Codexis (CDXS) Risk Factors

We will continue to file and prosecute patent applications and maintain trade secrets in an ongoing effort to protect our intellectual property rights. It is possible that our current patents, or patents which we may later acquire, may be successfully challenged or invalidated, in whole or in part. It is also possible that we may not obtain issued patents from our pending patent applications. We sometimes permit certain patents or patent applications to lapse or go abandoned under appropriate circumstances. Due to uncertainties inherent in prosecuting patent applications, sometimes patent applications are rejected, and we subsequently abandon them. It is also possible that we may develop proprietary technology, products or services in the future that are not patentable or that the patents of others will limit or altogether preclude our ability to conduct business. In addition, any patent issued to us or to our licensor may provide us with little or no competitive advantage, in which case we may abandon such patent, license it to another entity or terminate the license agreement. Our means of protecting our proprietary rights may not be adequate and our competitors may independently develop technologies, products or services that are identical or similar to ours or that compete with ours. Patent, trademark, copyright and trade secret laws afford only limited protection for our technology, products and services. The laws of many countries do not protect our proprietary rights to as great of an extent as do the laws of the United States. Despite our efforts to protect our proprietary rights, unauthorized parties have in the past attempted, and may in the future attempt, to operate under the aspects of our intellectual property rights, or proprietary technology, products or services or products, or to obtain and use information that we regard as proprietary. Third parties may also design around our proprietary rights, which may render our protected technology, services and products less valuable, if the design around is favorably received in the marketplace. In addition, if any of our technology, products and services are covered by third-party patents or other intellectual property rights, we could be subject to various legal actions. For example, we are aware of certain third-party intellectual property that does or may overlap with aspects of the Company's technology. We cannot assure that our technology products and/or services do not infringe, violate or misappropriate any patents or other intellectual property rights owned or controlled by others or that they will not in the future. Litigation may be necessary to enforce our intellectual property rights, to protect our trade secrets, to determine the validity and scope of the proprietary rights of others, or to defend against claims of infringement, invalidity, misappropriation, or other claims. Any such litigation could result in substantial costs and diversion of our resources. Moreover, any settlement of or adverse judgment resulting from litigation relating to intellectual property rights could require us to obtain a license to continue to make, use, import, sell or offer for sale the technology, products or services that is the subject of the claim, or otherwise restrict or prohibit our use of the technology, products or services.

Our success depends in part on our ability to obtain patents and maintain adequate protection of our intellectual property rights directed to our technology, products and services in the United States and other countries. We have adopted a strategy of seeking patent protection in the United States and in foreign countries with respect to certain of the technology used in or relating to our products, services, and processes. As such, as of September 30, 2024, we owned or controlled approximately 1,740 active issued patents and pending patent applications in the United States and in various foreign jurisdictions. As of September 30, 2024, our patents and patent applications, if issued, have terms that expire between 2024 and approximately 2045. We also have license rights to a number of issued patents and pending patent applications in the United States and in various foreign jurisdictions. Our owned and licensed patents and patent applications include those directed to our enabling technology and to the methods and products that support our business in the pharmaceutical manufacturing, life sciences, oligonucleotide synthesis, and other markets. We intend to continue to apply for patents relating to our technology, methods, services and products as we deem appropriate. Issuance of claims in patent applications and enforceability of such claims once issued involve complex legal and factual questions and, therefore, we cannot predict with any certainty whether any of our issued patents will survive invalidity claims asserted by third parties. Issued patents and patents issuing from pending applications may be challenged, invalidated, circumvented, rendered unenforceable or substantially narrowed in scope. In addition, the inventorship and ownership of the patents and patent applications may be challenged by others. Moreover, the United States Leahy-Smith America Invents Act ("AIA"), enacted in September 2011, brought significant changes to the United States patent system, which include a change to a "first to file" system from a "first to invent" system and changes to the procedures for challenging issued patents and disputing patent applications during the examination process, among other things. While interference proceedings are possible for patent claims filed prior to March 16, 2013, many of our