Chromadex (CDXC) Risk Analysis

Although we are operationally independent from the clinics that administer Niagen Plus products, which feature pharmaceutical-grade Niagen, our brand may be negatively affected by issues arising at the clinic level. We advertise locations where consumers can receive Niagen Plus products, which may create an association between our brand and the services provided by these third-party clinics. If clinics administering Niagen Plus products fail to adhere to proper medical protocols, engage in misleading marketing practices, or face regulatory scrutiny, our brand reputation could suffer, even if we are not directly responsible for their actions. Additionally, any adverse events or negative customer experiences at these clinics could erode consumer trust in our products and impact demand. While we seek to partner with reputable clinics, we cannot control their operations, and any issues at the clinic level could have a material adverse effect on our business and reputation.

Some of our employees were previously employed at other dietary supplement, nutraceutical, food and beverage, functional food, analytical laboratories, pharmaceutical and cosmetic companies. We may also hire additional employees who are currently employed at other such companies, including our competitors. Additionally, consultants or other independent agents with which we may contract may be or have been in a contractual arrangement with one or more of our competitors. We may be subject to claims that these employees or independent contractors have used or disclosed such other party's trade secrets or other proprietary information. Litigation may be necessary to defend against these claims. Even if we are successful in defending against these claims, litigation could result in substantial costs and be a distraction to our management. If we fail to defend such claims, in addition to paying monetary damages, we may lose valuable intellectual property rights or personnel. A loss of key personnel or their work product could hamper or prevent our ability to market existing or new products, which could severely harm our business.

The industries within which we operate are subject to stringent and constantly evolving regulations by a wide range of authorities worldwide. We believe our products are following all applicable regulations in those jurisdictions within which they are sold or marketed. We cannot predict how regulations will evolve or what new requirements may arise in the future and, if so, whether or how such changes may affect any products that we are developing or may attempt to develop. Depending on how regulations evolve, our goods may be suspended or may not be able to be marketed and sold in the United States or in other markets until we have achieved appropriate regulatory compliance as and if implemented by the FDA or other regulatory body. In certain markets and product categories, regulatory approval is a prerequisite for marketing and selling our products. These markets and categories may require adherence to specific regulatory standards, and any failure to obtain or maintain necessary approvals or changes in requirements in these regions could adversely impact our ability to sell our goods there. Satisfaction of regulatory requirements may take many years, is dependent upon the type, complexity and novelty of the product or service and would require the expenditure of substantial resources. If regulatory clearance of a good that we propose to market and sell is granted, this clearance may be limited to those particular countries, states and conditions for which the good is demonstrated to be safe and effective, which could limit our ability to generate revenue. We cannot ensure that any good that we develop will meet all of the applicable regulatory requirements needed to receive marketing clearance. Failure to obtain regulatory approval will prevent commercialization of our goods where such clearance is necessary. There can be no assurance that we will obtain regulatory approval of our proposed goods that may require it.

Substantial, complex or extended litigation could cause us to incur significant costs and distract our management. For example, lawsuits by employees, stockholders, collaborators, distributors, customers, competitors or others could be very costly and substantially disrupt our business. Disputes from time to time with such companies, organizations or individuals are not uncommon, and we cannot assure you that we will always be able to resolve such disputes on terms favorable to us. Refer to Note 16, Commitments and Contingencies in the Notes to the Consolidated Financial Statements, included in Part II, Item 8 of this Annual Report on Form 10-K, for more detail. Unexpected results could cause us to have financial exposure in these matters in excess of recorded reserves and insurance coverage, requiring us to provide additional reserves to address these liabilities, therefore impacting profits.

