Nautilus Biotechnolgy (NAUT) Risk Analysis

We anticipate commercializing our Nautilus platform in three phases involving first collaboration with biopharmaceutical companies and key academic opinion leaders exploring utility of pre-commercial versions of the platform, during which we do not expect to recognize significant revenue, if any; secondly an early access limited release phase in which we expect to recognize limited revenue; and finally a broader commercial launch phase. We are currently in the collaboration phase during which we have entered into collaborations with a small number of research customers, including with biopharmaceutical companies and key opinion leaders in proteomics whose assessment and validation of our products can significantly influence other researchers in their respective markets and/or fields. During the second, early access phase, we expect to work closely with early access collaborators to demonstrate a unique value proposition for our Nautilus platform. During this phase, we plan to provide early access to our collaborators with broad-scale and targeted analyses and profiling of samples analyzed in our facility or at the customers' facilities and shared via a cloud platform. We believe there is significant interest in our platform for targeted proteoform analyses. As such, we expect to be working with our initial early access collaborators in this area, and to leverage our learnings from those collaborations for the benefit of both our broad-scale and targeted products and services. We do not anticipate that these activities will result in any material revenue. We expect this second phase to lead into the third phase of launch of our proteome analysis platform in late 2026 and subsequent broad commercialization thereafter. Voice of customer studies have suggested that there is market demand for a proteomics platform with specifications that are initially lower than what we have previously disclosed, for example, around characteristics such as sample input and proteome coverage. Consequently, as we balance our time to market goals with our evolving view of customer requirements, we are refining our initial launch specifications. We believe that subsequent consumable releases will enable our platform to meet or exceed our previously announced product specifications. Achieving the scientific and commercial objectives identified above within currently anticipated timelines will require substantial investments in our technologies and in the underlying science. Scientific and technological development of the nature being undertaken by us is extraordinarily complex, and there can be no assurances that any of these phases of commercial development will be successful or that they will be completed within the timelines currently anticipated. Given the scientific and technical complexity of our products, we could experience material delays in product development and commercial launch. If our research and product development efforts do not result in commercially viable products within the anticipated timelines, our business, operating results, and financial condition will be adversely affected.

The life sciences industry is highly competitive, and companies in this industry routinely engage in litigation and governmental proceedings to enforce and defend the intellectual property rights that they believe they possess. We may become involved in litigation or governmental and/or administrative proceedings to enforce or defend our intellectual property rights. Additionally, we have and may continue to become involved in litigation and/or governmental or administrative proceedings to defend ourselves from claims that our products or services infringe the intellectual property rights of others, or to challenge the claimed intellectual property rights of others where we believe they may not be entitled to such rights. Such litigation and governmental proceedings are inherently unpredictable and costly, and can require significant time and attention of management. In addition to the costs and distraction of litigation, if we are unsuccessful in enforcing our intellectual property rights, or in defending our intellectual property rights from challenges of others, wit could result in our loss of our ability to exclude others from practicing aspects of our technology which could lead to greater competition for our products and services. Additionally, if we are unable to successfully defend ourselves from claims that we infringe the intellectual property rights of others and are unable to develop non-infringing alternative approaches for our products and services, we may be required to pay significant damages and ongoing royalties, or we may be prohibited from selling our products and services. Our success depends upon our ability to successfully enforce and defend our own intellectual property rights, and to defend ourselves from claims that we infringe the intellectual property rights of others.

