Valneva (VALN) Risk Factors

Market acceptance and sales of any vaccine candidates that we commercialize, if approved, will depend in part on the extent to which reimbursement for these products and related treatments will be available from third-party payors, including government health administration authorities, managed care organizations, and other private health insurers. Therefore, our ability to collect revenue from the commercial sale of our vaccines may depend on our ability, and that of any current or potential future collaboration partners or customers, to obtain adequate levels of approval, coverage, and reimbursement for such products from third-party payors such as: - government health administration authorities, such as ACIP;- private health insurers;- managed care organizations;- pharmacy benefit management companies; and - other healthcare related organizations. Third-party payors decide which therapies they will pay for and establish reimbursement levels. Travel vaccines are rarely reimbursed in Europe and, while no uniform policy for coverage and reimbursement exists in the United States, third-party payors often rely upon Medicare coverage policy and payment limitations in setting their own coverage and reimbursement policies. However, decisions regarding the extent of coverage and amount of reimbursement to be provided for any product candidates that we develop will be made on a payor-by-payor basis. Therefore, one payor's determination to provide coverage for a product does not assure that other payors will also provide coverage, and adequate reimbursement, for the product. Additionally, a third-party payor's decision to provide coverage for a product does not imply that an adequate reimbursement rate will be approved. Each payor determines whether or not it will provide coverage for a product, what amount it will pay the manufacturer for the product and on what tier of its formulary it will be placed. The position on a payor's list of covered drugs, biological, and vaccine products, or formulary, generally determines the co-payment that a patient will need to make to obtain the product and can strongly influence the adoption of such product by patients and physicians. Even if favorable coverage and reimbursement status is attained for one or more product candidates for which we receive regulatory approval, less favorable coverage policies and reimbursement rates may be implemented in the future. Patients who are prescribed treatments for their conditions and providers prescribing such services generally rely on third-party payors to reimburse all or part of the associated healthcare costs. Patients are unlikely to use our products unless coverage is provided and reimbursement is adequate to cover a significant portion of the cost of our products. In addition, because our product candidates are physician-administered, separate reimbursement for the product itself may or may not be available. Instead, the administering physician may only be reimbursed for providing the treatment or procedure in which our product is used. Third-party payors are increasingly challenging the prices charged for medical products and may deny coverage or offer inadequate levels of reimbursement if they determine that a prescribed product has not received appropriate clearances from the applicable regulatory authorities, is not used in accordance with cost-effective treatment methods as determined by the third-party payor, or is experimental, unnecessary or inappropriate. Prices could also be driven down by managed care organizations that control or significantly influence utilization of healthcare products. Outside the United States, pricing of competitive products by third parties is the biggest driver of the prices of our products. In the United States, we may be significantly adversely affected if the federal pricing rules change to require a greater discount than the current minimum of 24% compared to non-federal average manufacturer price for products listed on the federal supply schedule. Third-party payors have attempted to control costs by limiting coverage and the amount of reimbursement for particular product. We cannot be sure that coverage and reimbursement will be available for any vaccine that we commercialize and, if reimbursement is available, what the level of reimbursement will be. Inadequate coverage and reimbursement may impact the demand for, or the price of, any product for which we obtain marketing approval. If coverage and adequate reimbursement are not available, or are available only at limited levels, we may not be able to successfully commercialize any vaccine candidates that we develop. In both the United States and some foreign jurisdictions, there have been a number of legislative and regulatory proposals and initiatives to change the health care system in ways that could affect our ability to sell vaccines and could adversely affect the prices that we receive for our vaccine candidates, if approved. Some of these proposed and implemented reforms could result in reduced pharmaceutical pricing or reimbursement rates for medical products, which could adversely affect our business strategy, operations, and financial results. For example, in the United States, the Patient Protection and Affordable Care Act, as amended by the Health Care and Education Reconciliation Act of 2010, or collectively the ACA, contains several cost containment measures that could adversely affect our future revenue, including, for example, increased drug rebates under Medicaid for brand name prescription drugs, extension of Medicaid rebates to Medicaid managed care organizations, and extension of so-called 340B discounted pricing on pharmaceuticals sold to certain healthcare providers. Additional provisions of various laws, including the ACA, that may negatively affect our future revenue and prospects for profitability include the assessment of an annual fee based on our proportionate share of sales of brand name prescription drugs to certain government programs, including Medicare and Medicaid, as well as mandatory discounts on drugs (including vaccines) sold to certain Medicare Part D beneficiaries in the coverage gap (the so-called "donut hole"). Other aspects of healthcare reform, such as expanded government enforcement authority and heightened standards that could increase compliance-related costs, could also affect our business in the