filings will be subject to the post- and pre-grant proceedings set forth in the AIA, including citation of prior art and written statements by third parties, third party pre-issuance submissions, ex parte reexamination, inter partes review, post-grant review, and derivation proceedings. We may need to utilize the processes provided by the AIA for supplemental examination or patent reissuance. These proceedings could result in substantial cost to us even if the outcome is favorable. Even if successful, any proceeding may result in loss of certain claims. Any litigation or proceedings could divert our management's time and efforts. Even unsuccessful claims brought by third parties could result in significant legal fees and other expenses, diversion of management time, and disruption in our business. Uncertainties resulting from initiation and continuation of any patent or related litigation could harm our ability to compete. Additional uncertainty may result from legal precedent handed down by the United States Federal Circuit Court and Supreme Court as they determine legal issues concerning the scope and construction of patent claims and inconsistent interpretation of patent laws by the lower courts. Accordingly, we cannot ensure that any of our pending patent applications will result in issued patents, or even if issued, predict the breadth of the claims upheld in our, our licensors', and other companies' patents. Given that the degree of future protection for our proprietary rights is uncertain, we cannot ensure that: (i) we or our licensors were the first to invent the inventions covered by each of our pending applications, (ii) we or our licensors were the first to file patent applications for these inventions, or (iii) the proprietary technology, products or services we develop will be patentable. In addition, unauthorized parties may attempt to copy or otherwise obtain and use our technology, products and services. Monitoring unauthorized use of our intellectual property rights is difficult, and we cannot be certain that the steps we have taken will prevent unauthorized use of our technology, products or services, particularly in certain foreign countries where the local laws may not protect our proprietary rights as fully as in the United States. Moreover, third parties could practice our inventions in territories where we do not have patent protection. Such third parties may then try to import products made using our inventions into the United States or other countries. If competitors are able to use our proprietary technology, products or services, our ability to compete effectively could be harmed. In addition, others may independently develop and obtain patents for technologies, products or services that are similar to or superior to our technologies, products or services. If that happens, we may need to license these technologies, products or services, and we may not be able to obtain licenses on reasonable terms, if at all, which could cause harm to our business. Similarly, foreign courts have made, and will likely continue to make, changes in how the patent laws in their respective jurisdictions are interpreted. Changes in patent laws and regulations in other countries or jurisdictions, changes in the governmental bodies that enforce them, or changes in how the relevant governmental authority enforces patent laws or regulations may weaken our ability to obtain new patents or to enforce patents that we own or may obtain in the future. For example, in some cases, we have filed for unitary patent protection under the rules implemented on June 1, 2023, in the European Patent Office. We will continue to assess this route of protection on a case-by-case basis, as applications are filed and patents are granted through the European Patent Office. This may alter our ability to protect our patents in some European countries. Further, the laws of some foreign countries do not protect proprietary rights to the same extent or in the same manner as the laws of the United States. For example, in some foreign jurisdictions, governments have the right to compel patent owners to grant others licenses to their intellectual property under certain circumstances. In addition, any protection afforded by foreign patents may be more limited than that provided under U.S. patent and intellectual property laws. We may encounter significant problems in enforcing and defending our intellectual property both in the United States and abroad. For example, if the issuance in a given country of a patent covering an invention is not followed by the issuance in other countries of patents covering the same invention, or if any judicial interpretation of the validity, enforceability or scope of the claims or the written description or enablement in a patent issued in one country is not similar to the interpretation given to the corresponding patent issued in other countries, our ability to protect our intellectual property rights in those countries may be limited. Changes in either patent laws or in interpretations of patent laws in the United States and other countries may materially diminish the value of our intellectual property rights or narrow the scope of our patent protection. We cannot predict future changes in the interpretation of patent laws or changes to patent laws that might be enacted into law by U.S. and foreign legislative bodies. Those changes may materially affect our patents or patent applications and our ability to obtain additional patent protection in the future. Any of the foregoing could have a material adverse effect on our competitive position, business, financial condition, results of operations and prospects.

