Blueprint Medicines (BPMC) Risk Analysis

As part of the Inflation Reduction Act of 2022, for tax years beginning on or after December 31, 2022, U.S. Congress enacted a 1% excise tax on certain stock repurchases or similar transactions effected by publicly traded domestic corporations such as ours This tax could make stock repurchases less desirable (and therefore less likely) as compared with other possible uses of our funds, and could reduce the amount of cash available if we do determine to pursue a stock repurchase.

We commenced operations in April 2011 and we have focused substantially all of our efforts and financial resources to date on organizing and staffing our company, business planning, raising capital, establishing our intellectual property building our discovery platform, including our proprietary compound library and new target discovery engine, identifying kinase drug targets and potential drug candidates, conducting preclinical studies and clinical development for our drug candidates, commencing pre-commercial activities and the commercial launches for AYVAKIT/AYVAKYT and GAVRETO, and producing the active pharmaceutical ingredient, or API, drug substance and drug product material for use in preclinical studies and clinical trials for our drug candidates and commercial sale of our approved drugs. To date, we have financed our operations primarily through public offerings of our common stock, private placements of our convertible preferred and common stock, collaboration and license agreements, future royalty and revenue monetization, and a term loan. Through December 31, 2024, we have received an aggregate of $3.9 billion from such transactions, including $1.9 billion in aggregate gross proceeds from the sale of common stock in our initial public offering, follow on public offerings, through our "at the market" stock offering program and the equity investment by Roche, $115.1 million in gross proceeds from the issuance of convertible preferred stock, $175.0 million in gross proceeds from our Royalty Purchase Agreement with Royalty Pharma, $250.0 million in gross proceeds from our Future Revenue Purchase Agreement with Sixth Street Partners, $1.1 billion in upfront payments and milestone payments under our collaborations with CStone and Zai Lab, our now terminated collaborations with Roche, our license agreement with Clementia, our agreement with Rigel, and our former collaboration with Alexion Pharma Holding, or Alexion and $400.0 million in gross proceeds from a term loan from Sixth Street Partners. In addition, since January 2020, we also have generated revenue through sales of our drug products. Since inception, we have incurred significant operating losses. Our net loss was $67.1 million for the year ended December 31, 2024. Our net losses were $507.0 million and $557.5 million for the years ended December 31, 2023 and 2022, respectively. As of December 31, 2024, we had an accumulated deficit of $2,407.0 million. Substantially all of our operating losses have resulted from costs incurred in connection with our research and development programs and from selling, general and administrative costs associated with our operations. We expect to continue to incur significant expenses and operating losses over the next few years. We anticipate that our expenses may continue to increase in connection with our ongoing activities. Our prior losses, combined with expected future losses, have had and will continue to have an adverse effect on our stockholders' equity and working capital. We expect our research and development expenses to increase in connection with continuing our existing clinical trials and beginning additional clinical trials. In addition, we will incur significant sales, marketing and outsourced-manufacturing expenses in connection with the commercialization of any of our drugs or any drug candidates for which we may receive marketing approval. In addition, we have incurred and will continue to incur substantial costs associated with operating as a public company. Because of the numerous risks and uncertainties associated with developing pharmaceuticals, we are unable to predict the extent of any future losses or when we will become profitable, if at all. Even if we do become profitable, we may not be able to sustain or increase our profitability on a quarterly or annual basis. Our ability to become profitable depends upon our ability to generate substantial revenue. Our ability to generate substantial revenue depends on a number of factors, including, but not limited to, our ability to: - initiate and successfully complete clinical trials that meet their clinical endpoints;- initiate and successfully complete all safety studies required to obtain U.S. and foreign marketing approval for our drug candidates, including for avapritinib in additional geographies;- continue to maintain and expand commercial manufacturing capabilities or make arrangements with third-party manufacturers to ensure clinical supply and commercial manufacturing;- maintain and, if necessary, expand a sales, marketing and distribution infrastructure to commercialize AYVAKIT/AYVAKYT and any current or future drug candidates for which we obtain marketing approval;- achieve market acceptance in the medical community and with third-party payors for AYVAKIT/AYVAKYT and any current or future drug candidates for which we receive marketing approval; and - compete with companies that may have significantly greater financial resources and expertise in research and development, manufacturing, preclinical testing, conducting clinical trials, obtaining regulatory approvals and marketing approved drugs. We expect to incur significant sales and marketing costs as we commercialize AYVAKIT/AYVAKYT and commercialize any current or future drug candidates for which we receive marketing approval. Even if we initiate and successfully complete pivotal clinical trials of our drug candidates, and our drug candidates are approved for commercial sale, and despite expending these costs, our drug candidates may not be commercially successful. We may not achieve profitability soon after generating drug sales, if ever. If we are unable to generate material net cash inflows from our operations, we will not become profitable and may be unable to continue operations without continued funding.