United States or elsewhere. In addition, we face uncertainties because there are ongoing federal legislative and administrative efforts to repeal, substantially modify, or invalidate some or all of the provisions of the ACA in the United States. We cannot predict the ultimate content, timing, or effect of any healthcare reform legislation or the impact of potential legislation on us. If we are unable to obtain and maintain sufficient third-party coverage and adequate reimbursement, the commercial success of our vaccine products may be greatly hindered, and our financial condition and results of operations may be materially and adversely affected. Many EU Member States periodically review their reimbursement procedures for medicinal products, which could have an adverse impact on reimbursement status. We expect that legislators, policymakers, and healthcare insurance funds in the EU Member States will continue to propose and implement cost-containing measures, such as lower maximum prices, lower or lack of reimbursement coverage, and incentives to use cheaper, usually generic, products as an alternative to branded products, and/or branded products available through parallel import to keep healthcare costs down. Moreover, in order to obtain reimbursement for our products in some European countries, including some EU Member States, we may be required to compile additional data comparing the cost-effectiveness of our products to other available therapies. Health Technology Assessment, or HTA, of medicinal products is becoming an increasingly common part of the pricing and reimbursement procedures in some EU Member States, including those representing the larger markets. The HTA process is the procedure to assess therapeutic, economic, and societal impact of a given medicinal product in the national healthcare systems of the individual country. The outcome of an HTA will often influence the pricing and reimbursement status granted to these medicinal products by the competent authorities of individual EU Member States. The extent to which pricing and reimbursement decisions are influenced by the HTA of the specific medicinal product currently varies between EU Member States. In December 2021, Regulation No 2021/2282 on Health Technology Assessment, amending Directive 2011/24/EU, was adopted in the EU. This Regulation, which entered into force in January 2022 and will apply as of January 2025, is intended to boost cooperation among EU Member States in assessing health technologies, including new medicinal products, and providing the basis for cooperation at the EU level for joint clinical assessments in these areas. The Regulation foresees a three-year transitional period and will permit EU Member States to use common HTA tools, methodologies, and procedures across the EU, working together in four main areas, including joint clinical assessment of the innovative health technologies with the most potential impact for patients, joint scientific consultations whereby developers can seek advice from HTA authorities, identification of emerging health technologies to identify promising technologies early, and continuing voluntary cooperation in other areas. Individual EU Member States will continue to be responsible for assessing non-clinical (e.g., economic, social, ethical) aspects of health technologies and making decisions on pricing and reimbursement. If we are unable to maintain favorable pricing and reimbursement status in EU Member States for product candidates that we may successfully develop and for which we may obtain regulatory approval, any anticipated revenue from and growth prospects for those products in the EU could be negatively affected. Legislators, policymakers, and healthcare insurance funds in the EU may continue to propose and implement cost-containing measures to keep healthcare costs down, particularly due to the financial strain that the COVID-19 pandemic placed on national healthcare systems of the EU Member States. These measures could include limitations on the prices we would be able to charge for product candidates that we may successfully develop and for which we may obtain regulatory approval or the level of reimbursement available for these products from governmental authorities or third-party payors. Further, an increasing number of EU and other foreign countries use prices for medicinal products established in other countries as "reference prices" to help determine the price of the product in their own territory. Consequently, a downward trend in prices of medicinal products in some countries could contribute to similar downward trends elsewhere.

We have in-licensing agreements relating to certain of our products and product candidates, including with TechLab for VLA84 (Clostridium difficile) and VaccGen for IXIARO. If we fail to meet our obligations under these agreements, our licensors may have the right to terminate our licenses. If any of our license agreements are terminated, and we lose our intellectual property rights under such agreements, this may result in a complete termination of our product development and any commercialization efforts for the product candidates which we are developing under such agreements. While we would expect to exercise all rights and remedies available to us, including seeking to cure any breach by us, and otherwise seek to preserve our rights under such agreements, we may not be able to do so in a timely manner, at an acceptable cost or at all. Disputes may also arise between us and our licensors regarding intellectual property subject to a license agreement, including those related to: - the scope of rights granted under the license agreement and other issues relating to interpretation of the relevant agreement;- whether and the extent to which our technology and processes infringe on intellectual property of the licensor that is not subject to the license granted to us;- our right to sublicense patent and other rights to third parties under collaborative development relationships;- our diligence obligations with respect to the use of the licensed technology in relation to our development and commercialization of our product candidates, and what activities satisfy those diligence obligations; and - the ownership of inventions and know-how resulting from the joint creation or use of intellectual property by our licensors, on the one hand, and us and our sublicensees, on the other hand.