Our commercial success also depends in part on our ability to operate without infringing, violating or misappropriating patents and other intellectual property rights of third parties, and without breaching any licenses or other agreements that we have entered into with regard to our technologies, products or services. We cannot ensure that patents have not been issued, or will not be issued, to third parties that could block our ability to obtain patents or to operate as we would like. There may be patents in some countries that, if valid, may block our ability to make, use, sell, or offer for sale our technology, products or services in those countries, or import our products into those countries, if we are unsuccessful in circumventing or acquiring rights to these patents. There also may be claims in patent applications filed in some countries that, if granted and valid, may also block our ability to commercialize technology, products, services or processes in these countries if we are unable to circumvent or obtain rights to them. The industries in which we operate and the biotechnology industry, in particular, are characterized by frequent and extensive litigation regarding patents and other intellectual property rights. Many biotechnology companies have employed intellectual property litigation as a way to gain a competitive advantage. We are aware of some patents and patent applications relating to aspects of our technologies, products or services filed by, and issued to, third parties. We cannot assure that if such third-party patents rights are asserted against us that we would ultimately prevail. Any involvement in litigation or other intellectual property proceedings inside and/or outside of the United States to defend against claims that we infringe, misappropriate or violate the intellectual property rights of others may divert our management's time from focusing on business operations and could cause us to spend significant amounts of money. Any potential intellectual property litigation also could force us to do one or more of the following: - stop making, using, selling, offering for sale or importing our technologies, products and services that use the subject intellectual property;- pay monetary damages to the third party asserting claims against us;- grant or transfer rights to third parties relating to our patents or other intellectual property rights;- obtain from the third party asserting its intellectual property rights a license to make, sell, offer for sale, import or use the relevant technology, product or service, which license may not be available on reasonable terms, or at all; or - redesign those technologies, products, services or processes that use any allegedly infringing, misappropriated or violated intellectual property rights, or relocate the operations relating to the allegedly infringing, misappropriated or violated intellectual property rights to another jurisdiction, which may result in significant cost or delay to us, could be technically infeasible or could prevent us from making, selling, offering for sale, using or importing some of our technologies, products or services in the United States or other jurisdictions.

Competitors may infringe, violate or misappropriate our intellectual property rights or those of our licensors. To prevent infringement, violation, misappropriation or other unauthorized use, we have in the past filed, and may in the future be required to file, enforcement claims, which can be expensive and time-consuming. In addition, in an enforcement proceeding, a court may decide that the intellectual property right that we own or control is not valid, is unenforceable and/or is not infringed, violated or misappropriated. In addition, in legal proceedings against a third party to enforce a patent directed at one of our technologies, products or services, the defendant could counterclaim that our patent is invalid and/or unenforceable in whole or in part. In patent enforcement litigation in the United States, defendant counterclaims alleging invalidity and/or unenforceability are commonplace. Grounds for a patent validity challenge include an alleged failure to meet any of several statutory requirements, including lack of novelty, obviousness or non-enablement. Grounds for an unenforceability assertion could include an allegation that someone connected with prosecution of the patent withheld relevant information from the United States Patent and Trademark Office ("USPTO") or made a misleading statement during prosecution. Third parties may also raise similar claims before the USPTO, even outside the context of enforcement litigation. The outcome following legal assertions of invalidity and unenforceability is unpredictable, and prior art could render our patents or those of our licensors invalid. If a defendant were to prevail on a legal assertion of invalidity and/or unenforceability, we would lose at least part, and perhaps all, of the patent protection on the respective technology, products or services. Such a loss of patent protection could have a material adverse impact on our business. Even if resolved in our favor, litigation or other legal proceedings relating to our intellectual property rights may cause us to incur significant expenses and could distract our technical and management personnel from their normal responsibilities. In addition, there could be public announcements of the results of hearings, motions or other interim proceedings or developments and if securities analysts or investors perceive these results to be negative, it could have a substantial adverse effect on the price of our common stock. Such litigation or proceedings could substantially increase our expenses and reduce the resources available for operations and research and development activities. We may not have sufficient financial or other resources to conduct such litigation or proceedings adequately. Some of our competitors may be able to sustain the costs of such litigation or proceedings more effectively than we can because of their greater financial resources. Uncertainties resulting from the initiation and continuation of patent litigation or other proceedings could compromise our ability to compete in the marketplace. Furthermore, because of the substantial amount of discovery required in connection with U.S. intellectual property litigation, there is a risk that some of our confidential information could be compromised by disclosure during this type of litigation.

The laws of some foreign countries where we do business do not protect intellectual property rights to the same extent as the laws of the United States. Many companies have encountered significant problems in protecting and enforcing intellectual property rights in certain foreign jurisdictions. The legal systems of certain countries, particularly certain developing countries, do not favor the enforcement of patents and other intellectual property rights, particularly those relating to biotechnology technologies. Accordingly, our efforts to protect and enforce our intellectual property rights in such countries may be inadequate. This could make it difficult for us to stop the infringement, violation or misappropriation of our patents or other intellectual property rights. Additionally, proceedings to enforce our patent rights in foreign jurisdictions could result in substantial costs and divert our efforts and attention from other aspects of our business.