Our products utilize open source software that contain modules licensed for use from third-party authors under open source licenses. In particular, some of the software may be provided under license arrangements that allow use of the software for research or other noncommercial purposes. Use and distribution of open source software may entail greater risks than use of third-party commercial software, as open source software licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code. Some open source software licenses contain requirements that the licensee make its source code publicly available if the licensee creates modifications or derivative works using the open source software, depending on the type of open source software the licensee uses and how the licensee uses it. If we combine our proprietary software with open source software in a certain manner, we could, under certain open source software licenses, be required to release the source code of our proprietary software to the public for free. This would allow our competitors and other third parties to create similar products with less development effort and time and ultimately could result in a loss of our product sales and revenue, which could have a material adverse effect on our business, financial condition, results of operations and prospects. In addition, some companies that use third-party open source software have faced claims challenging their use of such open source software and their compliance with the terms of the applicable open source license. We may be subject to suits by third parties claiming ownership of what we believe to be open source software or claiming non-compliance with the applicable open source licensing terms. Use of open source software may also present additional security risks because the public availability of such software may make it easier for hackers and other third parties to compromise or attempt to compromise our technology platform and systems. Although we review and monitors our use of open source software to avoid subjecting our proprietary software to conditions we do not intend, the terms of many open source software licenses have not been interpreted by United States courts, and there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our products and proprietary software. Moreover, we cannot assure investors that our processes for monitoring and controlling our use of open source software in our products will be effective. If we are held to have breached the terms of an open source software license, we could be subject to damages, required to seek licenses from third parties to continue offering our products on terms that are not economically feasible, to re-engineer our products, to discontinue the sale of our products if re-engineering could not be accomplished on a timely basis, or to make generally available, in source code form, our proprietary code, any of which could adversely affect our business, financial condition, results of operations and prospects.

Significant developments or changes in national laws or policies to protect or promote domestic interests and/or address foreign competition, including laws and policies in areas such as trade, manufacturing, government purchasing, health care, intellectual property and investment/development, could adversely affect our business, financial condition and results of operations. For example, certain governments have implemented policies to induce "re-shoring" of supply chains, reduce reliance on imported supplies and promote national production. The Chinese government has issued a series of policies in the past several years to promote the development and use of local medical devices. In addition, in recent years the U.S. has increased tariffs on certain imported goods and trade tensions between the U.S. and China escalated, with each country imposing significant, additional tariffs on a wide range of goods imported from the other country.

We are subject to the U.S. Foreign Corrupt Practices Act, or the FCPA, and similar anti-corruption laws which generally prohibit companies, their employees, agents, representatives, business partners, and third-party intermediaries from authorizing, offering, or providing, directly or indirectly, improper payments or benefits to recipients in the public or private sector. Specifically, the FCPA which prohibits corporations and individuals from paying, offering to pay, or authorizing the payment of anything of value to any foreign government official, government staff member, political party, or political candidate in an attempt to obtain or retain business or to otherwise influence a person working in an official capacity. We are also subject to the UK Bribery Act, which prohibits both domestic and international bribery, as well as bribery across both public and private sectors. If we choose to establish and expand our commercial operations outside of the United States we will need to comply with non-U.S. regulatory requirements, may need to establish and expand business relationships with various third parties, and we, our employees, agents, representatives, business partners and third-party intermediaries may interact more frequently with foreign officials, including regulatory authorities, and we may be held liable for the corrupt or other illegal activities of these employees, agents, representatives, business partners or third-party intermediaries, even if we do not explicitly authorize such activities. Any interactions with any such parties or individuals where improper payments are provided that are found to be in violation of such laws could result in substantial fines and penalties and could materially harm our business. We cannot assure you that all of our employees, agents, representatives, business partners and third-party intermediaries will not take actions in violation of applicable law for which we may ultimately be held responsible. These laws also require that we keep accurate books and records and maintain internal controls and compliance procedures designed to prevent any such actions. While we have policies and procedures to address compliance with such laws, we cannot assure you that none of our employees, agents, representatives, business partners or third-party intermediaries will take actions in violation of our policies and applicable law, for which we may be ultimately held responsible. Further, as we increase our international sales and business, our risks under these laws may increase and expanded programs to maintain compliance with such laws may be costly and may not be effective. Furthermore, any finding of a violation under one country's laws may increase the likelihood that we will be prosecuted and be found to have violated another country's laws. If our business practices are alleged to be or are found to be in violation of the FCPA, UK Bribery Act or other similar anti-corruption laws, we may be subject to whistleblower complaints, sanctions, settlements, prosecution, enforcement actions, fines, damages, adverse media coverage, investigations, loss of export privileges, significant civil and criminal penalties, or suspension or debarment from government contracts, all of which could have a material adverse effect on our reputation, financial condition and results of operations. Responding to any investigation or action will likely result in materially significant diversion of management's attention and resources and significant defense costs and other professional fees.

