Tandem Diabetes Care (TNDM) Risk Analysis

In the ordinary course of business, we process personal data. Our data processing activities may subject us to numerous data privacy and security obligations, such as various laws, regulations, guidance, industry standards, external and internal data privacy and security policies, and contractual requirements. A number of U.S. laws govern the privacy and security of personal data, including data breach notification laws, data privacy laws, consumer protection laws (e.g., Section 5 of the Federal Trade Commission Act), and other laws at the federal and state levels (e.g., wiretapping laws). For example, the United States Health Insurance Portability and Accountability Act of 1996 (HIPAA) as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH), imposes specific requirements relating to the privacy of protected health information. As another example, the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM) and the Telephone Consumer Protection Act of 1991 (TCPA) impose specific requirements on communications with customers. Numerous U.S. states have enacted comprehensive data privacy laws that impose certain obligations on covered businesses, including providing specific disclosures in privacy notices and affording residents with certain rights concerning their personal data. The exercise of these rights may impact our business and ability to provide our products and services. These state laws also allow for statutory fines for noncompliance. For example, under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA) (collectively, CCPA), noncompliance may carry fines of up to $7,500 per intentional violation; the CCPA also allows private litigants affected by certain data breaches to recover significant statutory damages. Similar laws are being considered in several other states, as well as at the federal and local levels, and we expect more states to pass similar laws in the future. Outside the United States, an increasing number of laws, regulations, and industry standards govern data privacy and security. For example, the European Union's General Data Protection Regulation (EU GDPR), the United Kingdom's General Data Protection Regulation (UK GDPR) (collectively, GDPR), and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) or the applicable provincial alternatives, impose strict requirements for processing personal data. For example, under the GDPR, companies may face temporary or definitive bans on personal data processing and other corrective actions; fines of up to 20 million Euros under the EU GDPR / 17.5 million Pounds Sterling under the UK GDPR or, in each case, 4% of annual global revenue, whichever is greater; or private litigation related to processing of personal data brought by classes of data subjects or consumer protection organizations authorized at law to represent their interests. Additionally, regulators are increasingly scrutinizing companies that process children's data. Numerous laws, regulations, and legally binding codes, such as the Children's Online Privacy Protection Act (COPPA), California's Age Appropriate Design Code, the CCPA, and the GDPR govern the processing of children data, including requiring certain consents to process such data and extending certain rights to children and their parents with respect to that personal data. Our employees and personnel may use Artificial Intelligence (AI) technologies (including generative AI) to perform their work. The use and disclosure of personal data in AI technologies is subject to various data privacy laws and other data privacy obligations. Governments have passed and are likely to pass additional laws regulating generative AI. Our use of this technology could result in additional compliance costs, regulatory investigations and actions, and lawsuits. If we are unable to use AI, it could make our business less efficient and result in competitive disadvantages. In the ordinary course of business, we may transfer personal data from Europe and other jurisdictions to the United States or other countries. Europe and other jurisdictions have enacted laws requiring certain data to be localized or limiting the transfer of personal data to other countries. In particular, the European Economic Area (EEA) and the UK have significantly restricted the transfer of personal data to the United States and other countries whose data privacy laws it deems inadequate. Other jurisdictions may adopt or have already adopted similarly stringent data localization and cross-border data transfer laws. Although there are currently various mechanisms that may be used to transfer personal data, these mechanisms are subject to legal challenges. If these legal challenges change or invalidate these transfer mechanisms, there is no assurance that we can satisfy or rely on these measures to lawfully transfer personal data to the United States. If there is no lawful mechanism for us to transfer personal data, or if the requirements for a legally-compliant transfer are too onerous, we could face significant adverse consequences. Additionally, companies that transfer personal data out of the EEA and UK to other jurisdictions, particularly to the United States, are subject to increased scrutiny from regulators, individual litigants, and activist groups. Additionally, under various privacy laws and other obligations, we may be required to obtain certain consents to process personal data. For example, some of our data processing practices may be challenged under wiretapping laws, if we obtain consumer information from third parties through various methods. These practices may be subject to increased challenges by class action plaintiffs. Our inability or failure to obtain consent for these practices could result in adverse consequences, including class action litigation and mass arbitration demands. In addition to data privacy laws, we are contractually subject to industry standards adopted by industry groups. For example, we are subject to the Payment Card Industry Data Security Standard (PCI DSS). We are also bound by other contractual obligations related to data privacy, including those imposed by our payors and business partners, including obligations to comply with applicable data privacy laws. Our failure to comply with our contractual obligations may result in a loss of revenue, loss of existing and future business opportunities, and payment of financial damages to the other parties involved. We publish privacy policies, marketing materials and other statements, such as compliance with certain certifications or self-regulatory principles, regarding data privacy and security. Regulators in the United States are increasingly scrutinizing these statements, and if these policies, materials or statements are found to be deficient, lacking in transparency, deceptive, unfair, misleading, or misrepresentative of our practices, we may be subject