We collect, receive, store, process, use, generate, transfer, disclose, make accessible, protect and share personal information and other sensitive information, including but not limited to proprietary and confidential business information, trade secrets, intellectual property, information collected about patients in connection with clinical trials and sensitive third-party information necessary to operate our business, for legal and marketing purposes. Accordingly, we are, or may become, subject to numerous federal, state, local, and foreign data privacy and security laws, regulations, guidance and industry standards as well as external and internal privacy and security policies, contracts and other obligations that apply to the processing of personal data by us and on our behalf. The legal framework for the collection, use, safeguarding, sharing, transfer and other processing of information worldwide is rapidly evolving and may remain unsettled for the foreseeable future. Outside the United States, an increasing number of laws, regulations, and industry standards apply to data privacy and security. For example, the European Union's General Data Protection Regulation (GDPR) and the United Kingdom's GDPR (UK GDPR) imposes strict obligations on the processing of personal data, including, without limitation, personal health data. The GDPR and UK GDPR set out extensive compliance requirements, including providing detailed disclosures about how personal data is collected and processed, demonstrating that an appropriate legal basis is in place or otherwise exists to justify data processing activities; granting new rights for data subjects in regard to their personal data, as well as enhancing pre-existing rights (e.g., data subject access requests); requiring the appointment of a data protection officer in certain circumstances; mandating the appointment of representatives in the United Kingdom and/or the EEA in certain circumstances; introducing new data transfer frameworks such as the EU-U.S. Data Privacy Framework and the U.K. – U.S. Data Bridge, introducing the obligation to notify data protection regulators or supervisory authorities (and in certain cases, affected individuals) of significant data breaches; imposing limitations on retention of personal data; maintaining a record of data processing; and complying with the principle of accountability and the obligation to demonstrate compliance through policies, procedures, training and audit. Legal developments in Europe have created complexity and uncertainty regarding transfers of personal data from the European Economic Area, or EEA, to the United States. We continue to execute contracts involving the transfer of personal data outside of the European Economic Area with the Standard Contractual Clauses in the ordinary course. As supervisory authorities issue further guidance on personal data export mechanisms, including updates to the Standard Contractual Clauses, and/or start taking enforcement action, we could suffer additional costs, complaints and/or regulatory investigations or fines, and/or if we or third parties we work with are otherwise unable to transfer personal data between and among countries and regions in which we conduct business. Following the United Kingdom's withdrawal from the EEA and the EU, we also have to comply with the UK-specific requirements related to data protection, including with respect to transfer of personal data outside of the UK, which increases our regulatory compliance burden. The UK updated its transfer mechanism and we continue to execute contracts involving the transfer of personal data outside of the United Kingdom with the new UK-specific transfer tools in the ordinary course. If we cannot implement a valid compliance mechanism for cross-border data transfers, we may face increased exposure to regulatory actions, substantial fines, and injunctions against processing or transferring personal data from Europe or elsewhere. The inability to import personal data to the United States could significantly and negatively impact our business operations, including by limiting our ability to collaborate with parties that are subject to European and other data privacy and security laws; or requiring us to increase our personal data processing capabilities and infrastructure in Europe and/or elsewhere at significant expense. Additionally, in the United States, federal, state, and local governments have enacted numerous data privacy and security laws, including data breach notification laws, personal data privacy laws, and consumer protection laws. Each of these state laws adds potential compliance and risk for us with respect to data necessary to operate our business. A United States federal privacy bill has been introduced, which would establish new requirements for how companies handle personal data, including information that identifies or is reasonably linked to an individual, such as our consumers. If this bill becomes law, we may be required to implement certain security practices to protect and secure personal data against unauthorized access, and we may be subject to further requirements for complying with this requirement if the FTC issues related regulations. Additionally, if we become subject to new data privacy laws, at the state level, the risk of enforcement action against us could increase because we may become subject to additional obligations, and the number of individuals or entities that can initiate actions against us may increase (including individuals, via a private right of action, and state actors).Other data privacy and security laws have been proposed at the federal, state, and local levels in recent years, which could further complicate compliance efforts. Our obligations related to data privacy and security are quickly changing in an increasingly stringent fashion, creating some uncertainty as to the effective future legal framework. Additionally, these obligations may be subject to differing applications and interpretations, which may be inconsistent or in conflict among jurisdictions. Preparing for and complying with these obligations requires us to devote significant resources (including, without limitation, financial and time-related resources). These obligations may necessitate changes to our information technologies, systems, and practices and to those of any third parties that process personal data on our behalf. In addition, these obligations may require us to change our business model. Collectively, these laws may increase our compliance costs and potential liability. Although we endeavor to comply with our published policies, other documentation, and all applicable privacy and security laws, we may at times fail to do so or may be perceived to have failed to do so. Moreover, despite our efforts, our personnel or third parties upon whom we rely may fail to comply with such obligations, which could negatively impact our business operations and compliance posture. For example, any failure by a third-party processor to comply with applicable law, regulations, or contractual obligations could result in adverse effects, including inability to operate our business and proceedings against us by governmental entities or others. If we fail, or are perceived to have failed, to address or comply with obligations related to data privacy and security, we could face government enforcement actions that could include investigations, fines, penalties, audits and inspections; additional reporting requirements and/or oversight; temporary or permanent bans on all or some processing of personal data; orders to destroy or not use personal data; and imprisonment of company officials. Further, individuals or other relevant stakeholders could sue us for our actual or perceived failure to comply with our data privacy and security obligations, including, without limitation, in class action litigation. Any of these events could have a material adverse effect on our reputation, business, or financial condition, and could lead to a loss of actual or prospective customers, collaborators or partners; result in an inability to process personal data or to operate in certain jurisdictions; limit our ability to develop or commercialize our products; or require us to revise or restructure our operations. Moreover, such suits, even if we are not found liable, could be expensive and time-consuming to defend and could result in adverse publicity that could harm our business or have other material adverse effects. Additionally, we expect that there will continue to be new proposed laws and regulations concerning data privacy and security, and we cannot yet determine the impact such future laws, regulations and standards may have on our business.