The development and commercialization of pharmaceuticals is capital intensive. We are currently advancing multiple drug candidates and development programs through clinical and preclinical development. Our expenses may increase in connection with our ongoing activities, particularly as we continue the research and development of, initiate or continue clinical trials of, and seek marketing approval for our drug candidates, including marketing approval for avapritinib in additional geographies. In addition, we expect to incur additional significant commercialization expenses for AYVAKIT/AYVAKYT and other drug candidates, if approved, related to drug sales, marketing, manufacturing and distribution to the extent that such sales, marketing, manufacturing and distribution are not the responsibility of potential collaborators or licensors. We may also need to raise additional funds if we choose to pursue additional indications or geographies for any of our approved drugs or drug candidates or otherwise expand more rapidly than we presently anticipate. Our future capital requirements will depend on and may increase as a result of many factors, including: - the success of our commercialization efforts and market acceptance for AYVAKIT/AYVAKYT or any of our current or future drug candidates for which we receive marketing approval;- the costs of maintaining, expanding or contracting for sales, marketing and distribution capabilities in connection with commercialization of AYVAKIT/AYVAKYT and any of our current or future drug candidates for which we receive marketing approval;- the costs of securing manufacturing, packaging and labeling arrangements for development activities and commercial production, including API, drug substance and drug product material for use in preclinical studies, clinical trials, our compassionate use program and for use as commercial supply, as applicable;- the cost of purchasing quantities of agents for use in our clinical trials in connection with our efforts to develop our drugs and drug candidates, including for development as combination therapies;- the scope, progress, results and costs of drug discovery, preclinical development, laboratory testing and clinical trials for our approved drugs and drug candidates;- the costs, timing and outcome of regulatory review of marketing applications for our drug candidates, including seeking marketing approval for avapritinib in additional geographies;- the success of our collaborations with CStone, and our license agreements with Clementia, IDRx (which has recently entered into an agreement to be acquired by GSK plc) and our agreement with Rigel, as well as our ability to establish and maintain additional collaborations, partnerships or licenses on favorable terms, if at all;- the achievement of milestones or occurrence of other developments that trigger payments under our existing collaboration or license agreements, our financing agreements, or any collaboration, partnership, financing or license agreements that we may enter into in the future;- the extent to which we are obligated to reimburse, or entitled to reimbursement of, research and development, clinical or other costs under future collaboration agreements, if any;- the extent to which we acquire or in-license other approved drugs, drug candidates or technologies and the terms of any such arrangements;- the costs of preparing, filing and prosecuting patent applications, maintaining and enforcing our intellectual property rights and defending intellectual property-related claims; and - the costs of continuing to expand our operations. Accordingly, we may seek additional funding in connection with our continuing operations or business objectives. Any additional fundraising efforts may divert our management from their day-to-day activities, which may adversely affect our ability to develop and commercialize any of our approved drugs or drug candidates. We cannot guarantee that future financing will be available in sufficient amounts or on terms acceptable to us, if at all. Moreover, the terms of any financing may adversely affect the holdings or the rights of our stockholders and the issuance of additional securities, whether equity or debt, by us, or the possibility of such issuance, may cause the market price of our shares to decline. We could also be required to seek funds through collaborations, partnerships, licensing arrangements or otherwise at an earlier stage than would be desirable and we may be required to relinquish rights to some of our technologies, drugs or drug candidates or otherwise agree to terms unfavorable to us, any of which may have a material adverse effect on our business, operating results and prospects. If we are unable to obtain funding if needed on a timely basis or on attractive terms, we may be required to significantly curtail, delay or discontinue one or more of our research or development programs or the commercialization of any of our approved drugs or be unable to expand our operations or otherwise capitalize on our business opportunities, as desired, which could materially affect our business, financial condition and results of operations.

We have entered into collaborations, licenses and other agreements with CStone, VantAI, Clementia, and Rigel for the development and commercialization of several of our drugs and drug candidates, and may enter into additional collaborations, licenses and other arrangements with other third parties in the future. The success of these arrangements will depend heavily on the efforts and activities of our collaborators, licensing partners and other contracting parties. Collaborators and other contracting parties generally have significant discretion in determining the efforts and resources that they will apply to these arrangements. In some situations, we may not be able to influence our collaboration partners' decisions regarding the development and collaboration of our partnered drugs and drug candidates, and as a result, our collaboration partners may not pursue or prioritize the development and commercialization of those partnered drugs and drug candidates in a manner that is in our best interest. Disagreements between parties to a collaboration or other arrangement regarding clinical development and commercialization matters can lead to delays in the development process or commercializing the applicable drug or drug candidate and, in some cases, termination of the collaboration or other arrangement or result in litigation or arbitration, which would be time-consuming and expensive. Licensors generally have sole discretion in determining the efforts and resources that they will apply to the licensed products. Collaborations and licenses with pharmaceutical or biotechnology companies and other third parties often are terminated or allowed to expire by the other party. Any termination or expiration of our collaboration or license agreements with CStone, VantAI, Clementia or IDRx (which has recently entered into an agreement to be acquired by GSK plc), or of any future collaboration or license agreement, could adversely affect us financially or harm our business reputation. For example, in February 2023, Roche provided written notice of its election to terminate for convenience our collaboration agreement for the development and commercialization of GAVRETO worldwide, excluding the CStone Territory. The termination became effective on February 22, 2024.