Although we are no longer developing our own portfolio of biotherapeutics product candidates, we continue to develop enzyme products, including our ECO Synthesis™ manufacturing platform, that may be used by our customers, future customers or collaborators in connection with their biotherapeutic product candidates. The successful development of biotherapeutic candidates involves many risks and uncertainties, requires long timelines and may lead to uncertain results. Our customers are subject to extensive regulations by the FDA and similar regulatory authorities in other countries for conducting clinical trials and commercializing products for therapeutic, vaccine or diagnostic use. These regulations result in our customers imposing quality requirements on us for the manufacture of our enzyme products through supplier qualification processes and customer contracts and specifications. In order to market a biologic or drug product in the United States, our customers, future customers or collaborators must undergo the following process required by the FDA: - completion of extensive preclinical laboratory tests and preclinical animal studies, all performed in accordance with the FDA's Good Laboratory Practice requirements;- submission to the FDA of an Investigational New Drug Application ("IND"), which must become effective before human clinical studies may begin in the United States;- approval by an independent institutional review board ("IRB") representing each clinical site before the clinical study may be initiated at the site;- performance of adequate and well-controlled human clinical studies in accordance with Good Clinical Practice ("GCP") requirements to establish the safety, purity and potency (or efficacy) of the product candidate for each proposed indication;- preparation of and submission to the FDA of a Biologics License Application ("BLA") or New Drug Application ("NDA")after completion of all clinical studies;- potential review of the product candidate by an FDA advisory committee;- satisfactory completion of an FDA pre-approval inspection of the manufacturing facilities where the product candidate is produced to assess compliance with current Good Manufacturing Practice ("cGMP") requirements;- FDA review and approval of a BLA or NDA prior to any commercial marketing or sale of the product in the United States; and - any post-approval requirements, if applicable. The regulatory approval processes of the FDA and comparable foreign authorities are lengthy, time consuming and the results are inherently unpredictable. If our customers, future customers or collaborators are ultimately unable to obtain regulatory approval for their biotherapeutic product candidates utilizing our enzyme products, our business may be harmed. In addition, if our customers, future customers or collaborators fail to comply with applicable FDA or other regulatory requirements at any time during the drug development process, clinical testing, the approval process or after approval, they may become subject to administrative or judicial penalties, including the FDA's refusal to approve a pending application, withdrawal of an approval, warning letters, product recalls and additional enforcement actions, any of which may have an adverse effect on our financial condition. We believe our enzyme products are exempt from compliance with the Food, Drug, and Cosmetic Act ("FDCA") and the current GMP ("cGMP") regulations of the FDA, as our products are further processed and incorporated into final drug or biologic products by our customers and we do not make claims related to their safety or effectiveness. Our products are manufactured following the voluntary quality standards of ISO 9001:2015. In the event we, or our suppliers, produce products that fail to comply with required quality standards, we may incur delays in fulfilling orders, write-downs, damages resulting from product liability claims and harm to our reputation. In the future, our products could become subject to more onerous regulation, or the FDA could disagree with our assessment that our enzyme products are exempt from current GMP regulations. In addition, the FDA could conclude that the products we provide to our customers are actually subject to the pharmaceutical, drug or biologic quality-related regulations for manufacturing, processing, packing or holding of drugs, biologics, or finished pharmaceuticals, and could take enforcement action against us, including requiring us to stop distribution of our products until we are in compliance with applicable regulations, which would reduce our revenue, increase our costs and adversely affect our business, prospects, results of operations and financial condition.