We are subject to other laws and regulations governing our international operations, including regulations administered by the authorities in the United States, European Union, and United Kingdom, including applicable export control regulations, economic sanctions on countries and persons, and customs requirements and currency exchange regulations, collectively referred to as the trade control laws. Specifically, as a result of the Russian invasion of Ukraine in February 2022, the United States, the European Union, the United Kingdom, and other jurisdictions adopted a series of financial and trade sanctions in relation to Russia and Belarus and Russian and Belarussian listed citizens and entities. Exports of our products and product candidates must be made in compliance with trade control laws. In some cases, certain licensing, authorization, or reporting requirements may need to be performed. In addition, these laws may restrict or prohibit altogether the supply of certain of our products, product candidates, or services to certain governments, persons, entities, countries, and territories. Changes in our products and product candidates or changes in applicable trade control laws may create delays in the introduction or provision of our products and product candidates in certain jurisdictions, prevent others from using our products and product candidates or, in some cases, prevent the export or import of our products and product candidates to certain countries, governments, or persons altogether. Any limitation on our ability to export or provide our products, product candidates, and services could adversely affect our business, financial condition, and results of operations. We are also subject to anti-corruption laws of the United States and other applicable jurisdictions. The Foreign Corrupt Practices Act, or FCPA, prohibits companies and their employees, third-party intermediaries, and other associated persons from paying, offering, authorizing payment, or providing anything of value, directly or indirectly, to any foreign official, political party, or candidate for the purpose of influencing any act or decision of a foreign entity in order to obtain or retain business. The FCPA also obligates companies whose securities are listed in the United States to comply with certain accounting provisions requiring the company to maintain books and records that accurately and fairly reflect all transactions of the corporation, including international subsidiaries, and to devise and maintain an adequate system of internal accounting controls. Compliance with the FCPA is expensive and difficult, particularly in countries in which corruption is a recognized problem. In addition, the FCPA presents particular challenges in the biopharmaceutical industry, because, in many countries, hospitals are operated by the government, and doctors and other hospital employees are considered foreign officials. French anti-corruption laws also prohibit acts of bribery and influence peddling: - Article 433-1-1° of the French Criminal Code (bribery of domestic public officials);- Article 433-1-2° of the French Criminal Code (influence peddling involving domestic public officials);- Article 434-9 of the French Criminal Code (bribery of domestic judicial staff);- Article 434-9-1 of the French Criminal Code (influence peddling involving domestic judicial staff);- Articles 435-1 and 435-3 of the French Criminal Code (bribery of foreign or international public officials);- Articles 435-7 and 435-9 of the French Criminal Code (bribery of foreign or international judicial staff);- Articles 435-2, 435-4, 435-8 and 435-10 of the French Criminal Code (active and passive influence peddling involving foreign or international public officials and foreign or international judicial staff);- Articles 445-1 and 445-2 of the French Criminal Code (bribery of private individuals); and - French Law n°2016-1691 of December 9th, 2016 on Transparency, the Fight Against Corruption and the Modernization of the Economy (Sapin 2 Law), which provides for numerous new obligations for large companies such as the obligation to draw up and adopt a code of conduct defining and illustrating the different types of behavior to be proscribed as being likely to characterize acts of corruption or influence peddling, to set up an internal warning system designed to enable the collections of reports from employees relating to the existence of conduct or situations contrary to the company's code of conduct, to set up accounting control procedures, whether internal or external, designed to ensure that the books, registers and accounts are not used to conceal acts of corruption or influence peddling, to set up a disciplinary system for sanctioning company employees in the event of a breach of the company's code of conduct or a system for monitoring and evaluating the measures implemented. We are also subject to the UK Bribery Act 2010, which makes it a criminal offense to: - Offer, promise, or give a financial or other advantage to a person to induce them to perform improperly or reward a person for improper performance (directly or via a third party). A bribe can be of any form, size, or value that would provide the intended recipient with some form of benefit or advantage. Bribes can include money, discounts, vouchers, loans, gifts, hospitality, accommodation, use of assets, preferential treatment, business advantage, and employment opportunities, among others;- Request, agree to receive or accept a financial or other advantage with the intention of or as reward for improper performance (directly or via a third party);- Attempt bribery of a foreign public official in order to obtain or retain business or an advantage in the conduct of business, either directly or via a third party;- As a commercial organization, fail to prevent bribery, as a result of not having adequate procedures in place to prevent a person directly or associated with a company to commit any of the other offenses. For the purposes of the UK Bribery Act 2010, "foreign public official" means an individual who: - is an official or agent of a public international organization; or - exercises a public function: ?for or on behalf of a country or territory outside the Island (or any subdivision of such a country or territory); or ?for any public agency or public enterprise of that country or territory (or subdivision). There is no assurance that we will be effective in ensuring compliance by our employees, representatives, contractors, business partners, and agents with all applicable anti-corruption laws, including the FCPA, the French anti-corruption laws, or other applicable legal requirements, including trade control laws. If we are not in compliance with the FCPA, the French anti-corruption laws, and other anti-corruption laws or trade control laws, we may be subject to criminal and civil penalties, disgorgement and other sanctions and remedial measures, and legal expenses, which could have an adverse impact on our business, financial condition, results of operations, and liquidity. Likewise, any investigation of any potential violations of the FCPA, the French anti-corruption laws, other anti-corruption laws or trade control laws by U.S. or other authorities could also have an adverse impact on our reputation, our business, results of operations, and financial condition.

A tax authority may disagree with tax positions that we have taken, which could result in increased tax liabilities. For example, the Internal Revenue Service or another tax authority could challenge our allocation of income by tax jurisdiction and the amounts paid between our affiliated companies pursuant to our intercompany arrangements and transfer pricing policies, including amounts paid with respect to our intellectual property development. Similarly, a tax authority could assert that we are subject to tax in a jurisdiction where we believe we have not established a taxable connection, often referred to as a "permanent establishment" under international tax treaties, and such an assertion, if successful, could increase our expected tax liability in one or more jurisdictions. A tax authority may take the position that material income tax liabilities, interest, and penalties are payable by us, for example where there has been a technical violation of contradictory laws and regulations that are relatively new and have not been subject to extensive review or interpretation, in which case we expect that we might contest such assessment. High-profile companies can be particularly vulnerable to aggressive application of unclear requirements. Many companies must negotiate their tax bills with tax inspectors who may demand higher taxes than applicable law appears to provide. Contesting such an assessment may be lengthy and costly and if we were unsuccessful in disputing the assessment, the implications could increase our anticipated effective tax rate, where applicable.