We may in the future be subject to the tax laws, regulations, and policies of several taxing jurisdictions. Changes in tax laws, as well as other factors, could cause us to experience fluctuations in our tax obligations and effective tax rates and otherwise adversely affect our tax positions and/or our tax liabilities. For example, many countries and local jurisdictions and organizations such as the Organisation for Economic Co-operation and Development have proposed or implemented new tax laws or changes to existing tax laws, including additional taxes on payroll or employees and a proposed 15% global minimum tax (Pillar 2) that is being adopted by several countries with implementation beginning in 2024. Any new or changes to tax laws could adversely affect our future effective tax rate, operating results, tax credits or incentives or tax payments, which could have a material adverse effect on our future business, cash flows, results of operations or financial condition if we expand internationally. For example, the United States recently enacted the Inflation Reduction Act of 2022, which implements, among other changes, a 1% non-deductible excise tax on certain stock buybacks effective January 1, 2023. Further, on January 1, 2022, a provision of the Tax Cuts and Jobs Act of 2017 went into effect that eliminates the option to deduct research and development costs in the year incurred and instead requires taxpayers to amortize such costs over five years for domestic and 15 years for foreign costs. Such changes, among others, may adversely affect our future effective tax rate, business, cash flows, results of operations and financial condition.

In the ordinary course of our business, we currently, and, in the future, will, collect, store, transfer, use or process sensitive data, including personal information of employees, and intellectual property and proprietary business information owned or controlled by us and other parties. The secure processing, storage, maintenance, and transmission of this critical information are vital to our operations and business strategy. We are, and may increasingly become, subject to various laws and regulations, as well as contractual obligations, relating to data privacy and security in the jurisdictions in which we operate. The regulatory environment related to data privacy and security is increasingly rigorous, with new and constantly changing requirements applicable to our business, and enforcement practices are likely to remain uncertain for the foreseeable future. These laws and regulations may be interpreted and applied differently over time and from jurisdiction to jurisdiction, and it is possible that they will be interpreted and applied in ways that may have a material adverse effect on our business, financial condition, results of operations and prospects. In the United States, various federal and state regulators have adopted, or are considering adopting, laws and regulations concerning personal information and data security. Certain state laws may be more stringent or broader in scope, or offer greater individual rights, with respect to personal information than federal, international or other state laws, and such laws may differ from each other, all of which may complicate compliance efforts. For example, the California Consumer Privacy Act (the "CCPA"), which provides for certain privacy rights for California residents and imposes obligations on companies that process their personal information, came into effect on January 1, 2020. Among other things, the CCPA requires covered companies to provide certain disclosures to California consumers and provide such consumers with certain data protection and privacy rights, including the ability to opt-out of certain sales of personal information. The CCPA provides for civil penalties for violations, as well as a private right of action for certain data breaches that result in the loss of personal information. This private right of action may increase the likelihood of, and risks associated with, data breach litigation. In November 2020, California passed the California Privacy Rights Act (the "CPRA"), which amended and expanded the CCPA as of January 1, 2023. Although the CCPA includes exemptions for certain clinical trial data, the law may increase our compliance costs and potential liability with respect to other personal information we collect about California customers. In addition to the CCPA, numerous other states' legislatures are considering or have enacted similar data privacy laws. For example, Virginia, Colorado, Utah and Connecticut have each passed laws similar to but different from the CCPA and CPRA that took effect in 2023; Florida, Montana, Oregon and Texas have enacted similar laws that took effect in 2024; Tennessee, Delaware, Iowa, Maryland, Minnesota, New Hampshire, Nebraska and New Jersey have enacted similar laws that have taken or will take effect in 2025; and Indiana, Rhode Island and Kentucky have enacted similar laws that will take effect in 2026. Additionally, certain other state laws govern the privacy and security of health information in certain circumstances, such as Washington's My Health, My Data Act, which contains a private right of action. These new state laws will require ongoing compliance efforts and investment. In addition, laws in all 50 U.S. states require businesses to provide notice to consumers whose personal information has been disclosed as a result of a data breach. State laws are changing rapidly and there is discussion in the U.S. Congress of comprehensive federal data privacy legislation. It is possible that these or other laws, regulations, or other actual or asserted obligations relating to privacy or security matters may be interpreted and applied in a manner that is inconsistent with our practices. If so, this could result in government-imposed fines or orders requiring that we change our practices, which could adversely affect our business.. Furthermore, regulations promulgated pursuant to