Rapid Micro Biosystems (RPID) Risk Factors

In the ordinary course of our business, we collect and store sensitive data, including personal information, intellectual property and proprietary business information owned or controlled by ourselves or our employees, customers and other parties. We manage and maintain our applications and data utilizing a combination of on-site systems and cloud-based data centers. We utilize external security and infrastructure vendors to manage parts of our data centers. These applications and data encompass a wide variety of business-critical information, including research and development information, customer information, commercial information and business and financial information. We, like all companies storing business-critical information, face a number of risks relative to protecting this critical information, including loss of access, inappropriate use or disclosure, unauthorized access or exfiltration, inappropriate modification, inappropriate destruction, and the risk of our being unable to adequately monitor and audit and modify our controls over our critical information. This risk extends to the third-party vendors and subcontractors we use to manage this sensitive data or otherwise process it on our behalf. The secure processing, storage, maintenance and transmission of this critical information are vital to our operations and business strategy, and we devote significant resources to protecting such information. Although we take measures to protect sensitive data from unauthorized access, use or disclosure, our information technology and infrastructure may still be vulnerable to, and we have in the past experienced, attacks by hackers or viruses or breaches due to employee error, malfeasance or other malicious or inadvertent disruptions. Further, attacks upon information technology systems, including those involving system disrupting ransomware and digital extortion, fraudulent messages purporting to be from legitimate individuals or organizations in order to induce actions directed by bad actors, sometimes known as "phishing", and transmission of fraudulent invoices or other requests for payments by malicious organizations purporting to be legitimate vendors and suppliers, are increasing in their frequency, levels of persistence, sophistication and intensity, and are being conducted by sophisticated and organized groups and individuals with a wide range of motives, capabilities, and expertise. We may also face increased cybersecurity risks due to our reliance on internet technology and the number of our employees who are working remotely, which may create additional opportunities for cybercriminals to exploit vulnerabilities. Furthermore, because the techniques used to obtain unauthorized access to, or to sabotage, systems change frequently and often are not recognized until launched against a target, we may be unable to anticipate these techniques or implement adequate preventative measures. While we have measures in place to identify, detect and mitigate security threats and incidents, they are not failproof, so we may also experience security incidents that may remain undetected for an extended period. Any such incident could result in the compromise of our information systems, and the data stored there could be accessed, encrypted, corrupted, modified, publicly disclosed, lost or stolen. Any such incident could result in legal claims or proceedings, including for breaches of confidential information obligations with contractual counterparties, and liability under federal or state laws that protect the privacy of personal information, and regulatory penalties. Notice of breaches may be required to affected individuals,customers, or other state, federal or foreign regulators, and for extensive breaches, notice may need to be made to the media or State Attorneys General. Such a notice could harm our reputation and our ability to compete. Although we have implemented security measures to prevent, detect and respond to security incidents, our data is currently accessible through multiple channels, and there is no guarantee we can protect our data from breach. Unauthorized access to our information systems, and the loss, destruction or, dissemination of data stored within them could also disrupt or halt our operations and damage our reputation, any of which could adversely affect our business.

We currently conduct our primary development and manufacturing at our facility located in Lowell, Massachusetts. Our facility and equipment could be harmed or rendered inoperable or inaccessible by natural or man-made disasters, the severity and frequency of which may be amplified by global climate change, or other circumstances beyond our control, including fire, power loss, communications failure, war or terrorism, or another catastrophic event, such as a pandemic or similar outbreak or public health crisis, which may render it difficult or impossible for us to support our customers and develop products. The inability to manufacture our systems and consumables could develop if our facility is inoperable or suffers a loss of utilization for even a short period of time and may result in the loss of customers or harm to our reputation. Disruptions in our manufacturing operations could also adversely affect our efforts to improve the gross margins of our products. Furthermore, our facility and the equipment we use to perform our manufacturing and development could be unavailable or costly and time consuming to repair or replace. It would be difficult, time consuming and expensive to rebuild our facility, to locate and qualify a new facility or license or transfer our proprietary technology to a third party. Even in the event we are able to find a third party to assist in manufacturing and development efforts, we may be unable to negotiate commercially reasonable terms to engage with the third party. To mitigate certain of these risks associated with the manufacture of our consumables, we have constructed a back-up consumable manufacturing facility in Lexington, Massachusetts. While we believe that we could, if necessary, transfer our manufacturing capabilities to our back-up facility, there can be no assurance that we would achieve such transfer in a timely manner or at all and mitigate disruption to our overall business.