We, and our service providers, receive, process, store, and use personal information and other data about our clinical trial participants, employees, partners, and others. We, and our service providers, must comply with numerous foreign and domestic laws, regulations, guidance, industry standards, external and internal privacy and security policies, contractual requirements, and other obligations regarding privacy and the storing, sharing, use, processing, disclosure, security, and protection of personal information and other data, such as information that we collect about patients and healthcare providers in connection with clinical trials in Europe, the United States, and elsewhere. We strive to comply with all applicable requirements and obligations; however, new laws, policies, codes of conduct, and legal obligations may arise, continue to evolve, be interpreted and applied in a manner that is inconsistent from one jurisdiction to another, and conflict with one another. Any failure or perceived failure by us or third parties working on our behalf to comply with applicable laws and regulations, any privacy and data security obligations pursuant to contract or pursuant to our stated privacy or security policies, or obligations to third parties may result in governmental enforcement actions (including fines, penalties, judgments, settlements, imprisonment of company officials and public censure), civil claims (to which we have been subject), litigation, damage to our reputation, and loss of goodwill, any of which could have a material adverse effect on our business, operations, and financial performance. With substantial uncertainty over the interpretation and application of these laws, regulations, and other obligations, we may face challenges in addressing their requirements and making necessary changes to our policies and practices, and may incur significant costs and expenses in our efforts to do so. In the United States, federal, state, and local governments have enacted numerous data privacy and security laws, including data breach notification laws, personal data privacy laws, consumer protection laws (e.g., Section 5 of the Federal Trade Commission Act), and other similar laws (e.g., state surveillance and wiretapping laws such as California Invasion of Privacy Act). For example, the federal Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act, imposes specific requirements relating to the privacy, security, and transmission of individually identifiable protected health information. In addition, in the past few years, numerous U.S. states-including California, Virginia, Colorado, Connecticut, and Utah-have enacted comprehensive privacy laws that impose certain obligations on covered businesses, including providing specific disclosures in privacy notices and affording residents with certain rights concerning their personal data. As applicable, such rights may include the right to access, correct, or delete certain personal data, and to opt-out of certain data processing activities, such as targeted advertising, profiling, and automated decision-making. The exercise of these rights may impact our business and ability to provide our products and services. Certain states also impose stricter requirements for processing certain personal data, including sensitive information, such as conducting data privacy impact assessments. These state laws allow for statutory fines for noncompliance. For example, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, together referred to as the CCPA, applies to personal data of consumers, business representatives, and employees who are California residents, and requires businesses to provide specific disclosures in privacy notices and honor requests of such individuals to exercise certain privacy rights, such as those noted below. The CCPA provides for fines of up to $7,500 per intentional violation and allows private litigants affected by certain data breaches to recover significant statutory damages. Although the CCPA exempts some data processed in the context of clinical trials, the CCPA increases compliance costs and potential liability with respect to other personal data we maintain about California residents. Similar laws are being considered in several other states, as well as at the federal and local levels, and we expect more states to pass similar laws in the future. While these states, like the CCPA, also exempt some data processed in the context of clinical trials, these developments further complicate compliance efforts and increase legal risk and compliance costs for us, the third parties upon whom we rely, and our customers. The global data protection landscape is rapidly evolving, and we expect that there will continue to be new and proposed laws, regulations, and industry standards concerning privacy, data protection, and information security, and we cannot yet determine the impact that such future laws, regulations, and standards may have on our business. For example, in Canada, the Personal Information Protection and Electronic Documents Act and various related provincial laws, as well as Canada's Anti-Spam Legislation, apply to our operations. The EU General Data Protection Regulation and United Kingdom's implementation of the General Data Protection Regulation, known respectively as the EU and UK GDPR, as well as EEA Member States' and the United Kingdom's implementing national legislation, apply to the collection and processing of personal data, including health-related information, by companies located in the EEA or the United Kingdom. In certain circumstances, the EU and UK GDPR also apply to companies located outside of the EEA or United Kingdom who are processing personal data of individuals located in the EEA or United Kingdom. The EU and UK GDPR have increased compliance burdens on us, such as requiring the following: - processing personal data only for specified, explicit, and legitimate purposes for which personal data were collected;- establishing a legal basis for processing personal data and creating obligations for controllers and processors to appoint data protection officers in certain circumstances;- increasing transparency obligations to data subjects for controllers (including presentation of certain information in a concise, intelligible, and easily accessible form about how their personal data is used and their rights vis-à-vis that data and its use);- introducing the obligation to carry out so-called data protection impact assessments in certain circumstances;- establishing limitations on collection and retention of personal data through "data minimization" and "storage limitation" principles;- establishing obligations to implement "privacy by design";- introducing obligations to honor increased rights for data subjects (such as rights for individuals to be "forgotten," rights to data portability, and rights to object, etc., in certain circumstances);- formalizing a heightened and codified standard of data subject consent;- establishing obligations to implement certain technical and organizational safeguards to protect the security and confidentiality of personal data;- introducing obligations to agree to certain specific contractual terms and to take certain measures when engaging third party processors and joint controllers;- introducing the obligation to provide notice of certain personal data breaches to the relevant supervisory authority or authorities and affected individuals; and - mandating the appointment representatives in the United Kingdom and/or EEA in certain circumstances. The processing of sensitive personal data, such as health information, is subject to compliance with specific exceptions under the EU and UK GDPR which may impose heightened compliance burdens and is a topic of active interest among foreign regulators. The EU and UK GDPR increase our obligations with respect to clinical trials conducted in Europe (including the EEA, United Kingdom and Switzerland) by expressly expanding the definition of personal data to include "pseudonymized" or key-coded data and requiring changes to informed consent practices and more detailed notices for clinical trial subjects and investigators. The EU and UK GDPR also provide for more robust regulatory enforcement and greater penalties for noncompliance than previous data protection laws, including fines of up to 20 million euros under the EU GDPR, 17.5 million pound sterling under the UK GDPR, or in each case, 4% of global annual revenue for the preceding financial year, whichever is higher. In addition to administrative fines, a wide variety of other potential enforcement powers are available to competent supervisory authorities in respect of potential and suspected violations of the EU and UK GDPR, including extensive audit and inspection