to investigation, enforcement actions by regulators or other adverse consequences. Obligations related to data privacy are quickly changing, becoming increasingly stringent, and creating uncertainty. Additionally, these obligations may be subject to differing applications and interpretations, which may be inconsistent or conflict among jurisdictions. Preparing for and complying with these obligations requires us to devote significant resources, which may necessitate changes to our services, information technologies, systems, and practices and to those of any third parties with whom we work. In addition, these obligations may require us to change our business model. We may at times fail (or be perceived to have failed) in our efforts to comply with our data privacy obligations. Moreover, despite our efforts, our employees and personnel or third parties with whom we work, may fail to comply with such obligations, which could negatively impact our business operations. In addition, a shift in consumers' data privacy expectations or other social, economic or political developments could impact the regulatory enforcement of these obligations, which could increase the cost of and complicate our compliance with applicable obligations. If we or the third parties with whom we work fail, or are perceived to have failed to address or comply with applicable data privacy obligations, we could face significant consequences, including but not limited to: government enforcement actions (e.g., investigations, fines, penalties, audits, inspections, and similar); litigation (including class-action claims) and mass arbitration demands; additional reporting requirements and/or oversight; bans on processing of personal data; orders to destroy or not use personal data; and imprisonment of company officials. In particular, plaintiffs have become increasingly more active in bringing data privacy-related claims against companies, including class claims and mass arbitration demands. Some of these claims allow for the recovery of statutory damages on a per violation basis; if viable, these claims carry the potential for monumental statutory damages, depending on the volume of personal data and the number of violations. Any of these events could have a material adverse effect on our reputation, business, or financial condition, including but not limited to: loss of customers; interruptions or stoppages in our business operations (including, as relevant, clinical trials); inability to process personal data or to operate in certain jurisdictions; limited ability to develop or commercialize our products; expenditure of time and resources to defend any claim or inquiry; adverse publicity; or substantial changes to our business model or operations.

Climate-related events, including the increasing frequency of extreme weather events and their impact on the United States, Mexico, Canada, and other major regions' critical infrastructure along with potential related regulations, have the potential to disrupt our business, our third-party suppliers, and/or the business of our customers. For example, our third-party contract manufacturers are located in regions subject to natural disasters, including earthquakes, hurricanes, floods, wild fires and other catastrophic events. We strive to partner with organizations that mitigate their business risks associated with climate change. However, we recognize that inherent risks related to climate change, other extreme weather conditions and related regulations exist wherever global business is conducted. While these dangers currently have a low-assessed risk of disrupting our normal business operations, they pose a potential long-term impact on our business. Although it is difficult to predict and adequately prepare to meet the challenges to our business posed by climate change, if new laws or regulations are more stringent than current legal or regulatory requirements, we may experience increased compliance burdens and costs to meet the regulatory obligations as well as adverse impacts on raw material sourcing, manufacturing operations and the distribution of our products.

Studies to evaluate the safety or effectiveness of our latest products in a controlled setting are only available over the past few years. As a result, people with insulin-dependent diabetes and healthcare providers may not be familiar with our studies and may be slower to adopt or recommend our products. Further, even with data from controlled studies third-party payors may not be willing to provide coverage or reimbursement for our products. We remain subject to regulatory and product liability risks, and these and other factors could slow the adoption of our products and result in our sales being lower than anticipated. In addition, future studies or clinical experience may indicate that treatment with our products is not superior to treatment with competing products. Such results could slow the adoption of our products and significantly reduce our sales, which could prevent us from achieving our forecasted sales targets or achieving or sustaining profitability. If the results of clinical studies or other experience, such as our monitoring or investigation of customer complaints, indicate that our products may cause or create an unacceptable risk of unexpected or serious complications or other unforeseen negative effects, we could be required to inform our customers of these risks or complications or, in more serious circumstances, we could be subject to mandatory product recalls, suspension or withdrawal of clearance, certification, or approval from regulatory authorities or Notified Bodies, product recalls or seizure, operating restrictions, interruption of production, fines, civil penalties and criminal prosecution which could result in significant legal liability, harm to our reputation, and a decline in our product sales. Any alleged illness or injury associated with any of our products or product recalls may negatively impact our financial results and business prospects depending on a number of factors, including the scope and seriousness of the problem, degree of publicity, reaction of our customers and healthcare professionals, competitive response, and consumer perceptions generally. Even if such an allegation or product liability claim lacks merit, cannot be substantiated, is unsuccessful or is not fully pursued, the negative publicity surrounding any assertion that our products have caused or carry a risk of causing illness, injury or death could adversely affect our reputation with customers, healthcare professionals, third-party payors, and existing and potential collaborators, and could adversely affect our operating results and cause a decline in our stock price. Furthermore, general concerns regarding the perceived safety or reliability of any of our products, or any component thereof, may have a similar adverse effect on us.