Our drug candidates and the activities associated with their development and commercialization, including their design, testing, manufacture, safety, efficacy, recordkeeping, labeling, storage, approval, advertising, promotion, sale, distribution, import and export, are subject to comprehensive regulation by the FDA and other regulatory agencies in the U.S. and by comparable authorities in other countries. Before we can commercialize any of our drug candidates, we must obtain marketing approval. We expect to rely on third-party contract research organizations, or CROs, and/or regulatory consultants to assist us in filing and supporting the applications necessary to gain regulatory approvals. Securing regulatory approval requires the submission of extensive preclinical and clinical data and supporting information to the various regulatory authorities for each therapeutic indication to establish the drug candidate's safety and efficacy. Securing regulatory approval also requires the submission of information about the drug manufacturing process to, and inspection of manufacturing facilities by, the relevant regulatory authority. Should the FDA determine that an inspection is necessary for approval of a marketing application and an inspection cannot be completed during the review cycle due to restrictions on travel, the FDA has stated that it generally intends to issue a complete response letter. Further, if there is inadequate information to make a determination on the acceptability of a facility, the FDA may defer action on the application until an inspection can be completed. Our drug candidates may not be effective, may be only moderately effective or may prove to have undesirable or unintended side effects, toxicities or other characteristics that may preclude our obtaining marketing approval or prevent or limit commercial use. The process of obtaining regulatory approvals, if approval is obtained at all, both in the U.S. and abroad is expensive, may take many years if additional clinical trials are required and can vary substantially based upon a variety of factors, including the type, complexity and novelty of the drug candidates involved. Changes in marketing approval policies, interpretations or agency discretion during the development period, changes in or the enactment of additional statutes or regulations, or changes in regulatory review for each submitted new drug application, or NDA, for a drug candidate, may cause delays in the approval or rejection of an application. Moreover, the U.S. Supreme Court's July 2024 decision to overturn prior established case law giving deference to regulatory agencies' interpretations of ambiguous statutory language has introduced uncertainty regarding the extent to which the FDA's regulations, policies, and decisions may become subject to increasing legal challenges, delays, and/or changes. Additionally, the FDA and comparable authorities in other countries have substantial discretion in the approval process and may refuse to accept any application or may decide that our data are insufficient for approval and require additional preclinical, clinical or other studies. We currently have multiple marketing applications for our drug candidates under review across the world. Our drug candidates could be delayed in receiving, or fail to receive, regulatory approval for many reasons, including the following: - the FDA or comparable foreign regulatory authorities may disagree with the design or implementation of our clinical trials;- we may be unable to demonstrate to the satisfaction of the FDA or comparable foreign regulatory authorities that a drug candidate is safe and effective for its proposed indication;- the results of clinical trials may not meet the level of statistical significance required by the FDA or comparable foreign regulatory authorities for approval;- we may be unable to demonstrate that a drug candidate's clinical and other benefits outweigh its safety risks;- the FDA or comparable foreign regulatory authorities may disagree with our interpretation of data from preclinical studies or clinical trials;- the data collected from clinical trials of our drug candidates may not be sufficient to support the submission of an NDA or other submission or to obtain regulatory approval in the U.S. or elsewhere;- the FDA or comparable foreign regulatory authorities may find deficiencies with or fail to approve the manufacturing processes or facilities of third-party manufacturers with which we contract for clinical and commercial supplies; and - the approval policies or regulations of the FDA or comparable foreign regulatory authorities may significantly change in a manner rendering our clinical data insufficient for approval. In addition, even if we were to obtain approval, regulatory authorities may approve any of our drug candidates for fewer or more limited indications than we request, may not approve the price we intend to charge for our drugs, may grant approval contingent on the performance of costly post-marketing clinical trials or other post-marketing requirements, or may approve a drug candidate with a label that does not include the labeling claims necessary or desirable for the successful commercialization of that drug candidate. Additionally, the receipt of regulatory approval for one indication does not ensure the likelihood of success for regulatory approval of expanded indications for a marketed product. Any of the foregoing scenarios could materially harm the commercial prospects for our drug candidates. If we experience delays in obtaining approval or if we fail to obtain approval of our drug candidates, the commercial prospects for our approved drugs or drug candidates may be harmed and our ability to generate revenues will be materially impaired.