rights, and powers to order temporary or permanent bans on all or some processing of personal data carried out by non-compliant actors. The EU and UK GDPR also confer a private right of action on data subjects and consumer associations to lodge complaints with supervisory authorities, seek judicial remedies, and obtain compensation for damages resulting from violations of the EU and UK GDPR. In the ordinary course of business, we may transfer personal data from Europe and other jurisdictions to the United States or other countries. Europe and other jurisdictions have enacted laws requiring data to be localized or limiting the transfer of personal data to other countries. In particular, the EEA and the United Kingdom have significantly restricted the transfer of personal data to the United States and other countries whose privacy laws it generally believes are inadequate. Other jurisdictions may adopt similarly stringent interpretations of their data localization and cross-border data transfer laws. Although there are currently various mechanism that may be used to transfer personal data from the EEA and United Kingdom to the United States in compliance with law, such as the EEA standard contractual clauses, the UK's International Data Transfer Agreement / Addendum, and the EU-U.S. Data Privacy Framework and the UK extension thereto (which allows for transfers to relevant U.S.-based organizations who self-certify compliance and participate in the Framework), these mechanisms are subject to legal challenges, and there is no assurance that we can satisfy or rely on these measures to lawfully transfer personal data to the United States. If there is no lawful manner for us to transfer personal data from the EEA or UK, including, for example, obtaining individuals' explicit consent to transfer their personal data from the EEA or UK to the United States or other countries, we will face increased exposure to regulatory actions, substantial fines, and injunctions against processing personal data from the EEA or United Kingdom. The inability to transfer personal data from the EEA, United Kingdom, or Switzerland may also restrict our clinical trials activities in such jurisdictions, limit our ability to collaborate with contract research organizations as well as other service providers, contractors and other companies subject to European data protection laws, and require us to increase our data processing capabilities in the EEA, United Kingdom, or Switzerland, likely at significant expense. Additionally, other countries outside of Europe have enacted or are considering enacting similar cross-border data transfer restrictions and laws requiring local data residency, which could increase the cost and complexity of delivering our services and operating our business. The type of challenges we face in Europe will likely also arise in other jurisdictions that adopt laws similar in construction to the EU and UK GDPR or regulatory frameworks of equivalent complexity. The EU GDPR provides that EEA countries may make their own further laws and regulations to introduce specific requirements related to the processing of "special categories of personal data," including personal data related to health,biometric data used for unique identification purposes, and genetic information, as well as personal data related to criminal offences or convictions. In the United Kingdom, the United Kingdom Data Protection Act 2018 complements the UK GDPR in this regard. This fact may lead to greater divergence on the law that applies to the processing of such data types across the EEA and/or United Kingdom, compliance with which, as and where applicable, may increase our costs and could increase our overall compliance risk. Such country-specific regulations could also limit our ability to collect, use, and share data in the context of our EEA and/or United Kingdom establishments (regardless of where any processing in question occurs), and/or could cause our compliance costs to increase, ultimately having an adverse impact on our business, and harming our business and financial condition. For example, in France, the conduct of clinical trials is subject to compliance with specific provisions. The French Law No.78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties, as amended, establishes a strict framework applicable to the processing of personal data in the health sector. This framework requires, among others, the filing of compliance undertakings with "reference methodologies" (such as the MR-001) adopted by the French Data Protection Authority, or CNIL, or, if not complying, obtaining an authorization from the CNIL. Failure to comply with the stringent provisions of the reference methodologies or failure to obtain the CNIL's authorization could expose us to adverse consequences, including the interruption of our clinical trials in France, increased exposure to regulatory actions, or the need to relocate part of or all of our data processing activities to other jurisdictions at significant expense. It is possible that the EU and UK GDPR or other laws and regulations relating to privacy and data protection may be interpreted and applied in a manner that is inconsistent from jurisdiction to jurisdiction or inconsistent with our current policies and practices, and compliance with such laws and regulations could require us to change our business practices and compliance procedures in a manner adverse to our business. We cannot guarantee that we are in compliance with all such applicable data protection laws and regulations, and we cannot be sure how these regulations will be interpreted, enforced, or applied to our operations. Furthermore, other jurisdictions outside the EEA are similarly introducing or enhancing privacy and data security laws, rules, and regulations, which could increase our compliance costs and the risks associated with noncompliance. It is possible that these laws may be interpreted and applied in a manner that is inconsistent with our practices, and our efforts to comply with the evolving data protection rules may be unsuccessful. We cannot guarantee that we, our third-party collaborators, or our vendors are in compliance with all applicable data protection and privacy laws and regulations as they are enforced now or as they evolve. Further, for example, our privacy policies may be insufficient to protect any personal information we collect, or may not comply with applicable laws. Our non-compliance could result in government-imposed fines or orders requiring that we change our practices, which could adversely affect our business. In addition to the risks associated with enforcement activities and potential contractual liabilities, our ongoing efforts to comply with evolving laws and regulations at the federal and state level may be costly and require ongoing modifications to our policies, procedures, and systems. In addition, if we are unable to properly protect the privacy and security of protected health information, we could be found to have breached our contracts. In addition to data privacy and security laws, we may be subject to contractual obligations based on industry standards adopted by industry groups, such as best practices governing the conduct of clinical trials, and we are, or may become, subject to such obligations in the future. We are also subject to contractual obligations related to data privacy and security. Our efforts to comply with such obligations may not be successful. For example, certain privacy laws, such as the EU and UK GDPR and CCPA, may require us to impose specific contractual restrictions on certain service providers that have access to personal data, such as clinical trial patient data or personal data of clinical trial site personnel. We publish privacy policies, marketing materials, and other statements regarding data privacy and security on our website. If these policies, materials or statements are found to be deficient, lacking in transparency, deceptive, or unfair, or to misrepresent our practices, we may be subject to investigation, enforcement actions by regulators (such as the Federal Trade Commission), or other adverse consequences. Our actual or perceived failure to adequately comply with applicable laws and regulations relating to privacy and data protection, or to protect personal data and other data we process or maintain, could result in regulatory enforcement actions against us, including fines, penalties, orders that require a change in our practices, additional reporting requirements and/or oversight, imprisonment of company officials and public censure, claims for damages by affected individuals, other lawsuits, or reputational damage, all of which could materially affect our business, financial condition, results of operations, and growth prospects.