We currently rely, and expect to continue to rely, on third-party suppliers to supply components of our current products and our potential future products, including our single-use insulin cartridges. For example, we rely on plastic injection molding companies to provide plastic molded components, electronic manufacturing suppliers to provide electronic assemblies, and machining companies to provide machined mechanical components. We also purchase all of our infusion sets and pump accessories from third-party suppliers. For our business strategy to be successful, our suppliers must be able to provide us with components and products in sufficient quantities, in compliance with regulatory requirements and quality control standards, in accordance with agreed-upon specifications, at acceptable costs and on a timely basis. Although we have long-term supply agreements with many of our suppliers, these agreements do not include long-term capacity commitments. Under most of our supply agreements, we make purchases on a purchase order basis and have no obligation to buy any given quantity of components or products until we place written orders, and our suppliers have no obligation to manufacture for us or sell to us any given quantity of components or products until they accept an order. In addition, our suppliers may encounter problems that limit their ability to manufacture components or products for us, including financial difficulties, damage to their manufacturing equipment or facilities, inability to obtain raw materials or other components, or problems with their own suppliers. If we fail to obtain sufficient quantities of high-quality components to meet demand on a timely basis, we could lose customer orders, our reputation may be harmed, and our business could suffer. We generally use a small number of suppliers for our components and products, some of which are located outside the United States, including in China, Mexico and Costa Rica. Depending on a limited number of suppliers exposes us to risks, including limited control over costs, including tariffs, availability, quality and delivery schedules. Moreover, in some cases we do not have long-standing relationships with our manufacturers and may not be able to convince suppliers to continue to make components available to us unless there is demand for such components from their other customers. As a result, there is a risk that certain components could be discontinued and no longer available to us at acceptable prices, or at all. We have in the past been, and we may in the future be, required to make significant "last time" purchases of component inventories that are being discontinued by the manufacturer to ensure supply continuity. If any one or more of our suppliers cease to provide us with sufficient quantities of components in a timely manner or on terms acceptable to us, we would have to seek alternative sources of supply. We consistently evaluate alternative suppliers of several existing components and qualifying new alternatives to existing select components, but there is no assurance that we will be able to identify alternative sources that meet our requirements and at comparable prices, or at all. Because of factors such as the proprietary nature of our products, our quality control standards and applicable regulatory requirements, we cannot quickly engage additional or replacement suppliers for some of our critical components. Failure of any of our suppliers to deliver products at the level our business requires could harm our reputation and limit our ability to meet our sales projections, which could have a material adverse effect on our business, financial condition and operating results. We place orders with our suppliers using our forecasts of customer demand, which are based on a number of assumptions and estimates, in advance of purchase commitments from our customers. As a result, we incur inventory and manufacturing costs in advance of anticipated sales, which sales ultimately may not materialize or may be lower than expected. If we overestimate customer demand, we may experience higher inventory carrying costs and increased excess or obsolete inventory, which would negatively impact our results of operations. By the same token, if we underestimate future demand, we may be unable to meet future production requirements, or our inventory of critical materials may be below our targeted stocking levels. We expect it will be particularly difficult to accurately forecast demand during the global pandemic and even for some time while travel and social-distancing restrictions are lifted. We may also have difficulty obtaining components from other suppliers that are acceptable to the FDA or other comparable foreign regulatory authorities, or Notified Bodies, and the failure of our suppliers to comply with regulatory requirements could expose us to regulatory action including warning letters, product recalls, termination or interruption of distribution, operating restrictions, product seizures, delays in obtaining approval or clearance of future products, suspension or withdrawal of approvals, clearances, or certification, fines, civil penalties, or criminal prosecution. Such a failure by our suppliers could also require us to cease using the components, seek alternative components or technologies, and modify our products to incorporate alternative components or technologies, which could necessitate additional regulatory clearances, certifications, or approvals. Any disruption of this nature, or any increased expenses associated with any such disruption, could negatively impact our ability to manufacture our products on a timely basis, in sufficient quantities, or at all, which could harm our commercialization efforts and have a material adverse impact on our operating results.