the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") establish privacy and security standards that limit the use and disclosure of certain individually identifiable health information defined in HIPAA as "protected health information" and require the implementation of administrative, physical and technological safeguards to protect the privacy of protected health information and ensure the confidentiality, integrity and availability of electronic protected health information. Determining whether protected health information has been handled in compliance with applicable privacy standards and our contractual obligations can require complex factual and statistical analyses and may be subject to changing interpretation. Although we take measures to protect sensitive data from unauthorized access, use or disclosure, our information technology and infrastructure may be vulnerable to attacks by hackers or viruses or breached, subject to a security incident, or otherwise compromised or disrupted due to various causes, including employee error, malfeasance or other malicious or inadvertent actions. Any such breach, incident, compromise or disruption could compromise our networks and the information stored there could be accessed by unauthorized parties, manipulated, publicly disclosed, lost, stolen, corrupted, made unavailable, or misused or otherwise processed without authorization. Any such access, breach or other loss of information could result in legal claims or proceedings, and liability under federal or state laws that protect the privacy of personal information, such as the HIPAA, the Health Information Technology for Economic and Clinical Health Act, and regulatory penalties. Notice of breaches must be made to affected individuals, the Secretary of the Department of Health and Human Services, and for extensive breaches, notice may need to be made to the media or State Attorneys General. Such a notice could harm our reputation and our ability to compete. We are in the process of evaluating compliance needs but do not currently have in place formal policies and procedures related to the storage, collection and processing of information, and have not conducted internal or external data privacy audits to fully assess our compliance with all applicable data protection laws and regulations. Additionally, we do not currently have policies and procedures in place for assessing our third-party vendors' compliance with applicable data protection laws and regulations. All of these evolving compliance and operational requirements impose significant costs, such as costs related to organizational changes, implementing additional protection technologies, training employees and engaging consultants, which are likely to increase over time. In addition, such requirements may require us to modify our data processing practices and policies, which may distract management or divert resources from other initiatives and projects, all of which could have a material adverse effect on our business, financial condition, results of operations and prospects. Any failure or perceived failure by us or our third-party vendors, collaborators, contractors or consultants to comply with any applicable federal, state or similar foreign laws and regulations, contractual obligations or any other actual or asserted obligations relating to data privacy and security could result in damage to our reputation, as well as claims, demands, proceedings or litigation by governmental agencies or other third parties, including class action privacy litigation in certain jurisdictions, which would subject us to significant fines, sanctions, awards, penalties, judgments and other liabilities, all of which could have a material adverse effect on our business, financial condition, results of operations and prospects.

Our Seattle, Washington, facility primarily houses our corporate executive team and our software development operations, while our facilities in San Carlos and San Diego, California primarily house our research and development teams. Our facilities in Seattle, San Carlos and San Diego are vulnerable to natural disasters, public health crises, including the impact of the COVID-19 pandemic, and other catastrophic events. For example, our San Carlos and San Diego facilities are located near earthquake fault zones and are vulnerable to damage from earthquakes as well as other types of disasters, including fires, floods, power loss, communications failures and similar events. If any disaster, public health crisis or catastrophic event were to occur, our ability to operate our business would be seriously, or potentially completely, impaired. If our facilities become unavailable for any reason, we cannot provide assurances that we will be able to secure alternative facilities with the necessary capabilities and equipment on acceptable terms, if at all. We may encounter particular difficulties in replacing our San Carlos facilities given the specialized equipment housed within it. The inability to manufacture our instruments or consumables, combined with our limited inventory of manufactured instruments and consumables, may result in the loss of future customers or harm our reputation, and we may be unable to re-establish relationships with those customers in the future. If our research and development program or planned commercialization program were disrupted by a disaster or catastrophe, the launch of new products, including our Nautilus platform, and the timing of improvements to our products could be significantly delayed and could adversely impact our ability to compete with other available products and solutions. If our capabilities are impaired, we may not be able to manufacture and ship our products in a timely manner, which would adversely impact our business. Although we possess insurance for damage to our property and the disruption of our business, this insurance may not be sufficient to cover all of our potential losses and may not continue to be available to us on acceptable terms, or at all.