We perform most of the manufacturing of our products and our product candidates in-house. Delays in manufacturing or inability to manufacture sufficient doses of a product or product candidate could adversely affect our business, financial condition, prospects, and results of operations. If we, or any third-party manufacturing partners, are unable to manufacture sufficient quantities of any vaccine, we may not be able to meet demand or fulfill our obligations under any agreements, or we may be forced to forego additional partnerships or supply agreements which would be advantageous for our business. We may encounter unexpected challenges relating to manufacturing efficiency, quality control, or stability profile that could impact the quantity of products or product candidates manufactured, the consistency of quantity across batches, or the length of time that manufactured material can be used. These problems could impact our supply of the market and require us to manufacture more than previously expected, leading to delays and added costs. Additionally, any supply shortages due to an inability to manufacture sufficient doses could result in fines. We experienced supply shortages for both IXIARO and DUKORAL in 2022 and 2023 due to the faster than expected recovery of the travel market and, in 2023, to delays in internal processes. In February 2024, we announced anticipated difficulties in supplying the market in the beginning of 2024, and these are accounted for in our guidance. We may be required to increase our manufacturing capacity to meet demand for approved products, and we may be unable to do this in a timely or cost-effective manner, or at all. We do not have experience manufacturing on the scale that would be required for a large-scale commercialization of vaccine candidates that may receive approval in the future. The process of developing additional manufacturing capacity is complex and affected by multiple external factors, many of which are beyond our control. We, our contract manufacturers, any future collaborators, and their contract manufacturers could be subject to periodic unannounced inspections by the FDA or other comparable regulatory authorities to monitor and ensure compliance with cGMP or other applicable regulations. Despite our efforts to audit and verify regulatory compliance, we or one or more of our third-party manufacturing vendors may be found on regulatory inspection by the authorities to be noncompliant with cGMP or other applicable regulations. This may result in shutdown of the relevant facility or invalidation of drug product lots or processes, as well as delays in clinical development programs which could ultimately negatively impact our regulatory and commercialization timelines and expectations. In some cases, a product recall may be warranted or required, which would materially affect our ability to supply and market our drug products. We have outsourced an important step in the manufacturing of IXCHIQ to a third party, IDT Biologika, and Vetter performs the filling process for IXIARO and the filling of IXCHIQ diluent. Outsourcing of manufacturing could result in delays, concerns about manufacturing consistency, or other manufacturing failures. Per the standard industry practice, we rather than the third-party provider would bear the risk of such problems, which could result in a material adverse impact on our business, prospects, financial condition, and results of operations. Any of these factors impacting manufacturing quantity or quality could delay clinical trials, regulatory submissions, and/or commercialization of our products, interfere with current sales, entail higher costs, and result in our inability to effectively sell our products.

We are highly dependent on our management, scientific, and medical personnel, particularly our Chief Executive Officer Thomas Lingelbach, who we heavily rely on for a variety of matters. Our key personnel may currently terminate their employment with us at any time. The loss of the services of any of these persons could impede the achievement of our research, development, and commercialization objectives. Additionally, we do not currently maintain "key person" life insurance on the lives of our executives, other than Thomas Lingelbach and Juan Carlos Jaramillo, or any of our employees. Recruiting and retaining other senior executives, qualified scientific and clinical personnel, and commercialization, manufacturing and sales and marketing personnel will be critical to our success. The loss of the services of our executive officers or other key employees could impede the achievement of our research, development, and commercialization objectives and seriously harm our ability to successfully implement our business strategy. Furthermore, replacing executive officers and key employees may be difficult and may take an extended period of time because of the limited number of individuals in our industry with the breadth of skills and experience required to successfully develop, gain regulatory approval of, and commercialize our product candidates. Competition to hire from this limited pool is intense, and we may be unable to hire, train, retain, or motivate these key personnel on acceptable terms given the competition among numerous pharmaceutical and biotechnology companies for similar personnel. We also experience competition for the hiring of scientific and clinical personnel from universities and research institutions. In addition, we rely on consultants and advisors, including scientific and clinical advisors, to assist us in formulating our research and development and commercialization strategy. Our consultants and advisors may have commitments under consulting or advisory contracts with other entities that may limit their availability to us. If we are unable to continue to attract and retain high-quality personnel, our ability to pursue our growth strategy will be limited. Our future performance will also depend, in part, on our ability to successfully integrate newly hired executive officers into our management team and our ability to develop an effective working relationship among senior management, including in the context of our recent change in governance structure, as described in Item 6. Our failure to integrate new individuals and create effective working relationships among members of management could result in inefficiencies in the development and commercialization of our product candidates and other aspects of our business, which could negatively impact our results of operations.