A substantial portion of the purchase price of an insulin pump is typically paid for by third-party payors, including private insurance companies, preferred provider organizations and other managed care providers. Future sales of our current and future products will be limited unless our customers can rely on third-party payors to pay for all or part of the associated purchase cost. Access to adequate coverage and reimbursement for our current and future products by third-party payors is essential to the acceptance of our products by customers. As guidelines in setting their coverage and reimbursement policies, many third-party payors in the United States use coverage decisions and payment amounts determined by the Centers for Medicare and Medicaid Services (CMS), which administers the U.S. Medicare program. Medicare periodically reviews its reimbursement practices for diabetes-related products, and there is uncertainty as to the future Medicare coverage structure and reimbursement rate for our products. It is also possible that CMS may continue to review and modify the current coverage and reimbursement of diabetes-related products in connection with anticipated changes to the regulatory approval process for insulin pumps and related products, software applications and services. In addition, third-party payors that do not follow the CMS guidelines may adopt different coverage and reimbursement policies for our current and future products. Further, it is possible that some third-party payors will not offer any coverage for our current or future products. For instance, it is possible that third-party payors may adopt policies in the future that designate one or more of our competitors as their preferred, in-network durable medical equipment provider of insulin pumps and that such policies would discourage or prohibit the payors' members from purchasing our products, which would adversely impact our ability to sell our products. We are pursuing a multi-channel managed care strategy and have begun offering certain products through the pharmacy channel. However, the commercial opportunity in the pharmacy channel will be limited unless a substantial portion of the sales price for these products is covered by third-party payors, including private insurance companies, health maintenance organizations, preferred provider organizations, federal and state government healthcare agencies, intermediaries, Medicare, Medicaid and other managed care providers. Medicare Part D plan sponsors may provide coverage for certain products under the Medicare Part D prescription drug program, which requires negotiating with third-party payors to provide these products through the pharmacy channel in the United States. If our efforts to enter into additional contracts with intermediaries and third-party payors are not successful, our ability to offer Mobi or any future products through the pharmacy channel will be limited. We currently have contracts establishing reimbursement for our insulin pump products with a number of national and regional third-party payors in the United States. While we may enter into additional contracts both in the United States and the countries outside the United States in which our insulin pumps are available through third-party payors, and add coverage for future products under our current agreements, we cannot guarantee that we will succeed in doing so or that the reimbursement contracts that we are able to negotiate will enable us to sell our products on a profitable basis or in certain channels, including the pharmacy channel. In particular, we have limited experience securing reimbursement in international markets. Government involvement in funding healthcare may limit access to or reimbursement for our products. In addition, existing contracts with third-party payors generally include numerous quality and compliance related requirements, including audit rights, and can be modified or terminated by the third-party payor without cause and with little or no notice to us. Our compliance with the administrative procedures or requirements may result in increased costs for us and delays in processing approvals by those third-party payors for customers to obtain coverage for our products, and any payor audits of our compliance obligations may result in requests for refunds or other costs. Failure to secure or retain adequate coverage or reimbursement for our current and future products by third-party payors, or delays in processing approvals by those payors, could result in the loss of sales, which could have a material adverse effect on our business, financial condition and operating results. Further, the healthcare industry in the United States is increasingly focused on cost containment as government and private insurers seek to control healthcare costs by imposing lower payment rates and negotiating reduced contract rates with third-party payors. If third-party payors deny coverage or reduce their current levels of payment, or if our production costs increase faster than increases in reimbursement levels, we may be unable to sell our products on a profitable basis.

We may disclose certain ESG-related initiatives and goals in our SEC filings or other public communications. However, implementing these initiatives and goals could be challenging and costly, with the technologies required potentially being inefficient or slow to develop. Additionally, we may face criticism regarding the accuracy, adequacy, or completeness of our disclosures. Statements about our ESG initiatives, goals, and progress may rely on evolving measurement standards, developing internal controls and processes, and assumptions that could change over time. Furthermore, we may be criticized for the scope or nature of these initiatives or goals, or for any revisions made to them. If our ESG data, processes, or reporting are incomplete or inaccurate, or if we fail to make timely progress toward our ESG goals, our reputation, business, financial performance, and growth may suffer.