We participate in the Medicaid Drug Rebate program, the 340B drug pricing program, and the Department of Veterans Affairs (VA)'s Federal Supply Schedule (FSS) pricing program. Under the Medicaid Drug Rebate program, we are required to pay a rebate to each state Medicaid program for our covered outpatient drugs that are dispensed to Medicaid beneficiaries and paid for by a state Medicaid program as a condition of having federal funds being made available to the states for our drugs under Medicaid and Medicare Part B. Those rebates are based on pricing data reported by us on a monthly and quarterly basis to CMS, the federal agency that administers the Medicaid Drug Rebate program. These data include the average manufacturer price and, in the case of innovator products, the best price for each drug which, in general, represents the lowest price available from the manufacturer to any entity in the U.S. in any pricing structure, calculated to include all sales and associated rebates, discounts and other price concessions. Our failure to comply with these price reporting and rebate payment obligations could negatively impact our financial results. The ACA made significant changes to the Medicaid Drug Rebate program. CMS issued a final regulation, which became effective on April 1, 2016, to implement the changes to the Medicaid Drug Rebate program under the ACA. The issuance of the final regulation has increased and will continue to increase our costs and the complexity of compliance, has been and will continue to be time-consuming to implement, and could have a material adverse effect on our results of operations, particularly if CMS challenges the approach we take in our implementation of the final regulation. Federal law requires that any company that participates in the Medicaid Drug Rebate program also participate in the Public Health Service's 340B drug pricing program in order for federal funds to be available for the manufacturer's drugs under Medicaid and Medicare Part B. The 340B program requires participating manufacturers to agree to charge statutorily defined covered entities no more than the 340B "ceiling price" for the manufacturer's covered outpatient drugs. These 340B covered entities include a variety of community health clinics and other entities that receive health services grants from the Public Health Service, as well as hospitals that serve a disproportionate share of low-income patients. The 340B ceiling price is calculated using a statutory formula based on the average manufacturer price and Medicaid rebate amount for the covered outpatient drug as calculated under the Medicaid Drug Rebate program, and in general, products subject to Medicaid price reporting and rebate liability are also subject to the 340B ceiling price calculation and discount requirement. Any additional future changes to the definition of average manufacturer price and the Medicaid rebate amount under the ACA, other legislation, or in regulation could affect our 340B ceiling price calculations and negatively impact our results of operations. The Health Resources and Services Administration, or HRSA, which administers the 340B program, issued a final regulation regarding the calculation of the 340B ceiling price and the imposition of civil monetary penalties on manufacturers that knowingly and intentionally overcharge covered entities, which became effective on January 1, 2019. We also are required to report our 340B ceiling prices to HRSA on a quarterly basis. Implementation of the civil monetary penalties regulation and the issuance of any other final regulations and guidance could affect our obligations under the 340B program in ways we cannot anticipate. In addition, legislation may be introduced that, if passed, would further expand the 340B program to additional covered entities or would require participating manufacturers to agree to provide 340B discounted pricing on drugs used in the inpatient setting. Pricing and rebate calculations vary across products and programs, are complex, and are often subject to interpretation by us, governmental or regulatory agencies and the courts. In the case of our Medicaid pricing data, if we become aware that our reporting for a prior quarter was incorrect, or has changed as a result of recalculation of the pricing data, we are obligated to resubmit the corrected data for up to three years after those data originally were due. Such restatements and recalculations increase our costs for complying with the laws and regulations governing the Medicaid Drug Rebate program and could result in an overage or underage in our rebate liability for past quarters. Price recalculations also may affect the ceiling price at which we are required to offer our products under the 340B program or could require us to issue refunds to 340B covered entities. Significant civil monetary penalties can be applied if we are found to have knowingly submitted any false pricing information to CMS, or if we fail to submit the required price data on a timely basis. Such conduct also could be grounds for CMS to terminate our Medicaid drug rebate agreement, in which case federal payments may not be available under Medicaid or Medicare Part B for our covered outpatient drugs. Significant civil monetary penalties also can be applied if we are found to have knowingly and intentionally charged 340B covered entities more than the statutorily mandated ceiling price. We cannot assure you that our submissions will not be found by CMS or HRSA to be incomplete or incorrect. In order to be eligible to have our products paid for with federal funds under the Medicaid and Medicare Part B programs and purchased by certain federal agencies and grantees, as noted above, we participate in the VA's FSS pricing program. As part of this program, we are obligated to make our products available for procurement on an FSS contract under which we must comply with standard government terms and conditions and charge a price that is no higher than the statutory Federal Ceiling Price, or FCP, to four federal agencies (the VA, U.S. Department of Defense, or DOD, Public Health Service, and the U.S. Coast Guard). The FCP is based on the Non-Federal Average Manufacturer Price, or Non-FAMP, which we calculate and report to the VA on a quarterly and annual basis. Pursuant to applicable law, knowing provision of false information in connection with a Non-FAMP filing can subject a manufacturer to significant penalties for each item of false information. These obligations also contain extensive disclosure and certification requirements. We also participate in the Tricare Retail Pharmacy program, under which we pay quarterly rebates on utilization of innovator products that are dispensed through the Tricare Retail Pharmacy network to Tricare beneficiaries. The rebates are calculated as the difference between the annual Non-FAMP and FCP. We are required to list our covered products on a Tricare Agreement in order for these products to be eligible for DOD formulary inclusion. If we overcharge the government in connection with our FSS contract or Tricare Agreement, whether due to a misstated FCP or otherwise, we are required to refund the difference to the government. Failure to make necessary disclosures and/or to identify contract overcharges can result in allegations against us under the FCA and other laws and regulations. Unexpected refunds to the government, and responding to a government investigation or enforcement action, would be expensive and time-consuming, and could have a material adverse effect on our business, financial condition, results of operations and growth prospects.