We currently rely upon several, and in the future may rely on additional, third-party contract manufacturing organizations, or CMOs, for the manufacture and supply of components and substances for all of the product candidates we are developing. In particular, we have outsourced one step in the manufacturing process of IXCHIQ to IDT Biologika. Additionally, certain component materials are currently available from a single supplier, or a small number of suppliers. We cannot be sure that these suppliers will remain in business, or that they will not be purchased by one of our competitors or another company that is not interested in continuing to manufacture these materials for us. We cannot assure you that, if required, we will be able to identify alternate sources with the desired scale and capability and establish relationships with such sources. Additionally, in the biopharmaceutical industry, supplier changes require lengthy validation and regulatory approval processes. A loss of any CMO or component supplier and delay in establishing a replacement could delay our clinical development and regulatory approval process and interrupt supply.

The biotechnology and pharmaceutical industries are subject to intense competition and rapid and significant technological change. We have many potential competitors, including major pharmaceutical companies, specialized biotechnology firms, academic institutions, government agencies, and private and public research institutions. Many of our competitors have significantly greater financial and technical resources as well as experience and expertise in: - research and development;- pre-clinical testing;- designing and implementing clinical trials;- regulatory processes and approvals;- production and manufacturing; and - sales and marketing of approved products. Principal competitive factors in our industry include: - the quality and breadth of an organization's technology;- management of the organization and the execution of the organization's strategy;- the skill and experience of an organization's employees and its ability to recruit and retain skilled and experienced employees;- an organization's intellectual property portfolio;- the capabilities of an organization throughout the product pipeline, from target identification and validation to discovery and development to manufacturing and marketing; and - the availability of substantial capital resources to fund discovery, development, and commercialization activities. Large and established companies, such as Merck & Co., Inc., GlaxoSmithKline plc, CSL Ltd, Sanofi Pasteur, SA, Pfizer Inc. and AstraZeneca, among others, compete in the general vaccine market. In particular, these companies may have greater experience and expertise in: securing government contracts and grants to support their research and development efforts, conducting testing and clinical trials, obtaining regulatory approvals to market products, manufacturing such products on a broad scale, and marketing approved products. Smaller or early-stage companies and research institutions also may prove to be significant competitors, particularly through collaborative arrangements with large and established pharmaceutical companies. As these companies and research institutions develop their technologies, they may develop proprietary positions, which may prevent or limit our product development and commercialization efforts. If any of our competitors succeed in obtaining approval from regulatory authorities for their products sooner than we do or for products that are more effective or less costly than ours, or if the scope of approval for a competing product is broader than an approval granted for our product, our commercial opportunity could be significantly reduced. Mergers and acquisitions, including of specific assets, in the pharmaceutical and biotechnology industries may result in even more resources being concentrated among a smaller number of our competitors and in changes to the competitive landscape in regions where we market and distribute our products. We are aware of companies with competing products or product candidates for Japanese encephalitis (such as Substipharm's IMOJEV) and cholera (such as Bavarian Nordic's Vaxchora, which is currently available in the U.S. and a limited number of European markets), each as described further in Item 4 of this Annual Report. If and as these vaccines become available in the markets in which we compete, sales of our vaccines will be adversely affected. Competition is the primary factor affecting our prices outside the United States. We are also aware of companies with active vaccine development programs for Lyme disease and chikungunya. Even if a manufacturer obtains an EUA or regulatory approval for a vaccine, it is likely that competitors will continue to work on new products that could be more efficacious and/or less expensive. Vaccines under development by competitors, including development programs of which we are not aware, may be more effective or further along in the development and regulatory approval process than our vaccine candidates. Even if our vaccine candidates receive EUA or regulatory approval, they may not achieve or maintain significant sales if other, more effective vaccines under development by our competitors are also approved. In order to compete effectively, we will have to make substantial investments in development, testing, manufacturing, and sales and marketing or partner with one or more established companies in one or more of these areas. We may not be successful in gaining significant market share for any approved product candidate and may not continue to be successful maintaining or gaining market share for our currently marketed products. Our technologies and vaccines also may be rendered obsolete or non-competitive as a result of products introduced by our competitors to the marketplace more rapidly and at a lower cost.