We rely primarily on patent, trademark and trade secret laws, as well as confidentiality and non-disclosure agreements, to protect our proprietary technologies. However, such methods may not be adequate to protect us or permit us to gain or maintain a competitive advantage. We have applied for patent protection relating to certain existing and proposed products and processes. If we fail to file a patent application timely in any jurisdiction, it could result in us forfeiting certain patent rights in that jurisdiction. Further, we cannot assure you that any of our patent applications will be granted in a timely manner or at all. The rights granted to us under our patents, and the rights we are seeking to have granted in our pending patent applications, may not provide us with any commercial advantage. In addition, those rights could be opposed, contested or circumvented by our competitors, or be declared invalid or unenforceable in judicial or administrative proceedings. The failure of our patents to adequately protect our technology might make it easier for our competitors to offer the same or similar products or technologies. Due to differences between foreign and U.S. patent laws, our patented intellectual property rights may not receive the same degree of protection in foreign countries as they would in the United States. Even if patents are granted outside of the United States, effective enforcement in those countries may not be available. We rely on our trademarks and trade names to distinguish our products from the products of our competitors, and have registered or applied to register many of these trademarks. We cannot assure you that our current or future trademark applications will be approved in a timely manner or at all. From time to time, third parties oppose our trademark applications, or otherwise challenge our use of trademarks. In the event that our trademarks are successfully challenged, we could be forced to rebrand our products, which could result in loss of brand recognition, and could require us to devote additional resources to marketing new brands. Further, we cannot assure you that competitors will not infringe upon our trademarks, or that we will have adequate resources to enforce our trademarks. We have entered into confidentiality agreements and intellectual property assignment agreements with our officers, employees, temporary employees and consultants regarding our intellectual property and proprietary technology. We also enter into confidentiality agreements with potential collaborators and other counterparties, and the terms of our collaboration agreements typically contain provisions governing the ownership and control of intellectual property. In the event of unauthorized use or disclosure or other breaches of those agreements, we may not be provided with meaningful protection for our trade secrets or other proprietary information. To protect our proprietary rights, we may in the future need to assert claims of infringement against third parties, which may be difficult, expensive and time consuming. The outcome of litigation to enforce our intellectual property rights in patents, copyrights, trade secrets or trademarks is subject to rapid change and constant evolution and, consequently, intellectual property protection in our industry can be uncertain. We may not prevail in any lawsuits that we initiate and the damages or other remedies awarded, if any, may not be commercially valuable. In the event of an adverse judgment, a court could hold that some or all of our asserted intellectual property rights are not infringed, or are invalid or unenforceable, and could award attorneys' fees. The occurrence of any of these events may have a material adverse effect on our business, financial condition and operating results.

In the ordinary course of business, the efficient operation of our business depends on our information technology and communication systems, as well as those of third parties with whom we work. We and the third parties with whom we work process confidential, personal, or other sensitive data, including health information, proprietary sales and marketing data, accounting and financial information, manufacturing and quality records, inventory management data, product development tasks, research and development data, customer service and technical support information. Cyberattacks, malicious internet-based activity, online and offline fraud, and other similar activities threaten the confidentiality, integrity, and availability of our sensitive information and information technology systems, and those of the third parties with whom we work. Such threats are prevalent and continue to rise, are increasingly difficult to detect, and come from a variety of sources, including traditional computer "hackers," threat actors, "hacktivists," organized criminal threat actors, personnel (such as through theft or misuse), sophisticated nation states, and nation-state-supported actors. Some actors now engage and are expected to continue to engage in cyberattacks, including without limitation nation-state actors for geopolitical reasons and in conjunction with military conflicts and defense activities. During times of war and other major conflicts, we and the third parties with whom we work may be vulnerable to a heightened risk of these attacks, including retaliatory cyberattacks. Our systems, those of the third parties with whom we work, and the underlying data are vulnerable to damage or interruption from a variety of threats, including without limitation earthquakes, fires, floods, other natural disasters, terrorist attacks, social-engineering attacks (including phishing and deep fakes, which may be increasingly more difficult to identify as fake), malicious code (such as viruses and worms), malware (including as a result of advanced persistent threat intrusions), denial-of-service attacks, credential stuffing, credential harvesting, supply chain attacks, personnel misconduct or error, ransomware attacks, software bugs, server malfunctions, software or hardware failures, loss of data or other information technology assets, adware, attacks enhanced or facilitated by AI, and other similar threats. Notably, severe ransomware attacks are becoming increasingly prevalent. Extortion payments may alleviate the negative impact of a ransomware attack, but we may be unwilling or unable to make such payments due to, for example, applicable laws or regulations prohibiting such payments. In addition, our insulin pumps and other products rely on software and hardware, some of which is developed by third parties with whom we work, that could contain vulnerabilities. We take steps designed to detect, mitigate and remediate vulnerabilities in our information systems (such as our hardware