDA or comparable foreign regulatory authorities, comply with manufacturing standards we have established, comply with federal and state healthcare fraud and abuse laws and regulations and similar laws and regulations established and enforced by comparable foreign regulatory authorities, report financial information or data accurately or disclose unauthorized activities to us. Employee misconduct could also involve the improper use of information obtained in the course of clinical studies, which could result in regulatory sanctions and serious harm to our reputation. It is not always possible to identify and deter employee misconduct, and the precautions we take to detect and prevent this activity may not be effective in controlling unknown or unmanaged risks or losses or in protecting us from governmental investigations or other actions or lawsuits stemming from a failure to be in compliance with such laws or regulations. If any such actions are instituted against us, and we are not successful in defending ourselves or asserting our rights, those actions could have a significant impact on our business and results of operations, including the imposition of significant fines or other sanctions.

We rely on our CMOs or our partners for the current production of our product and product candidates and the acquisition of materials incorporated in or used in the manufacturing or testing of our product and product candidates. Our CMOs or partners are not our employees, and except for remedies available to us under our agreements with our CMOs or partners, we cannot directly control whether or not they devote sufficient time and resources, including experienced staff, to the manufacturing of supply for our ongoing clinical, nonclinical and preclinical programs. Our CMOs for our product and product candidates will need to be prepared to undergo pre-approval inspection in connection with our regulatory filings, and we cannot be certain that we will be able to adequately support them through such inspection nor that they will successfully pass any such inspection. To meet our projected supply needs for clinical and commercial materials to support our activities through regulatory approval and commercial manufacturing of tab-cel, product candidates resulting from our next-generation CAR T programs or any other product candidates, we will need to transition the manufacturing of these materials to a CMO. Regardless of where production occurs, we will need to develop relationships with suppliers of critical starting materials or reagents, increase the scale of production and demonstrate comparability of the material produced at these facilities to the material that was previously produced. Transferring manufacturing processes, analytical methods and know-how is complex and involves review and incorporation of both documented and undocumented processes that may have evolved over time. In addition, transferring production to different facilities may require utilization of new or different processes to meet the specific requirements of a given facility. We would expect additional comparability work will also need to be conducted to support the transfer of certain manufacturing processes and process improvements. We cannot be certain that all relevant know-how and data has been adequately incorporated into the manufacturing process until the completion of studies (and the related evaluations) intended to demonstrate the comparability of material previously produced with that generated by us or our CMOs. If we or our CMOs are not able to successfully transfer and produce comparable product and product candidates, our ability to further develop and manufacture our product and product candidates may be negatively impacted. We still may need to identify additional CMOs for continued production of supply for some of our product and product candidates. Given the nature of our manufacturing processes, the number of CMOs who possess the requisite skill and capability to manufacture our T-cell immunotherapy product candidates, and the critical intermediates or reagents used to manufacture such products, are limited. We have not yet identified alternate suppliers in the event the current CMOs that we utilize are unable to scale production, or if we otherwise experience any problems with them. We rely on our CMOs and manufacturing network for the production of our product and product candidates. Our supply, and ability to maintain inventory, of these products and product candidates depends on the uninterrupted and efficient operation of these facilities, which could be adversely affected by equipment failures, failure to meet regulatory or cGMP requirements, labor or raw material shortages, public health epidemics, natural disasters, power failures, cyber-attacks and many other factors. If we encounter any manufacturing or supply chain difficulties, we may be unable to meet the demand for our products and product candidates. Manufacturing cellular therapies is complicated and tightly regulated by the FDA and comparable regulatory authorities around the world, and although alternative third party suppliers with the necessary manufacturing and regulatory expertise and facilities exist, it could be expensive and take a significant amount of time to arrange for alternative suppliers, transfer manufacturing procedures and analytical methods to these alternative suppliers, and demonstrate comparability of material produced by such new suppliers. New manufacturers of any product, product candidate or intermediate would be required to qualify under applicable regulatory requirements. These manufacturers may not be able to manufacture our product and product candidates at costs, or in sufficient quantities, or in a timely manner necessary to complete development of our product candidates or make commercially successful products. If we are unable to arrange for alternative third party manufacturing sources, or to do so on commercially reasonable terms or in a timely manner, we may not be able to complete development of our product candidates, or market or distribute them. In addition, should the FDA or comparable regulatory authorities not agree with our product candidate specifications and comparability methodologies or assessments for these materials, regulatory authorities may require that we conduct additional studies, including bridging comparability testing, and further clinical development or commercial launch of our product candidates could be substantially delayed. Reliance on third party manufacturers entails risks to which we would not be subject if we manufactured product and product candidates ourselves, including reliance on the third party for regulatory compliance and quality assurance, the possibility that the third party manufacturer does not maintain the financial resources to meet its obligations under the manufacturing agreement, the possibility of breach of the manufacturing agreement by the third party because of factors beyond our control, including a failure to manufacture our product candidates or any products we or our partners may eventually commercialize in accordance with our specifications, misappropriation of our proprietary information, including our trade secrets and know-how, the possibility that the third party does not devote sufficient time or resources to our product candidates or any products we or our partners may eventually commercialize based on its own business priorities, the possibility that the third party is acquired by another party and changes its business priorities, and the possibility of termination or nonrenewal of the agreement by the third party, based on its own business priorities, at a time that is costly or damaging to us. For example, the CRL MSA expires on March 31, 2024. While we are in active negotiations with CRL for a new commercial manufacturing agreement, there can be no assurance that we will be able to enter into a new commercial drug product supply