We source the components of our Growth Direct system and consumables from third-party suppliers. We do not have supply agreements with most of our suppliers beyond purchase orders and, although we maintain an inventory of components, forecasted amounts may be inaccurate and we may experience shortages as a result of serious supply problems with these suppliers. There can be no assurance that our supply of components will not be limited, interrupted, or of satisfactory quality or continue to be available at acceptable prices. For example, we experienced disruptions to our supply chain as a result of the coronavirus pandemic and may experience additional disruptions in the future. Certain critical components of our Growth Direct system and consumables we obtain from single suppliers and the loss of supply from any of these suppliers could materially adversely affect our business. To protect against such loss, we maintain, or are working to obtain, sufficient inventory of these components to allow us to continue to manufacture our systems and consumables during the period required to qualify a new supplier. For example, the manufacturer of the camera used in our Growth Direct system discontinued production of the camera, and we have obtained a supply we believe is sufficient to allow us to meet customer demand while qualifying a new camera supplier. While we believe we have, or will have, sufficient inventory to provide protection against changes in our sole suppliers, our estimates of the length of time required to qualify a new supplier or inventory level required to manufacture our systems and consumables during that time may be incorrect, and we may run out of inventory sooner than we anticipate. In addition, we have not obtained sufficient inventory for all of our single-source components and we may not be able to do so in the amounts we predict will be required. In addition, any change to a new supplier will require us to devote substantial time and resources, result in additional costs, and could involve a period in which our products might not be produced in a timely or consistent manner. We may also be unable to enter into agreements with new suppliers on commercially reasonable terms or at all. The occurrence of any of these events could adversely affect our business and customer relationships. In addition, loss of any critical component provided by a single-source supplier could require us to change the design of our manufacturing process based on the functions, limitations, features and specifications of the replacement components. Several other non-critical components and materials that comprise our Growth Direct platform are currently manufactured by a single supplier or a limited number of suppliers. In many of these cases, we have not yet qualified alternate suppliers and rely upon purchase orders, rather than long-term supply agreements. A supply interruption or an increase in demand beyond our current suppliers' capabilities could harm our ability to manufacture our products unless and until new sources of supply are identified and qualified. Our reliance on these suppliers subjects us to a number of risks that could harm our business, including: - interruption of supply resulting from modifications to or discontinuation of a supplier's operations;- delays in product shipments resulting from uncorrected defects, reliability issues, or a supplier's variation in a component;- a lack of long-term supply arrangements for key components with our suppliers;- inability to obtain adequate supply in a timely manner, or to obtain adequate supply on commercially reasonable terms;- difficulty and cost associated with locating and qualifying alternative suppliers for our components in a timely manner;- a modification or change in a manufacturing process or part that unknowingly or unintentionally negatively impacts the operation of our products;- production delays related to the evaluation and testing of products from alternative suppliers, and corresponding regulatory qualifications;- delay in delivery due to our suppliers prioritizing other customer orders over ours;- damage to our brand reputation caused by defective components produced by our suppliers;- increased cost of our warranty program due to product repair or replacement based upon defects in components produced by our suppliers; and - fluctuation in delivery by our suppliers due to changes in demand from us or their other customers. Any interruption in the supply of components or materials, or our inability to obtain substitute components or materials from alternate sources at acceptable prices in a timely manner, could impair our ability to meet the demand of our customers, which would have an adverse effect on our business.

We currently primarily compete with established companies that provide consumables for MQC testing and with a limited number of established and early-stage companies that have automated MQC testing systems. In addition, our customers may also elect to continue to use the traditional MQC testing method rather than our platform and may decide to stop using our platform. Our competitors and potential competitors may enjoy a number of competitive advantages over us, including: - longer operating histories;- larger customer bases;- greater brand recognition and market penetration;- greater financial resources;- greater technological and research and development resources;- better system reliability, robustness and features;- greater selling and marketing capabilities; and - better established, larger scale and lower cost manufacturing capabilities. As a result, our competitors and potential competitors may be able to respond more quickly to changes in customer requirements, devote greater resources to the development, promotion and sale of their platforms or instruments than we can or sell their platforms or instruments, or offer services competitive with our platform and services at prices designed to win significant levels of market share. We may not be able to compete effectively against these organizations. In addition, competitors may be acquired by, receive investments from or enter into other commercial relationships with larger, well-established and well-financed companies. Certain of our competitors may be able to secure key inputs from vendors on more favorable terms, devote greater resources to marketing and promotional campaigns, adopt more aggressive pricing policies and devote substantially more resources to product development than we can. Further, competition in the automated MQC testing market, while currently limited, is growing and may continue to increase in future, and we may not be able to maintain our leading position in the industry as a result. If we are unable to compete successfully, we may be unable to increase market adoption and sales of our platform, which could prevent us from increasing our revenue or achieving profitability.