Currently, federal agencies in the U.S. are operating under a continuing resolution that is set to expire on March 14, 2025. Without appropriation of additional funding to federal agencies, our business operations related to our product development activities for the U.S. market could be impacted. The ability of the FDA to review and approve new products can be affected by a variety of factors, including government budget and funding levels, the ability to hire and retain key personnel and accept the payment of user fees, and statutory, regulatory and policy changes. Average review times at the agency have fluctuated in recent years as a result. In addition, government funding of the SEC and other government agencies on which our operations may rely, including those that fund research and development activities, is subject to the political process, which is inherently fluid and unpredictable. Disruptions at the FDA and other agencies may also slow the time necessary for new drug candidates to be reviewed and/or approved by necessary government agencies, which would adversely affect our business. If a prolonged government shutdown occurs, it could significantly impact the ability of the FDA to timely review and process our regulatory submissions, which could have a material adverse effect on our business. Further, future government shutdowns could impact our ability to access the public markets and obtain necessary capital in order to properly capitalize and continue our operations.

Privacy and data security remain significant issues in the U.S., Europe and in many other jurisdictions where we conduct or may in the future conduct our operations. The regulatory framework for the collection, use, safeguarding, sharing and transfer of information worldwide is rapidly evolving and is likely to remain uncertain for the foreseeable future. Additional regulations and guidance requiring data localization and restrictions on data transfer increase complexity for global corporations. Globally, virtually every jurisdiction in which we operate has established its own data security and privacy frameworks with which we must comply. Notably, for example, in Europe, the European General Data Protection Regulation 2016/679, which is commonly referred to as GDPR applies to any company established in the European Economic Area, or EEA, as well as any company outside the EEA that collects or otherwise processes personal data in connection with the offering goods or services to individuals in the EEA or the monitoring of their behavior. The GDPR imposes data protection obligations on processors and controllers of personal data, including, for example, disclosures about how personal information is to be used, stricter requirements for processing special category data (such as health data), having a valid legal basis or condition to process personal data, maintaining records of our processing activities and documenting data protection impact assessments where there is high risk processing, limitations on retention of information, mandatory data breach notification requirements, ensuring appropriate technical and organizational measures are put in place to safeguard personal data and onerous obligations on services providers. Penalties under the GDPR include fines of up to €20 million or 4% of total worldwide annual turnover, whichever is higher. EEA Member States have adopted national laws to implement the GDPR which may partially deviate from the GDPR. Further, competent authorities in the EEA Member States may interpret GDPR obligations slightly differently from country to country. For these reasons, we do not expect to operate in a uniform legal landscape in the EEA. Further to the UK's exit from the European Union on January 31, 2020, the UK incorporated the GDPR (as it existed on December 31, 2020 but subject to certain UK specific amendments) into UK law (referred to as the UK GDPR). The UK GDPR and the UK Data Protection Act 2018 set out the UK's data protection regime, which is independent from but currently still aligned to the EU's data protection regime. Non-compliance with the UK GDPR may result in monetary penalties of up to £17.5 million or 4% of worldwide revenue, whichever is higher. Although the UK is regarded as a third country under the EU's GDPR, the European Commission has issued a decision recognizing the UK as providing adequate protection under the EU GDPR and, therefore, transfers of personal data originating in the EEA to the UK remain unrestricted. Likewise The UK government has confirmed that personal data transfers from the UK to the EEA remain free flowing. The UK Government has introduced a Data Protection and Digital Information Bill which failed in the UK legislative process. A new Data (Use and Access) Bill (UK Bill) has been introduced into parliament. If passed, the final version of the UK Bill may have the effect of further altering the similarities between the UK and EEA data protection regime and threaten the UK Adequacy Decision from the European Commission. This may lead to additional compliance costs and could increase our overall risk. The respective provisions and enforcement of the EU GDPR and UK GDPR may further diverge in the future and create additional regulatory challenges and uncertainties. Given the breadth and depth of changes in data protection obligations, complying with the GDPR requirements has required and will continue to require significant time, resources and a review of our technologies, systems and practices, as well as those of any third-party collaborators, service providers, contractors or consultants that process or transfer personal data collected in the UK or EEA. Further, European data protection laws also regulates the transfer of personal data from the EEA, the UK and Switzerland to third countries that are not considered to provide adequate protections to personal data. On June 4, 2021, the European Commission, or the EC, issued Standard Contractual Clauses, or the SCCs, for data transfers from controllers or processors in the EEA (or otherwise subject to the EU GDPR) to controllers or processors established outside the EEA (and not subject to the EU GDPR). The UK is not subject to the EC's SCCs but has published its own standard clauses, the International Data Transfer Agreement, which enables transfers from the UK. We will be required to implement these new safeguards when conducting restricted data transfers under the EU GDPR and UK GDPR and doing so will require significant effort and cost. Where relying on the SCCs or UK IDTA for data transfers, we may also be required to carry out transfer impact assessments to assess whether the recipient is subject to local laws which allow public authority access to personal data. On July 10, 2023, the EU adopted an adequacy decision for a new "Data Privacy Framework," which replaces the Privacy Shield, which the European Court of Justice invalidated in 2020 for personal data transferred from the EU to the U.S. On July 17, 2023 the U.S. Department of Commerce released registration means and requirements