Some of our technology, products and services, such as our ECO Synthesis™ manufacturing platform, are genetically engineered or involve the use of genetically engineered products or genetic engineering technologies. If we and/or our collaborators are not able to overcome the ethical, legal, and social concerns relating to genetic engineering, our technology, products and services may not be accepted. Any of the risks discussed below could result in increased expenses, delays, or other impediments to our programs or the public acceptance and commercialization of products and processes dependent on our technologies or inventions. Our ability to develop and commercialize one or more of our technologies, products, or processes could be limited by the following factors: - public attitudes about the safety and environmental hazards of, and ethical concerns over, genetic research and genetically engineered products and processes, which could influence public acceptance of our technologies, products and processes;- public attitudes regarding, and potential changes to laws governing ownership of, genetic material, which could harm our intellectual property rights with respect to our genetic material and/or discourage collaborators from supporting, developing, or commercializing our technology, products and services; and - governmental reaction to negative publicity concerning genetically modified organisms, which could result in greater government regulation of genetic research and derivative products. The subject of genetically modified organisms has received negative publicity, which has aroused public debate. This adverse publicity could lead to greater regulation and trade restrictions on imports of genetically altered products. The biocatalysts that we develop have significantly enhanced characteristics compared to those found in naturally occurring enzymes or microbes. While we produce our biocatalysts only for use in a controlled industrial environment, the release of such biocatalysts into uncontrolled environments could have unintended consequences. Any adverse effect resulting from such a release could have a material adverse effect on our business and financial condition, damage our reputation, and/or expose us to liability for any resulting harm.

Any products that receives FDA approval will remain subject to ongoing regulatory requirements for manufacturing, labeling, packaging, distribution, storage, advertising, promotion, sampling, record-keeping and submission of safety and other post-market information, among other things. Any regulatory approvals received for such products may also be subject to limitations on the approved indicated uses for which they may be marketed or to the conditions of approval, or contain requirements for potentially costly post-marketing testing and surveillance studies. For example, the holder of an approved NDA or BLA in the United States is obligated to monitor and report adverse events and any failure of a product to meet the specifications in the NDA or BLA. In the United States, the holder of an approved NDA or BLA must also submit new or supplemental applications and obtain FDA approval for certain changes to the approved product, product labeling or manufacturing process. Similar provisions apply in the European Union (the "EU"). Advertising and promotional materials must comply with FDA rules and are subject to FDA review, in addition to other potentially applicable federal and state laws. Similarly, in the EU any promotion of medicinal products is highly regulated and, depending on the specific jurisdiction involved, may require prior vetting by the competent national regulatory authority. In addition, product manufacturers and their facilities are subject to payment of user fees and continual review and periodic inspections by the FDA and other regulatory authorities for compliance with cGMP requirements and adherence to commitments made in the NDA, BLA or foreign marketing application. If our customers, future customers or our collaborators or a regulatory agency discovers previously unknown problems with a product such as adverse events of unanticipated severity or frequency or problems with the facility where the product is manufactured or disagrees with the promotion, marketing or labeling of that product, a regulatory agency may impose restrictions relative to that product, the manufacturing facility or our customers or collaborators, including requiring recall or withdrawal of the product from the market or suspension of manufacturing. In addition, if our customers or collaborators fail to comply with applicable regulatory requirements, the FDA and other regulatory authorities may: - issue an untitled letter or a warning letter asserting a violation of the law;- seek an injunction, impose civil or criminal penalties, and impose monetary fines, restitution or disgorgement of profits or revenues;- suspend or withdraw regulatory approval;- issue safety alerts, Dear Healthcare Provider letters, press releases or other communications containing warnings or other safety information about the product;- mandate modification of promotional materials and labeling and issuance of corrective information;- issue consent decrees or corporate integrity agreements, or debar or exclude from federal healthcare programs;- suspend or terminate any ongoing clinical trials or implement requirements to conduct post-marketing studies or clinical trials;- refuse to approve a pending NDA, BLA or comparable foreign marketing application (or any supplements thereto);- restrict the labeling, marketing, distribution, use or manufacturing of products;- seize or detain products or otherwise require the withdrawal or recall of products from the market;- refuse to approve pending applications or supplements to approved applications;- refuse to permit the import or export of products; or - refuse government contracts. Any government investigation of alleged violations of law could require us to expend significant time and resources in response and could generate negative publicity. The occurrence of any event or penalty described above may also inhibit our customers or collaborators' ability to commercialize products and our ability to generate revenues. In addition, the FDA's policies, and policies of foreign regulatory agencies, may change, including due to judicial challenges, and additional regulations may be enacted that could prevent, limit or delay regulatory approval of product candidates. We cannot predict the likelihood, nature or extent of government regulation that may arise from future legislation or administrative or executive action, either in the United States or abroad. If we are slow or unable to adapt to changes in existing requirements or the adoption of new requirements or policies, or if we are not able to maintain regulatory compliance, we may be subject to enforcement action and we may not achieve or sustain profitability.