We may be exposed to product recalls and adverse public relations if our products are alleged to be mislabeled or to cause injury or illness, or if we are alleged to have violated governmental regulations. A product recall could result in substantial and unexpected expenditures, which would reduce operating profit and cash flow. In addition, a product recall may require significant management attention. Product recalls may hurt the value of our brands and lead to decreased demand for our products. Product recalls also may lead to increased scrutiny by federal, state or international regulatory agencies of our operations and increased litigation and could have a material adverse effect on our business, results of operations, financial condition and cash flows.

Our ability to remain competitive may depend, in part, on our ability to continue to seek partners that can offer technological improvements and improve existing products and services that are offered to our customers. We are committed to attempting to keep pace with technological change, to stay abreast of technology changes and to look for partners that will develop new products and services for our customer base. We cannot assure prospective or existing investors that we will be successful in finding partners or be able to continue to incorporate new developments in technology, to improve existing products and services, or to develop successful new products and services, nor can we be certain that newly developed products and services will perform satisfactorily or be widely accepted in the marketplace or that the costs involved in these efforts will not be substantial.

In cases where our contracts are structured as fixed price or fee-for-service with a cap, we bear the financial risk if we initially underprice our contracts or otherwise overrun our cost estimates. Such underpricing or significant cost overruns could have a material adverse effect on our business, results of operations, financial condition and cash flows.