for U.S. companies to register. The Framework provides additional certification mechanisms to provide for UK and Swiss data transfers. We have registered and have active membership under the Framework, allowing for transfer of HR and non-HR data from Switzerland, UK and EEA member states. We will be required to maintain these new safeguards when conducting restricted cross-border data transfers and doing so will require significant effort and cost. These and other future developments regarding the flow of data across borders could increase the cost and complexity of delivering our services in some markets and may lead to governmental enforcement actions, litigation, fines, and penalties or adverse publicity, which could adversely affect our business and financial position. While we have taken steps to mitigate the impact on us with respect to transfers of data, such as registering with the U.S. governing bodies managing the Data Privacy Framework, and implementing the SCCs where necessary in new contracts with our service providers, customers, subsidiaries, the validity of these transfer mechanisms remains uncertain. The previous data transfer mechanisms providing adequacy to enable cross-border transfers between the US and the EEA have been invalidated, and the Data Privacy Framework has already been challenged in several jurisdictions. Complying with this guidance as it exists today and evolves will be expensive and time consuming and may ultimately prevent us from transferring personal data outside Europe which would cause significant business disruption for ourselves and our customers and potentially require the changes in the way our products are configured, hosted and supported. In addition, we are subject to Swiss data protection laws, including the Federal Act on Data Protection, or FADP. While the FADP provides broad protections to personal data, the Swiss federal Parliament enacted a revised version of the FADP which came into effect in September 2023. The new version of the FADP aligns Swiss data protection law with the GDPR. We have updated our agreements to reflect the new requirements per the FADP, but further modifications or changes may require revisiting these agreements. Further, in addition to existing European data protection law, the European Union also is considering another draft data protection regulation. The proposed regulation, known as the Regulation on Privacy and Electronic Communications (ePrivacy Regulation), would replace the current ePrivacy Directive. It is unclear whether and/or when the Draft Regulation will enter into force. Further, the EU Artificial Intelligence Act or AI Act came into force on August 1, 2024 with provisions effective between 2025 and 2026. The AI Act prescribes requirements on companies that publish, deploy or use AI systems to perform assessments and to ensure governance of process to ensure the transparency, fairness and accuracy of AI systems. Preparing for and complying with the evolving application of the GDPR, national laws in Switzerland and the UK, ePrivacy Regulation (if and when it becomes effective) and the EU AI Act has required and will continue to require us to incur substantial operational costs and may require us to change our business practices. Despite our efforts to bring practices into compliance with the GDPR, appliable national data protection laws and before the effective date of the ePrivacy Regulation, we may not be successful either due to internal or external factors such as resource allocation limitations. Non-compliance could result in proceedings, fines or penalties against us by governmental entities, customers, data subjects, consumer associations or others. In addition to European data protection requirements, we are subject to US federal and state laws relating to privacy and data security. At the federal level, failing to take appropriate steps to keep consumers' personal information secure may constitute unfair acts or practices in or affecting commerce in violation of Section 5(a) of the Federal Trade Commission Act (the FTCA), 15 U.S.C § 45(a). The FTC expects a company's data security measures to be reasonable and appropriate in light of the sensitivity and volume of consumer information it holds, the size and complexity of its business and the cost of available tools to improve security and reduce vulnerabilities. Through executive and legislative action, the federal government has also taken steps to restrict data transactions involving certain sensitive data categories – including health data, genetic data, and biospecimens – with persons affiliated with China, Russia, and other countries of concern. In addition, certain state laws govern the privacy and security of personal information. For example, the California Consumer Privacy Act (CCPA), which took effect on January 1, 2020 and imposed sweeping privacy and security obligations on many companies doing business in California that meet one of three thresholds and provides for substantial fines for non-compliance and, in some cases, a private right of action to consumers who are victims of data breaches involving their unredacted or unencrypted personal information. While there is currently an exception for protected health information that is subject to HIPAA and clinical trial regulations, as currently written, the CCPA may impact our business activities. The CCPA was amended by the California Privacy Rights Act (CPRA) which became effective on January 1, 2023. The CPRA imposed additional obligations on companies covered by the legislation and significantly modified the CCPA, including by expanding consumers' rights with respect to certain sensitive personal information. The CPRA also created a new state agency that is vested with authority to implement and enforce the CCPA. The effects of the CCPA are significant and requires us to incur substantial costs and expenses in an effort to comply and increase our potential exposure to regulatory enforcement and/or litigation. In addition to the CCPA, similar laws have been passed in numerous other states, reflecting a trend toward more stringent privacy legislation in the U.S., which may accelerate. Further, other states have proposed new privacy laws which, if enacted, may add additional complexity, variation in requirements, restrictions and potential legal risk, require additional investment of resources in compliance programs, impact strategies and the availability of previously useful data and could result in increased compliance costs and/or changes in business practices and policies. The existence of comprehensive privacy laws in different states in the country would make our compliance obligations more complex and costly and may increase the likelihood that we may be subject to enforcement actions or otherwise incur liability for noncompliance. Furthermore, a smaller number of states have passed or are considering laws that are specifically focused upon health privacy, such as Washington's My Health My Data Act which took effect on March 31, 2024 and regulates the collection and sharing of