and/or software, including that of third parties with whom we work) and products, but we may not be able to detect, mitigate, and remediate such vulnerabilities, including on a timely basis. Further, we may experience delays in developing and deploying remedial measures and patches designed to address identified vulnerabilities. Our risks may increase significantly due to the use of mobile and cloud-based applications in our medical devices. For example, while our Tandem Device Updater is designed to give us the ability to quickly recover from certain risks and/or vulnerabilities, the use of mobile applications enables third parties to store their information on mobile devices that we do not control. The Tandem Device Updater may also not operate as intended if the software being transmitted contains errors, vulnerabilities or viruses. Vulnerabilities in our products and information systems could be exploited and result in a security incident. In addition to vulnerabilities, the reliance of our insulin pumps and other products on software and hardware exposes us and our customers to risks that may impact the performance of our products. For example, in March 2024, we issued a recall of our Apple iOS t:connect mobile app in the United States relating to an issue that could cause rapid depletion of a user's t:slim X2 insulin pump battery (the March 2024 Recall). On August 20, 2024, we released an updated version of the impacted app to correct the issue described in the March 2024 recall. Any of the previously identified or similar threats and risks could in the future, as they have in the past, cause a security incident or other interruption that could result in the unauthorized, unlawful or accidental disclosure, access, acquisition, modification, destruction, loss, alteration, or encryption of our sensitive information or our information technology systems or those of the third parties with whom we work. A security incident or other interruption could disrupt our ability (and that of third parties with whom we work) to provide our products and services. Furthermore, many of the third parties with whom we work are subject to similar risks. We rely on third parties and technologies to operate critical business systems to process sensitive information in a variety of contexts, including, without limitation, cloud-based infrastructure, data center facilities, encryption and authentication technology, employee email, and other functions and systems. Our ability to monitor information security practices of these third parties is limited, and these third parties may not have adequate information security measures in place. If the third parties with whom we work experience a security incident or other interruption, we could experience adverse consequences. While we may be entitled to damages if these third parties fail to satisfy their privacy- or security-related obligations to us, any award may be insufficient to cover our damages, or we may be unable to recover such an award. In addition, supply chain attacks have increased in frequency and severity, and we cannot guarantee that infrastructure belonging to these third parties in our supply chain, or the supply chains of third parties with whom we work have not been compromised. Moreover, remote work has increased risks to our information technology systems and data. Additionally, future or past business transactions (such as acquisitions or integrations) could expose us to additional cybersecurity risks and vulnerabilities, as our systems could be negatively affected by vulnerabilities present in acquired or integrated entities' systems and technologies. Furthermore, we may discover security issues that were not found during due diligence of such acquired or integrated entities, and it may be difficult to integrate companies into our information technology environment and security program. We may expend significant resources or modify our business activities to try to protect against security incidents. Certain data privacy and security obligations may require us to implement and maintain reasonable or specific security measures or industry standards to protect our information technology systems and sensitive information. Applicable data privacy and security obligations may require us, or we may voluntarily choose, to notify relevant stakeholders of security incidents, or to take other actions. Such disclosures and related actions can be costly, and the disclosure or the failure to comply with applicable requirements could lead to adverse consequences. If we or a third party with whom we work experience a security incident such as the phishing attack we experienced in 2020, or are perceived to have experienced a security incident, we may experience adverse consequences, such as government enforcement actions (e.g., investigations, fines, penalties, audits, and inspections); additional reporting requirements and/or oversight; restrictions on processing sensitive information including personal data, litigation including class claims and mass arbitration demands; indemnification obligations; negative publicity; reputational harm; loss of investor, partner or customer confidence in the effectiveness of our cybersecurity measures; monetary fund diversions; diversion of management attention; interruptions in our operations including availability of data; financial loss; and other similar harms. Security incidents and attendant consequences may cause customers to stop using our products, prevent customers from using our products, deter new customers from using our products, and negatively impact our ability to grow and operate our business. Our contracts may not contain limitations of liability, and even where they do, there can be no assurance that limitations of liability in our contracts are sufficient to protect us from liabilities, damages, or claims related to our data privacy and security obligations. We cannot be sure that our insurance coverage will be adequate or sufficient to protect us from or to mitigate liabilities arising out of our privacy and security practices, that such coverage will continue to be available on commercially reasonable terms or at all, or that such coverage will pay future claims. Our sensitive information could be leaked, disclosed, or revealed as a result of or in connection with our employees', personnel's, or third parties with whom we work use of generative artificial intelligence (AI) or machine learning (ML) technologies (collectively, AI/ML technologies). Any sensitive information, including confidential, competitive, proprietary, or personal data, that we input into a third-party generative AI platform could be leaked or disclosed to others, including if sensitive information is used to train the third parties' AI model.