Our performance is substantially dependent on the performance of our senior management and key scientific and technical personnel, particularly Sujal Patel, one of our founders and our Chief Executive Officer, and Parag Mallick, one of our founders and our Chief Scientist. The loss of the services of any member of our senior management or our scientific or technical staff might significantly delay or prevent the development of our products or achievement of other business objectives by diverting management's attention to transition matters and identification of suitable replacements, if any, and could have a material adverse effect on our business. We do not maintain fixed term employment contracts with any of our employees and do not maintain key man life insurance on any of our employees. In addition, our research and product development efforts could be delayed or curtailed if we are unable to attract, train and retain highly skilled employees, particularly, senior scientists and engineers. To expand our research and product development efforts, we need additional people skilled in areas such as molecular and cellular biology, biochemistry, surface chemistry, software, bioinformatics, assay development, mechanical engineering, electrical engineering, optics, fluidics and manufacturing. Competition for these people is intense. Because of the complex and technical nature of our system and the dynamic market in which we compete, any failure to attract and retain a sufficient number of qualified employees could materially harm our ability to develop and commercialize our technology. Workforce reductions, such as the workforce reduction we began implementing during the first quarter of 2025, may be negatively received by potential or current employees and accordingly result in attrition or difficulty in recruiting desirable candidates. As part of our retention and incentive efforts, in addition to salary and cash incentives, we have issued stock options that vest over time. The value to employees of stock options that vest over time may be significantly affected by decreases in our stock price (whether or not related to or proportional to our operating performance) and may at any time be insufficient to counteract more lucrative offers from other companies. We may face challenges in retaining and recruiting such individuals due to sustained declines in our stock price that could reduce the retention value of equity awards.

We rely on single source suppliers for certain components and materials used in our Nautilus platform. The loss of any of these single source suppliers would require us to expend significant time and effort to locate and qualify an alternative source of supply for these components. Though we do not currently have contracts for third parties to provide manufacturing capabilities for each component of our Nautilus platform for which we expect to employ such third party manufacturers, if we are successful in reaching the point of manufacturing our products for commercialization, we may rely on a single company for such manufacturing. Any contractual disputes between us and such manufacturer or loss of manufacturing ability by such manufacturer could similarly require significant time, effort and expense to locate and qualify an alternative source of manufacturing, which could materially harm our business. We also rely, and expect to continue to rely, on third-party manufacturers and, in many cases, single third-party manufacturers for the production of certain reagents and antibodies needed to generate the deep proteomic information at the speed and scale which we expect our Nautilus platform to perform. With respect to any antibodies or reagents that are single sourced, the loss of any suppliers would require significant time and effort to locate and qualify an alternative source of supply. Such reagents and antibodies may also become scarce, more expensive to procure, or not meet quality standards, and we may not be able to obtain favorable terms in agreements with suppliers. Given their complexity, our suppliers may not be able to provide these reagents and antibodies in a cost-effective manner or in a time frame that is consistent with our expected future needs. If our suppliers cease or interrupt production or if suppliers fail to supply materials, products or services to us for any reason, such interruption could delay development, or interrupt the commercial supply, with the potential for additional costs and lost revenue. If this were to occur, we might also need to seek alternative means to fulfill our manufacturing needs. Any such transition would require significant efforts in testing and validation and could result in delays or other issues, which could materially harm our business.

Our products may be used to provide genetic information or analyze biological materials from humans and other living organisms. The information obtained from our products could be used in a variety of applications, which may have underlying legal, social and ethical concerns, including the genetic engineering or modification of agricultural products, testing for genetic predisposition for certain medical conditions and stem cell research. Governmental authorities could, for safety, social or other purposes, call for limits on or impose regulations on the use of genetic testing or the use of certain biological materials. Such concerns or governmental restrictions could limit the use of our products, which could have a material adverse effect on our business, financial condition and results of operations.