health information. This law also has a private right of action, which further increases the relevant compliance risk. Connecticut and Nevada have also passed similar laws regulating consumer health data. In addition, other states have proposed and/or passed legislation that regulates the privacy and/or security of certain specific types of information. For example, a small number of states have passed laws that regulate biometric data specifically. These various privacy and security laws may impact our business activities, including our identification of research subjects, relationships with business partners and ultimately the marketing and distribution of our products. The effects of the CCPA and other state and federal privacy laws are significant and may require us to modify our data processing practices and policies and to incur substantial costs and potential liability in an effort to comply with such legislation. State laws are changing rapidly and there is discussion in the U.S. Congress of a new comprehensive federal data privacy law to which we may become subject, if enacted. The widespread use of generative AI and natural language processing tools have significant risk when used in the healthcare space. We are exposed to risks associated with employees utilizing generative AI in methods and ways that are contrary to the framework laid out by the Executive Order or the subsequent complementary laws. We will need to invest resources to ensure appropriate development and use of any generative AI, or like-technology, and to develop internal compliance policies and procedures addressing this use. The Department of Justice, or DOJ, issued the final rule carrying out Executive Order 14117, Preventing Access to Americans' Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern. This rule imposes restrictions on data considered sensitive to certain countries. As a result, we are exposed to risks associated with required data sharing between ourselves and a vendor in a country of concern, and we will need to invest resources to ensure appropriate safeguards are in place prior to any sharing of sensitive data. Cybersecurity presents an ongoing risk vector for our company. A cybersecurity incident or data breach impacting our internal systems or network could compromise sensitive information of patients and employees, requiring additional resources to enable us to ensure remediation and proper notification. Additionally, we rely on vendors to provide many services where they collect, use or process sensitive data on our behalf or jointly. An incident compromising the databases of our internal network or our vendor's information may materially impact our ability to continue development of our products or have appropriate data to complete FDA submissions. If data related to drug development is compromised, the integrity of that data might be impacted in such a way to render it unusable or potentially modified to a degree it will not be reliable. This type of attack may have material financial impacts resulting from a cybersecurity incident or data breach disclosing or making unavailable IP related to our drug development through a ransomware attack or similar method. The continued development and management of our Information Security function may require additional investment of resources to mature our ability to prevent and respond to cybersecurity incidents or data breaches. The increasing number and complexity of regional, country and U.S. state data protection laws, and other changes in laws or regulations across the globe, especially those associated with the enhanced protection of certain types of sensitive data, such as healthcare data or other personal information from our clinical trials, could lead to government enforcement actions and significant penalties against us and could have a material adverse effect on our business, financial condition or results of operations.

The precise incidence and/or prevalence for SM, GIST, chronic urticaria, asthma, allergic rhinitis, mast cell activation syndrome (MCAS), and other allergy/inflammation indications are unknown. Our projections of the number of people who have these diseases, the frequency of the genetic alterations targeted by our drugs and drug candidates and the subset of patients who have the potential to benefit from our treatment options are based on estimates. These estimates have been derived from a variety of sources, including scientific literature, surveys of clinics, healthcare claims data, patient foundations or third-party market research, and may prove to be incorrect. Further, new studies may change the estimated incidence or prevalence of these diseases and the number of patients may turn out to be lower than expected. For example, new claims data and epidemiology data suggest that SM prevalence is greater than previously thought; however, other future studies could contradict such findings. Additionally, the potentially addressable patient population for our approved drugs and drug candidates may be limited or may not be amenable to treatment with our precision therapies. Accordingly, the incidence and/or prevalence of the diseases we aim to address may not be otherwise amenable to treatment with our drugs, patients treated with our drugs and drug candidates may develop mutations that confer resistance to treatment or new patients may become increasingly difficult to identify or gain access to, all of which would adversely affect our results of operations and our business.

There are risks involved with both establishing our own sales and marketing capabilities and entering into arrangements with third parties to perform these services. For example, recruiting and training a sales force is expensive and time-consuming and could delay any drug launch. If the commercial launch of a drug candidate or a new indication for a drug product for which we establish marketing capabilities is delayed or does not occur for any reason, we would have prematurely or unnecessarily incurred these commercialization expenses, which may be costly. If we enter into arrangements with third parties to perform sales, marketing and distribution services, our drug revenues or the profitability of these drug revenues to us are likely to be lower than if we were to market and sell any current or future drugs ourselves. We likely will have little control over such third parties, and any of them may fail to devote the necessary resources and attention to sell and market our drugs effectively. In addition, we may not be successful in entering into arrangements with third parties to sell and market our current and future drugs or may be unable to do so on terms that are favorable to us. If we do not establish, maintain and, if necessary, expand sales and marketing capabilities successfully, either on our own or in collaboration with third parties, we will not be successful in commercializing our drugs and drug candidates, if approved. Further, our business, results of operations, financial condition and prospects will be materially adversely affected.