Our ability to grow our business and achieve our strategic objectives will depend, among other things, on our ability to develop and commercialize products for the treatment of diabetes that offer distinct features and functionality, are easy-to-use, provide superior treatment outcomes, receive adequate coverage and reimbursement from third-party payors, and are otherwise more appealing than available alternatives. Our primary competitors, as well as a number of other companies and medical researchers are pursuing new delivery devices, delivery technologies, therapeutic techniques, sensing technologies, treatment techniques, procedures, drugs and other therapies for the monitoring, treatment and prevention of diabetes. Any breakthroughs in diabetes monitoring, treatment or prevention could reduce the potential market for our products or render our products obsolete altogether, which would significantly reduce our sales or cause our sales to grow at a slower rate than we currently expect. In addition, even the perception that new products may be introduced, or that technological or treatment advancements could occur and could result in delayed purchases or a decline in market share. For example, in 2023 and 2024, ongoing adoption of the GLP-1 class of drugs in diabetes and news surrounding the expansion of use of GLP-1 drugs in obesity likely had a negative impact on the insulin therapy market. Because the insulin-dependent diabetes market is large and growing, we anticipate companies will continue to dedicate significant resources to developing competing products and technologies. The introduction by competitors of products that are or claim to be superior to our products may create market confusion that may make it difficult to differentiate the benefits of our products over competing products. In addition, some of our competitors employ aggressive pricing strategies, including the use of discounts, rebates, low-cost product upgrades or other financial incentives that could adversely affect sales of our products. If a competitor develops a product that competes with or is perceived to be superior to our products, or if competitors continue to utilize strategies that place downward pressure on pricing within our industry, our sales may decline, our operating margins could be reduced and we may fail to meet our financial projections, which would materially and adversely affect our business, financial condition and operating results. Moreover, we have designed our hardware products to resemble modern consumer electronic devices to address certain wearability and functionality concerns consumers have raised with respect to traditional pumps. Similarly, our newer mobile software applications are being designed to incorporate features and functions that are common to other consumer-oriented applications. These consumer industries are themselves highly competitive, and characterized by continuous new product introductions, rapid developments in technology, and subjective and changing consumer preferences. If, in the future, consumers cease to view our products as contemporary or convenient as compared to then-existing consumer technology, our products may become less desirable.