The healthcare industry is highly regulated. We, and our customers, are subject to various local, state, federal, national, and international laws and regulations, which include laws and regulations promulgated by the FDA, HHS, state boards of pharmacy, state health departments, and similar regulatory bodies in other countries. Additionally, our business operations and future arrangements with investigators, healthcare professionals, and consultants, among others, may expose us and our customers to broadly applicable fraud and abuse and other healthcare laws and regulations, including, without limitation, the federal Anti-Kickback Statute, the federal civil False Claims Act, the federal Civil Monetary Penalties Law, and analogous state laws. These laws may constrain the business or financial arrangements and relationships through which we will conduct our operations. Because of the breadth of these laws and narrowness of available statutory and regulatory exceptions, it is possible that some of our business activities could be regulated by or subject to challenge under one or more of such laws. We cannot ensure that our compliance controls, policies, and procedures will in every instance protect us from acts of our employees, agents, contractors, or collaborators that turn out to violate any of the laws described above. If we or our operations are found to be in violation of any of the laws described above or any other governmental regulations that apply to us, we may be subject to penalties, including civil and criminal penalties, damages, fines, imprisonment and the curtailment or restructuring of our operations, any of which could materially adversely affect our ability to operate our business and our financial results.

In the United States, there have been, and we expect there will continue to be, a number of legislative initiatives to contain healthcare costs. Some of these initiatives, such as ongoing healthcare reform, including with respect to reforming drug pricing, adverse changes in governmental or private funding of healthcare products and services, legislation or regulations governing patient access to care, and the delivery, coverage, pricing, and reimbursement of pharmaceuticals and healthcare services may cause our customers to change the amount of our offerings that they purchase from us or the price they are willing to pay us for these offerings. If cost-containment efforts or other healthcare reform measures limit our customers' profitability, they may decrease research and development spending, which could decrease the demand for our products and services and materially adversely affect our growth prospects. Any of these factors could harm our customers' businesses, which, in turn, could materially adversely affect our business, financial condition, results of operations, cash flows, and prospects. We cannot predict the likelihood, nature, or extent of other health reform initiatives that may arise from future legislative, administrative, or other action. Any substantial revision of applicable healthcare legislation could have a material adverse effect on the demand for our customers' products, which in turn could have a negative impact on our results of operations, financial condition, or business. Changes in the healthcare industry's pricing, selling, inventory, distribution, or supply policies or practices, or in public or government sentiment for the industry as a whole, could also significantly reduce our revenue and results of operations.

The global data protection landscape is rapidly evolving, and we are or may become subject to state, federal and foreign laws, regulations, decisions and directives governing the privacy, security, collection, storage, transmission, use, processing, retention and disclosure of personal information. Any failure or perceived failure by us to comply with applicable laws or regulations, our internal policies and procedures or our contracts governing our processing of personal information could result in negative publicity, government investigations and enforcement actions, claims by third parties and damage to our reputation, any of which could have a material adverse effect on our operations, financial performance and business. In the United States, Health Insurance Portability and Accountability Act ("HIPAA") imposes, among other things, certain standards relating to the privacy, security, transmission and breach reporting of certain individually identifiable health information. Certain states have also adopted and continue to adopt new privacy and security laws and regulations, which govern the privacy, processing and protection of health-related and other personal information. Such laws and regulations will be subject to interpretation by various courts and other governmental authorities, thus creating potentially complex compliance issues for us and our future customers and strategic partners. For example, the California Consumer Privacy Act ("CCPA") went into effect on January 1, 2020. The CCPA creates individual privacy rights for California consumers and increases the privacy and security obligations of entities handling certain personal information. The CCPA also provides for civil penalties for violations, as well as a private right of action for data breaches (which has increased the likelihood of, and risks associated with, data breach litigation). Further, the California Privacy Rights Act ("CPRA") significantly amended the CCPA, which went into effect in January 2023. It imposes additional data privacy obligations on covered businesses, including additional consumer rights processes, limitations on data uses, new audit requirements for higher risk data and opt outs for certain uses of sensitive data. It also created a new California privacy protection agency authorized to issue substantive regulations and could result in increased privacy and information security enforcement. Additional compliance investment and potential business process changes may