We are highly dependent on the research and development, clinical, commercial, business development, financial and legal expertise of our executive officers, as well as the other principal members of our management, scientific and clinical team. Although we have entered into employment agreements with our executive officers, each of our executive officers may terminate their employment with us at any time. In addition, insurance coverage is increasingly expensive, including with respect to directors and officers liability insurance, or D&O insurance. We may not be able to maintain D&O insurance at a reasonable cost or in an amount adequate to satisfy any liability that may arise. An inability to secure and maintain D&O insurance may make it difficult for us to retain and attract talented and skilled directors and officers to serve our company, which could adversely affect our business. We do not maintain "key person" insurance for any of our executives or other employees. In addition, we rely on consultants and advisors, including scientific and clinical advisors, to assist us in formulating our research and development and commercialization strategy. Our consultants and advisors may be employed by employers other than us and may have commitments under consulting or advisory contracts with other entities that may limit their availability to us. If we are unable to continue to attract and retain high quality personnel, our ability to pursue our growth strategy will be limited. We expect to continue hiring qualified development personnel. Recruiting and retaining qualified scientific, clinical, regulatory, manufacturing and sales and marketing personnel is critical to our success. The loss of the services of our executive officers or other key employees could impede the achievement of our research, development and commercialization objectives and seriously harm our ability to successfully implement our business strategy. Furthermore, replacing key employees and executive officers may be difficult and may take an extended period of time because of the limited number of individuals in our industry with the breadth of skills and experience required to successfully develop, gain regulatory approval of and commercialize drugs. Competition to hire from this limited pool is intense, and we may be unable to hire, train, retain or motivate these key personnel on acceptable terms given the competition among numerous pharmaceutical and biotechnology companies for similar personnel. We also experience competition for the hiring of scientific and clinical personnel from universities and research institutions. Failure to succeed in clinical trials may make it more challenging to recruit and retain qualified scientific personnel.

The API, drug substance and drug product used in our drug and drug candidates are supplied to us primarily from single-source suppliers. We do not currently own or operate manufacturing facilities for the production of our drugs or any drug candidates that may be approved in the future. As a result, we primarily rely on single-source third-party suppliers to manufacture and supply our drugs, which may not be able to produce sufficient inventory to meet commercial demand in a timely manner, or at all. Our ability to successfully develop our drug candidates, supply our drug candidates for clinical trials and to ultimately supply our commercial drugs in quantities sufficient to meet the market demand, depends in part on our ability to obtain the API, drug substance and drug product for these drugs in accordance with regulatory requirements and in sufficient quantities for clinical testing and commercialization. Although we have entered into arrangements to establish redundant or second-source supply of some of the API, drug product or drug substance for avapritinib, if any of our suppliers ceases its operations for any reason or is unable or unwilling to supply API, drug product or drug substance in sufficient quantities or on the timelines necessary to meet our needs, it could significantly and adversely affect our business, the supply of our drug candidates or approved drugs and our financial condition. Therefore, there can be no assurances that we will be able to obtain sufficient quantities of our drugs or any other drug candidates that may be approved in the future, which could have a material adverse effect on our business as a whole. For all of our drug candidates, we may from time to time explore opportunities to identify and qualify additional manufacturers to provide such API, drug substance and drug product prior to submission of an NDA to the FDA and/or a marketing authorization application to the EMA. We are not certain that our single-source suppliers will be able to meet our demand for their products, either because of the nature of our agreements with those suppliers, our limited experience with those suppliers or our relative importance as a customer to those suppliers. It may be difficult for us to assess their ability to timely meet our demand in the future based on past performance. While our suppliers have generally met our demand for their products on a timely basis in the past, they may subordinate our needs in the future to their other customers. In addition, we currently have sufficient supply or plans for supply to meet our anticipated global commercial and clinical development needs for our approved drugs and clinical-stage drug candidates through 2025. Establishing additional or replacement suppliers for the API, drug substance and drug product used in our drug candidates or approved drugs, if required, may not be accomplished quickly. If we are able to find a replacement supplier, such replacement supplier would need to be qualified and may require additional regulatory approval, which could result in further delay. While we seek to maintain adequate inventory of the API, drug substance and drug product used in our drug candidates and approved drugs, any interruption or delay in the supply of components or materials, or our inability to obtain such API, drug substance and drug product from alternate sources at acceptable prices in a timely manner could impede, delay, limit or prevent our development efforts, which could harm our business, results of operations, financial condition and prospects.

Inflation rates, particularly in the U.S., have increased recently to levels not seen in years. Increased inflation may result in decreased demand for our products, increased operating costs (including our labor costs), reduced liquidity, and limitations on our ability to access credit or otherwise raise debt and equity capital. In addition, the U.S. Federal Reserve has raised, and may again raise, interest rates in response to concerns about inflation. Increases in interest rates, especially if coupled with reduced government spending and volatility in financial markets, may have the effect of further increasing economic uncertainty and heightening these risks. In an inflationary environment, we may be unable to raise the sales prices of our products at or above the rate at which our costs increase, which could reduce our profit margins and have a material adverse effect on our financial results and net income. We also may experience lower than expected sales and potential adverse impacts on our competitive position if there is a decrease in spending on products in the biopharmaceutical industry in general or a negative reaction to our pricing or the pricing of those we do, or will collaborate with. A reduction in our revenue would be detrimental to our profitability and financial condition and could also have an adverse impact on our future growth.