agreement with CRL on terms favorable or acceptable to us or at all. Any delays in entering into a new commercial manufacturing agreement and/or further extension of the current CRL MSA could delay the development and commercialization of our product and product candidates, if approved. In addition, if we are unable enter into a new commercial manufacturing agreement with CRL on acceptable terms, or at all, we would have to explore other options for the manufacture of our product and product candidates, which could harm our business. If Fujifilm does not perform its obligations under the Fujifilm MSA adequately or does not devote sufficient time or resources to our product or product candidates, our operations, including the commercialization of our products, may be adversely impacted. Similarly, if CRL does not perform its obligations under the CRL MSA adequately or does not devote sufficient time or resources to our product or product candidates, our operations, including the commercialization of our products, may be adversely impacted. We also have non-cancellable minimum purchase commitments for products and services in certain of our agreements with our CMOs, if we do not fulfill such minimum purchase commitments, we will need to pay such CMOs the difference between the applicable minimum purchase commitment and our actual purchases of products and services for a given period. In addition, the FDA and other regulatory authorities require that our product candidates and any products that we or our partners may eventually commercialize be manufactured according to cGMP, cGTP and similar regulatory jurisdictional standards. These requirements include, among other things, quality control, quality assurance and the maintenance of records and documentation. The FDA or similar foreign regulatory agencies may also implement new standards at any time or change their interpretations and enforcement of existing standards for manufacture, packaging or testing of products. We have limited control over our manufacturers' compliance with these regulations and standards and although we monitor our manufacturers, we depend on them to provide honest and accurate information. Any failure by our third party manufacturers to comply with cGMP or cGTP or failure to scale up manufacturing processes, including any failure to deliver sufficient quantities of product candidates in a timely manner, could lead to a delay in, or failure to obtain, regulatory approval of any of our product candidates. In addition, such failure could be the basis for the FDA to issue a warning letter, withdraw approvals for product candidates previously granted to us, or take other regulatory or legal action, including recall or seizure of outside supplies of the product candidate, total or partial suspension of production, suspension of ongoing clinical studies, refusal to approve pending applications or supplemental applications, detention or product, refusal to permit the import or export of products, injunction or imposing civil and criminal penalties. We depend on third party suppliers and testing laboratories for key materials used to produce or test our product and product candidates. Any significant disruption in our supplier relationships could harm our business. Any significant delay in the supply of a product candidate for an ongoing clinical study could considerably delay initiation or completion of our clinical studies, product testing and potential regulatory approval of our product candidates. If raw materials or components cannot be purchased or fail to meet approved specifications, the commercial launch of our product and product candidates could be delayed, or there could be a shortage in supply, which could impair our ability to generate revenues from the sale of our product and product candidates.

Our ability to commercialize any product successfully will depend, in part, on the extent to which coverage and adequate reimbursement for these products and related treatments will be available from government health administration authorities, private health insurers and other organizations. Government authorities and third party payors, such as private health insurers and health maintenance organizations, determine which medications they will cover and establish reimbursement levels. A primary trend in the healthcare industry is cost containment. Government authorities and third party payors continue to support initiatives to control costs by limiting coverage and the amount of reimbursement for particular medications. Increasingly, third party payors are requiring that drug companies provide them with predetermined discounts from list prices and are challenging the prices charged for medical products. Third party payors may also seek additional clinical evidence, beyond the data required to obtain regulatory approval, demonstrating clinical benefits and value in specific patient populations before covering our products for those patients. We cannot be sure that coverage and adequate reimbursement will be available for any product that our partners commercialize and, if reimbursement is available, what the level of reimbursement will be. In some countries such as the U.S., greater cost-shifting from the payor to the patient is also a trend, and higher patient copayments or other administrative burdens could lead to reduced demand from patients or healthcare professionals. This could particularly be the case in a challenging economic climate. Coverage and reimbursement may impact the demand for, or the price of, any product or product candidate for which we obtain regulatory approval, and ultimately our partners' ability to successfully commercialize any product or product candidate for which we obtain regulatory approval. There may be significant delays in obtaining coverage and reimbursement for newly approved drugs, and coverage may be more limited than the purposes for which the drug is approved by the FDA or comparable foreign regulatory authorities. Moreover, eligibility for coverage and reimbursement does not imply that any drug will be paid for in all cases or at a rate that covers our costs, including research, development, manufacture, sale and distribution. Interim reimbursement levels for new drugs, if applicable, may also not be sufficient to cover our costs and may only be temporary. Reimbursement rates may vary according to the use of the drug and the clinical setting in which it is used, may be based on reimbursement levels already set for lower cost drugs and may be incorporated into existing payments for other services. Net prices for drugs may be reduced by mandatory discounts or rebates required by government healthcare programs or private payors and by any future relaxation of laws that presently restrict imports of drugs from countries where they may be sold at lower prices than in the U.S. Coverage and reimbursement policies for drug products can differ significantly from payor to payor as there is no uniform policy of coverage and reimbursement for drug products among third party payors in the U.S. Third party payors in the U.S. often rely upon Medicare coverage policy and payment limitations in setting their own reimbursement policies. The process of determining coverage and reimbursement is often time consuming and costly which will require us to provide scientific and clinical support for the use of our products to each payor separately, with no assurance that coverage or adequate reimbursement will be obtained. It is difficult to predict at this time what government authorities and third party payors will decide with respect to coverage and reimbursement for our drug products. Our partners' inability to promptly obtain coverage and profitable reimbursement rates from both government-funded and private payors for any approved products that we develop could have a material adverse effect on our operating results, our ability to raise capital needed and our overall financial condition.