Our success will depend on our ability to expand our business with existing customers and to target new drug manufacturing customers to capture a greater share of the MQC testing value chain. Our ability to grow our business with existing customers will depend on our ability to broaden the application of our automated MQC testing to a larger portion of the MQC testing workflow and to increase the number of Growth Direct systems in their manufacturing facilities. Our ability to expand our business will also depend on our ability to attract new customers and to integrate our platform with new methods of manufacturing, such as cell and gene therapies. Future revenue growth will also depend on our ability to develop and market new products, technologies and solutions to meet our customers' evolving needs, as well as our ability to identify new applications and customers for our technology in additional industries beyond the drug manufacturing industry. As we continue to scale our business, we may find that certain of our products, certain customers or certain industries may require a dedicated sales force or sales personnel with different experience than those we currently employ. Identifying, recruiting and training additional qualified personnel would require significant time, expense and attention. If we are unable to drive new customer conversion to automated MQC and our Growth Direct platform, expand adoption of our Growth Direct platform into new industries and markets, or increase the usage and value of our platform to our customers, then our business, financial condition, results of operations and prospects could be adversely affected.

We provide products and services used for quality-control testing in pharmaceutical product manufacturing. Our customers are subject to extensive regulations by the FDA and similar regulatory authorities in other countries, including, for example, cGMP regulations and associated requirements to validate the methods used to manufacture their products. To meet their regulatory compliance requirements, our customers have implemented quality-control workflows to monitor for microbial growth and contamination. While our Growth Direct platform is not regulated directly by the FDA or other comparable authorities and we have not verified our Growth Direct platform for compliance with such regulations, we have designed our platform to be integrated as part of a compliant quality-control workflow. If our Growth Direct platform is unable to meet regulatory standards for compliance or we are unable to update our platform to meet new regulatory requirements, we will lose customers and our business will be adversely affected. While under our agreements with our customers we are not liable for non-compliance of our Growth Direct platform, if a customer experienced a compliance failure due to our Growth Direct platform, or that the customer attributes to our Growth Direct platform, our reputation could be harmed and our business prospects adversely affected.

As of December 31, 2023, we had U.S. federal and state net operating loss, or NOL, carryforwards of $229.3 million and $100.4 million, respectively. These NOLs may be available to offset future taxable income, if any, that begin to expire in 2038 and 2032, respectively. Additionally, we had federal NOLs of $216.5 million generated since 2018, which do not expire. The Tax Cuts and Jobs Act (TCJA) enacted on December 22, 2017 limits a taxpayer's ability to utilize NOL deduction in a year to 80% taxable income for federal NOL arising in tax years beginning after 2017. In addition, we had federal and state research and development tax credits of $2.2 million and $3.2 million, respectively. These tax credits may be available to offset future tax liabilities and begin to expire in 2038 and 2024, respectively. In general, under Sections 382 and 383 of the Internal Revenue Code of 1986, as amended, or the Code, a corporation that undergoes an "ownership change," generally defined as a greater than 50 percentage point change by value in its equity ownership by one or more stockholders or groups of stockholders owning at least 5% of the corporation's stock over a rolling three-year period, is subject to limitations on its ability to utilize its pre-ownership change NOLs and tax credits to offset future taxable income or income tax liabilities for U.S. federal income tax purposes. Similar rules may apply under state tax laws. The Company has completed a Section 382 study through July 31, 2020 to assess the limitations on use of NOLs and research and development credits due to changes in control. The study determined that ownership changes materially limited the NOL carryforwards and research and development tax credits available to offset future tax liabilities and the limitations have been reflected in the amounts of NOL carryforwards, research and development tax credits, and deferred tax assets disclosed above. The Company has not completed a Section 382 study for post July 31,2020 transactions which could create an additional limitation although materially all of the current federal NOL carryforwards can be carried forward indefinitely. We have in the past experienced, and we may in the future experience ownership changes, some of which are outside our control. For these reasons, we are not able to utilize a material portion of the NOLs and tax credits even if we attain profitability.