also be required. Similar laws regulating personal information generally or health information in particular have passed in more than a dozen states and have been proposed in other states and at the federal level, reflecting a trend toward more stringent privacy legislation in the United States. These developments increase our compliance burden and our risk, including risks of regulatory fines, litigation and associated reputational harm. Any liability from failure to comply with the requirements of these laws could adversely affect our financial condition. Furthermore, the Federal Trade Commission ("FTC") and many state Attorneys General continue to enforce federal and state consumer protection laws against companies for the collection, use, sharing and security of personal information that appear to be unfair or deceptive. For example, according to the FTC, failing to take appropriate steps to keep consumers' personal information secure can constitute unfair acts or practices in or affecting commerce in violation of Section 5(a) of the Federal Trade Commission Act. The FTC expects a company's data security measures to be reasonable and appropriate in light of the sensitivity and volume of consumer information it holds, the size and complexity of its business, and the cost of available tools to improve security and reduce vulnerabilities. In the European Union ("EU"), the EU General Data Protection Regulation ("EU GDPR") governs the processing of personal data. The UK has implemented the EU GDPR as the UK GDPR which sits alongside the UK Data Protection Act 2018 (the "UK GDPR", and together with the EU GDPR, the "GDPR"). The GDPR imposes requirements for controllers, including (among others) specific requirements for obtaining valid consent where consent is the legal basis for processing, requirements around accountability and transparency, the obligation to consider data protection when any new products or services are developed, the obligation to comply with individuals' data protection rights, and the obligation to notify relevant data supervisory authorities of notifiable personal data breaches without undue delay (and no later than 72 hours) after becoming aware of the personal data breach (and affected data subjects where the personal data breach is likely to result in a high risk to their rights and freedoms). The EU GDPR provides that EU member states may enact their own additional national laws and regulations regarding the processing of genetic, biometric or health data, which could affect our ability to use and share personal data or could cause our costs to increase and potentially harm our business and financial condition. Failure to comply with the requirements of the GDPR can result in (among other things) fines of up to the greater of €20 million (under the EU GDPR) or £17.5 million (under the UK GDPR) or 4% of an organization's total worldwide annual turnover of the preceding financial year and other administrative penalties. To the extent that we are subject to the GDPR, compliance with the GDPR may require substantial amendments to our procedures and policies and these changes could adversely impact our business by increasing operational and compliance costs or impact business practices. Further, there is a risk that the amended policies and procedures will not be implemented correctly or that individuals within the business will not be fully compliant with the new procedures. There is a risk that we could be impacted by a cybersecurity incident that results in loss or unauthorized disclosure of personal data, potentially resulting in us facing harms similar to those described above. Among other requirements, the EU GDPR prohibits the international transfer of personal data subject to the GDPR from the European Economic Area ("EEA") to third countries that the European Commission does not recognize as having an ‘adequate' level of data protection, unless a data transfer mechanism has been put in place or a derogation under the EU GDPR can be relied on. In July 2020, the Court of Justice of the EU in its Schrems II judgement limited how organizations could lawfully transfer personal data from the EEA to the United States by invalidating the EU-U.S. Privacy Shield for purposes of international transfers and imposing further restrictions on the use of standard contractual clauses ("EU SCCs"), including a requirement for companies to carry out a transfer privacy impact assessment ("TIA"). A TIA, among other things, assesses laws governing access to personal data in the recipient country and considers whether supplementary measures that provide privacy protections additional to those provided under the EU SCCs will need to be implemented to ensure an ‘essentially equivalent' level of data protection to that afforded in the EEA. On October 7, 2022, U.S. President Biden introduced an Executive Order to facilitate a new Trans-Atlantic Data Privacy Framework ("DPF") and in July 2023, the European Commission adopted its Final Implementing Decision granting the United States adequacy ("Adequacy Decision") for EU-U.S. transfers of personal data for entities self-certified to the DPF. Entities relying on EU SCCs for transfers to the United States are also able to rely on the analysis in the Adequacy Decision as support for their TIA regarding the equivalence of U.S. national security safeguards and redress. The UK GDPR also imposes similar restrictions on transfers of personal data from the UK to jurisdictions that the UK Government does not consider adequate, including the United States. The UK Government has published its own form of the EU SCCs, known as the International Data Transfer Agreement and an International Data Transfer Addendum to the new EU SCCs. The UK Information Commissioner's Office has also published its own version of the TIA and guidance on international transfers, although entities may choose to adopt either the EU or UK-style TIA. Further, on September 21, 2023, the UK Secretary of State for