Even if any product candidates receive marketing approval, they may fail to gain market acceptance by physicians, patients, third-party payors, government officials, and others in the medical community. For example, our COVID-19 vaccine received four marketing approvals but ultimately was not a commercial success due to lack of interest from potential government purchasers. Further, recommendations from regulatory bodies can affect market acceptance of approved products. For example, in the United States, ACIP develops vaccine recommendations for use, as do comparable agencies around the world. ACIP uses working groups that gather, analyze, and prepare scientific information to develop its recommendations, and vaccines that receive a preferred recommendation from ACIP are widely adopted. In February 2024, ACIP issued recommendations relating to vaccination against chikungunya that included recommendations for the use of IXCHIQ that were narrower than IXCHIQ's label in the United States. This recommendation may decrease the demand for IXCHIQ and impact its commercialization. If such product candidates do not achieve an adequate level of acceptance, we may not generate significant product revenue, which would limit the return on our investment and may prevent us from becoming profitable. The degree of market acceptance of any product candidate, if approved for commercial sale, will depend on a number of factors, including but not limited to: - the convenience and ease of administration compared to alternative vaccines and therapies;- the existence of alternative therapies;- the public perception of new therapies and the reputational challenges that the vaccine industry is facing related to the growing momentum of the anti-vaccine movement in some regions;- the prevalence and severity of adverse side effects;- the willingness of the target patient population to try new therapies and of physicians to prescribe these therapies;- the efficacy, safety profile, and potential advantages compared to alternative vaccines and therapies;- the effectiveness of sales and marketing efforts;- the cost of the vaccine in relation to alternative vaccines and therapies;- our ability to offer such product for sale at competitive prices;- the strength of marketing and distribution support;- the availability of third-party coverage and adequate reimbursement, and patients' willingness to pay out-of-pocket in the absence of third-party coverage or adequate reimbursement;- receiving recommendations for use from ACIP and comparable foreign regulatory and advisory bodies;- the prevalence and severity of any side effects; and - any restrictions on the use of the product together with medications. Our efforts to educate physicians, patients, third-party payors, and others in the medical community on the benefits of our product candidates may require significant resources and may never be successful. Such efforts may require more resources than are typically required due to the complex and distinctive nature of our product candidates. Because we expect sales of our product candidates, if approved, to generate a significant portion of our revenue for the foreseeable future, the failure of our product candidates to find market acceptance would harm our business.

Our future profitability will depend, in part, on our ability to continue to commercialize our products and, if approved, our product candidates in markets in Europe, the United States and other countries where we maintain commercialization rights. As we continue to commercialize our products and begin to commercialize our product candidates, if approved, in multiple markets, we are subject to additional risks and uncertainties, including: - foreign currency exchange rate fluctuations and currency controls;- economic weakness, including inflation and rising interest rates, or political instability in particular economies and markets;- potentially adverse and/or unexpected tax consequences, including penalties due to the failure of tax planning or due to the challenge by tax authorities on the basis of transfer pricing and liabilities imposed from inconsistent enforcement;- the burden of complying with complex and changing regulatory, tax, accounting. and legal requirements, many of which vary between countries;- different medical practices and customs in multiple countries affecting acceptance of drugs in the marketplace;- differing payor reimbursement regimes, governmental payors. or patient self-pay systems and price controls;- tariffs, trade barriers, import or export licensing requirements. or other restrictive actions;- compliance with tax, employment, immigration. and labor laws for employees living or traveling abroad;- workforce uncertainty in countries where labor unrest is common;- reduction or loss of protection of intellectual property rights in some foreign countries, and related prevalence of generic alternatives to therapeutics; and - becoming subject to the different, complex. and changing laws, regulations, and court systems of multiple jurisdictions and compliance with a wide variety of foreign laws, treaties, and regulations. In addition, due to the conflict between Russia and Ukraine, the United States, the European Union, and other jurisdictions have imposed various sanctions against Russia and Belarus. The military conflict and the retaliatory measures that have been taken, or could be taken in the future, by the U.S., the European Union, and other jurisdictions against Russia and Belarus have created global security concerns that could result in a regional conflict and otherwise have a lasting impact on regional and global economies, any or all of which could adversely affect our business. Other conflicts, such as the ongoing conflict between Israel and Hamas, could cause similar disruption and adversely impact our business. Any or all of these actions, as well as actions such as cyber-attacks by state-sponsored or non-state actors, could disrupt our operations and supply chain and adversely affect our ability to conduct and analyze ongoing and future clinical trials of our product candidates, among other possible consequences. Additionally, concerns about security and any increase in the cost of travel resulting from the rising cost of fuel could impact the travel industry. Any of these results could materially harm our business. These and other risks associated with international operations may adversely affect our ability to attain or maintain profitable operations. Future sales of our products or our product candidates, if they are approved, will be dependent on purchasing decisions of and reimbursement from government health administration authorities, distributors, and other organizations. As a result of adverse conditions affecting the global economy and credit and financial markets, including disruptions due to political instability, armed conflict, wars, or otherwise, these organizations may defer purchases or may be unable to satisfy their purchasing or reimbursement obligations, which may affect milestone payments or royalties for our products or any of our product candidates that are approved for commercialization in the future. Should any of these risks materialize, this could have a material adverse effect on our business, prospects, financial condition, and results of operations.

Our operations, and those of our CMOs, CROs, and other contractors and consultants, could be subject to cybersecurity attacks, earthquakes, power shortages, information technology or telecommunications failures, water shortages, floods, hurricanes, typhoons, fires, extreme weather conditions, armed conflict, wars, public health pandemics or epidemics, and other natural or man-made disasters or business interruptions, for which we are predominantly self-insured. The occurrence of any of these business disruptions could seriously harm our operations and financial condition and increase our costs and expenses. Our ability to develop and commercialize our product candidates could be disrupted if our operations or those of our suppliers are affected by man-made or natural disasters or other business interruptions.