Our business strategy includes achieving significant and increasing sales to customers and sites outside of the U.S. As a result, we have established relationships with customers outside of the U.S. and in the future intend to expand our international customer base. To that end, our staff is located in North America, Europe and the Asia-Pacific region, and we intend to further expand our international presence. Doing business internationally involves a number of risks, including: - multiple, conflicting and changing laws and regulations such as privacy regulations, tax laws, export and import restrictions, tariffs, economic sanctions and embargoes, employment laws, regulatory requirements and other governmental approvals, permits and licenses;- failure by us or our distributors to obtain approvals to conduct our business in various countries;- differing intellectual property rights;- complexities and difficulties in obtaining intellectual property protection, enforcing our intellectual property and defending against third-party intellectual property claims;- difficulties in staffing and managing foreign operations;- logistics and regulations associated with shipping systems and parts and components for systems and consumables, as well as transportation delays;- travel restrictions that limit the ability of marketing, presales, sales, services and support teams to service customers;- financial risks, such as longer payment cycles, difficulty collecting accounts receivable, the impact of local and regional financial crises on demand and payment for our products and exposure to foreign currency exchange rate fluctuations;- international trade disputes that could result in tariffs and other protective measures;- natural disasters, the severity and frequency of which may be amplified by global climate change, political and economic instability, including wars, terrorism and political unrest, outbreak of disease, boycotts, curtailment of trade and other business restrictions; and - regulatory and compliance risks, including severe penalties such as criminal and civil penalties, disgorgement and other remedial measures, that relate to the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act 2010 and similar anti-bribery and anticorruption laws in other jurisdictions. Any of these factors could significantly harm our future international expansion and operations and, consequently, our business, financial condition, results of operations and prospects. In addition, certain international markets are subject to significant political and economic uncertainty, including for example the effect of the withdrawal of the United Kingdom from the European Union. Significant political and economic developments in international markets for which we intend to operate, or the perception that any of them could occur, creates further challenges for operating in these markets in addition to creating instability in global economic conditions. Certain legal and political risks are also inherent in foreign operations. There is a risk that foreign governments may nationalize private enterprises in certain countries where we may operate. In certain countries or regions, terrorist activities and the response to such activities may threaten our operations more than in the United States. Social and cultural norms in certain countries may not support compliance with our corporate policies, including those that require compliance with substantive laws and regulations. Also, changes in general economic and political conditions in countries where we may operate are a risk to our financial performance and future growth. In addition, in certain geographies, we may need to rely on distributors, partners and other collaborators to penetrate those markets, and there can be no assurance that we will be able to secure relationships with such parties or that such parties will comply with legal and regulatory standards that are applicable to our business. As we operate our business globally, our success will depend, in part, on our ability to anticipate and effectively manage these and other related risks. There can be no assurance that the consequences of these and other factors relating to our international operations will not have an adverse effect on our business, financial condition or results of operations.

Actual events involving limited liquidity, defaults, non-performance or other adverse developments that affect financial institutions, transactional counterparties or other companies in the financial services industry or the financial services industry generally, or concerns or rumors about any events of these kinds or other similar risks, have in the past and may in the future lead to market-wide liquidity problems. For example, on March 10 and March 12, 2023, the Federal Deposit Insurance Corporation took control and was appointed receiver of Silicon Valley Bank, Signature Bank and Silvergate Capital Corp, respectively, after each bank was unable to continue their operations. Since then, additional financial institutions have experienced similar failures and have been placed into receivership. It is possible that other banks will face similar difficulty in the future. Although we do not maintain any deposit accounts, credit agreements or letters of credit with any financial institution currently in receivership, we are unable to predict the extent or nature of the impacts of these evolving circumstances at this time. If, for example, other banks and financial institutions enter receivership or become insolvent in the future in response to financial conditions affecting the banking system and financial markets, our ability to access our existing cash, cash equivalents and investments may be threatened. While it is not possible at this time to predict the extent of the impact that the failure of these financial institutions or the high market volatility and instability of the banking sector could have on economic activity and our business in particular, the failure of other banks and financial institutions and the measures taken by governments, businesses and other organizations in response to these events could adversely impact our business, financial condition and results of operations.