The markets for our products and services are both competitive and price-sensitive. Many of our competitors have significant financial, operations, sales and marketing resources and experience in research and development. Competitors could develop new technologies that compete with our products and services or even render our products obsolete. If a competitor develops superior technology or cost-effective alternatives to our products and services, our business could be seriously harmed. Additionally, some competitors may engage in misleading marketing practices, including mislabeling their products by overstating ingredient levels or making claims that their products provide benefits similar to ours without scientific support. These practices may mislead consumers into purchasing inferior or ineffective alternatives, thereby eroding our market share and damaging the credibility of the product category as a whole. If such competitors gain traction in the marketplace, our ability to differentiate our scientifically validated products may be diminished, negatively impacting our sales and overall business. Furthermore, the markets for some of our products are also subject to specific competitive risks because these markets are highly price competitive. Our competitors have competed in the past by lowering prices on certain products. If they do so again, we may be forced to respond by lowering our prices. This would reduce sales revenues and increase losses. Failure to anticipate and respond to price competition may also impact sales and aggravate losses. Our commercial opportunity could be reduced if our competitors develop and commercialize products that are more effective or convenient than our products. Our competitors also may obtain regulatory approval for their products in markets we have not yet entered or before we are able to obtain approval for ours, which could result in our competitors establishing a strong market position before we are able to enter that market. To the extent we are not the first to develop, offer and/or supply new products, customers may buy from our competitors or make materials themselves, causing our competitive position to suffer.

Any interruption in our relationship or decline in our business with key customers upon whom we become highly dependent could cause harm to our business. Factors that could influence our relationship with our customers upon whom we may become highly dependent include: - our ability to maintain our products at prices and quality that are competitive with those of our competitors, and the potential for new competitors or more aggressive actions by our existing competitors;- our ability to maintain quality levels for our products sufficient to meet the expectations of our customers;- our ability to produce, ship and deliver a sufficient quantity of our products in a timely manner to meet the needs of our customers;- our ability to continue to develop and launch new products that our customers feel meet their needs and requirements, with respect to cost, timeliness, features, performance and other factors;- our ability to develop new sales and distribution channels for our new products;- our ability to successfully develop relationships with clinics and other third-party providers of our pharmaceutical-grade products;- our ability to provide timely, responsive and accurate customer support to our customers; and - the ability of our customers to effectively deliver, market and increase sales of their own products based on ours.

As part of our business strategy, we will seek to develop partnerships or licensing arrangements to monetize our proprietary molecules for pharmaceutical applications. However, there is no guarantee that we will be able to identify suitable partners, negotiate favorable terms, or successfully execute such partnerships. Even if we enter into agreements with third parties, our ability to generate revenue from these arrangements will depend on various factors, including our partners' willingness and ability to invest in research, development, and commercialization efforts. Additionally, the development and commercialization of pharmaceutical products are subject to extensive regulatory requirements, including approval by the U.S. Food and Drug Administration (FDA) and other global regulatory authorities. If we or our partners are unable to obtain the necessary approvals or face delays in the regulatory process, our ability to generate revenue from pharmaceutical applications of our molecules may be significantly limited.

We intend to seek partners and paths to expand our operations in China, but there is no guarantee that we will be able to do so. In 2022, we entered into an agreement to form a joint venture to expand our opportunities in mainland China, Hong Kong, Macau and Taiwan, but have effectively terminated the joint venture after we were unable to achieve Blue Hat Registration. Our ability to pursue successful expansion in China is subject to general, as well as industry-specific, economic, political and legal developments and risks in China. The Chinese government exercises significant control over the Chinese economy, including but not limited to, controlling capital investments, allocating resources, setting monetary policy, controlling and monitoring foreign exchange rates, implementing and overseeing tax regulations, providing preferential treatment to certain industry segments or companies and issuing necessary licenses to conduct business. Our operations, whether through a new joint venture or otherwise, will be subject to laws and regulations applicable to foreign investment in China. There are uncertainties regarding the interpretation and enforcement of laws, rules and policies in China. Because many laws and regulations are relatively new, the interpretations of many laws, regulations and rules are not always uniform. Moreover, the interpretation of statutes and regulations may be subject to government policies reflecting domestic political agendas. Enforcement of existing laws or contracts based on existing law may be uncertain and sporadic. As a result of the foregoing, it may be difficult for us to obtain swift or equitable enforcement of laws ostensibly designed to protect companies like ours, which could have a material adverse effect on our business and results of operations.