We generate nearly all of our revenue from the sale of our insulin pumps and the related insulin cartridges and infusion sets, including our recently launched Tandem Mobi insulin pump. Sales of these products may be negatively impacted by many factors, including: - market acceptance of the insulin pumps and related products manufactured and sold by our key competitors, including Insulet, Medtronic, Ypsomed and Beta Bionics;- the potential that breakthroughs for the monitoring, treatment or prevention of diabetes may render our insulin pumps obsolete or less desirable or reduce the size of our potential market;- adverse regulatory or legal actions relating to our products, or similar products or technologies of our competitors;- failure of our Tandem Device Updater to accurately and timely provide customers with remote access to new product features and functionality as anticipated, or our failure to obtain regulatory clearance, certification, or approval for any such updates;- changes in reimbursement rates or policies relating to insulin pumps or similar products or technologies by third-party payors;- competitive pricing and attrition rates of consumers who cease using our products;- our inability to enter into contracts with third-party payors on a timely basis and on acceptable terms;- problems arising from the expansion of our manufacturing capabilities and commercial operations, or destruction, loss, or temporary shutdown of our manufacturing facilities;- concerns regarding the perceived safety, reliability or cybersecurity of any of our products, or any component thereof, particularly in connection with the launch of additional mobile app features and functionality and other software products; and - claims that any of our products, or any component thereof, infringes on patent rights or other intellectual property rights of third parties. In addition, sales of any of our current or future insulin pump products with continuous glucose monitoring (CGM) integration are subject to the continuation of our applicable agreements with Dexcom, Abbott, or other third parties which, under some circumstances, may be subject to termination, with or without cause, on relatively short notice. Sales of our current or future products may also be negatively impacted in the event of any regulatory or legal actions relating to CGM products that are compatible with our pumps, or in the event of any disruption to the availability of the applicable CGM-related supplies, such as sensors or transmitters, in a given market in which our products are sold. Sales of our products may also be adversely impacted if the CGM products that are compatible with our pumps are not viewed as superior to competing CGM products in markets where our products are sold, or if the price of these products is not competitive with similar products available in the market. Because we currently rely on sales of our insulin pumps, and related products to generate a significant majority of our revenue, any factors that negatively impact sales of these products (or negatively impact the products or components integrated with these products) could adversely affect our business, financial condition and operating results. Furthermore, any disruption in our supply chain could negatively impact our ability to manufacture or otherwise supply sufficient product quantities to meet current customer demand, or any unexpected increase in demand, which could also have the effect of magnifying the negative impact of any of the factors described above.

We have limited experience marketing and selling our newer products as well as training new customers on their use, particularly in markets outside of United States. In addition, the vast majority of our existing customers are individuals with type 1 diabetes, and we have limited experience marketing and selling our products to customers with type 2 diabetes. Our financial condition and operating results are and will continue to be highly dependent on our ability to adequately promote, market and sell our insulin pump and related products, and the ability of our diabetes educators to train new customers on the use of our products. If our sales and marketing representatives or diabetes educators are restricted in their ability to interact with healthcare professionals and customers, our sales could decrease or may not increase at levels that are in line with our forecasts.

Inflation has the potential to negatively impact our liquidity, business, financial condition, and results of operations by increasing our overall cost structure. The presence of inflation in the economy has led to, and may continue to lead to, higher interest rates, increased capital costs, supply shortages, and rising labor, component, manufacturing, and shipping costs, along with weaker exchange rates and other similar effects. As a result, we have experienced, and may continue to experience, higher costs. While we may implement measures to mitigate inflation's impact, if these measures prove ineffective, our business, financial condition, results of operations, and liquidity could be significantly harmed. Even if these measures are successful, there may be a delay between the implementation of these actions and their effect on our operations, compared to when the inflationary costs are incurred.

Public health threats and other highly communicable diseases and outbreaks could adversely impact our operations, the operations of our customers, suppliers, distributors and other business partners, as well as the healthcare system in general. For example, certain development activities, such as human factors studies associated with our product development efforts and activities supporting the manufacturing scale-up for new products and the recruitment of participants in ongoing clinical studies, may be modified or delayed due to impacts of public health threats, which could our development timelines and regulatory strategies. These delays could have a negative impact on our product commercialization efforts and the future demand for our products. In addition to the foregoing impacts, disruptions from outbreaks or epidemics, could result in delays in or the suspension of our manufacturing operations, research and product development activities, regulatory work streams, clinical development programs and other important commercial functions. In particular, if we or our third-party manufacturers are required to delay or suspend our manufacturing operations, we may encounter severe product shortages, which would adversely affect our results of operations and harm our reputation. We are also dependent upon our third-party suppliers for many of our product components and for our manufacturing-related equipment, and the incidence of disease could have a material adverse impact on the operations of our suppliers, which could prevent them from timely delivering products to us or supporting our requirements for manufacturing-related equipment. The full extent of the impact of potential future public health threats on our business and operations is subject to change and will continue to depend on a number of factors, including the scope and duration of the pandemic and any resulting changes to general economic conditions in the countries in which we operate and sell our products.

Based on the complex relationships between the United States and certain foreign countries, there is inherent risk that political, diplomatic and national security influences might lead to trade disputes and impacts and/or disruptions to our operations. There is currently significant uncertainty about the future relationship between the United States, Mexico, Canada and China including potential changes with respect to trade policies, treaties, tariffs, taxes, and other limitations on cross-border operations. We import various components, subcomponents and finished products from both Mexico and China and any changes in tariffs, trade barriers, and other regulatory requirements could have an adverse effect on our business, financial condition and operating results, the extent of which cannot be predicted with certainty at this time.