Science, Innovation and Technology established a UK-U.S. data bridge (i.e., a UK equivalent of the Adequacy Decision) and adopted UK regulations to implement the UK-U.S. data bridge ("UK Adequacy Regulations"). Personal data may now be transferred from the UK under the UK-U.S. data bridge through the UK extension to the DPF to organizations self-certified under the UK extension to DPF. As we continue to expand into other foreign countries and jurisdictions, we may be subject to additional laws and regulations that may affect how we conduct business. Although we work to comply with applicable laws, regulations and standards, our contractual obligations and other legal obligations, these requirements are evolving and may be modified, interpreted and applied in an inconsistent manner from one jurisdiction to another, and may conflict with one another or other legal obligations with which we must comply. Various federal, state and foreign legislative or regulatory bodies may enact new or additional laws and regulations concerning privacy, data-retention and data-protection issues, including laws or regulations mandating disclosure to domestic or international law enforcement bodies, which could adversely impact our business or our reputation with customers. For example, some countries have adopted laws mandating that certain personal information regarding customers in their country be maintained solely in their country. Having to maintain local data centers and redesign product, service and business operations to limit processing of personal information to within individual countries could increase our operating costs significantly. Any failure, or perceived failure, by us to comply with federal, state or international privacy, data-retention or data-protection-related laws, regulations, orders or industry self-regulatory principles could result in proceedings or actions against us by governmental entities or others, a loss of customer confidence, damage to our brand and reputation and a loss of customers, any of which could have an adverse effect on our business.

Our ability to maintain and manage collaborations in our markets is fundamental to the success of our business. We currently have license agreements, research and development agreements, supply agreements and/or distribution agreements with various collaborators. For example, we have ongoing collaborations and agreements with GSK, Merck, Novartis, Roche, Aldevron and Alphazyme that are important to our business and financial results. We may have limited or no control over the amount or timing of resources that any collaborator is able or willing to devote to our partnered products or collaborative efforts. Any of our collaborators may fail to perform its obligations. These collaborators may breach or terminate their agreements with us or otherwise fail to conduct their collaborative activities successfully and in a timely manner. Further, our collaborators may not develop products arising out of our collaborative arrangements or devote sufficient resources to the development, manufacture, marketing or sale of these products. Moreover, disagreements with a collaborator could develop, and any conflict with a collaborator could lead to litigation, reduce our ability to enter into future collaboration agreements and negatively impact our relationships with one or more existing collaborators. If any of these events occur, especially if they occur in our collaborations with GSK, Merck or Novartis, or if we fail to maintain our agreements with our collaborators, we may not be able to commercialize our existing and potential products or grow our business or generate sufficient revenues to support our operations, we may not receive contemplated milestone payments and royalties under the collaboration, and we may be involved in litigation. Our collaboration opportunities could be harmed and our financial condition and results of operations could be negatively affected if: - we do not achieve our research and development objectives under our collaboration agreements in a timely manner or at all;- we develop products and processes or enter into additional collaborations that conflict with the business objectives of our other collaborators;- our collaborators and/or our contract manufacturers do not receive the required regulatory and other approvals necessary for the commercialization of the applicable product;- we disagree with our collaborators as to rights to intellectual property that are developed during the collaboration, or their research programs or commercialization activities;- we are unable to manage multiple simultaneous collaborations;- our collaborators or licensees are unable or unwilling to implement or use the technology or products that we provide or license to them;- our collaborators become competitors of ours or enter into agreements with our competitors;- our collaborators become unable or less willing to expend their resources on research and development or commercialization efforts due to general market conditions, their financial condition or other circumstances beyond our control; or - our collaborators experience business difficulties, which could eliminate or impair their ability to effectively perform under our agreements. Even after collaboration relationships expire or terminate, some elements of the collaboration may survive. For instance, certain rights, licenses and obligations of each party with respect to intellectual property and program materials may survive the expiration or termination of the collaboration. Disagreements or conflicts between and among the parties could develop even though the collaboration has ended. These disagreements or conflicts could result in expensive arbitration or litigation, which may not be resolved in our favor. Finally, our business could be negatively affected if any of our collaborators or suppliers undergoes a change of control or were to otherwise assign the rights or obligations under any of our agreements.