Alimera (ALIM) Risk Analysis

We depend on information technology systems, infrastructure and data to operate our business. In the ordinary course of business, we collect, store and transmit confidential information, including intellectual property, proprietary business information and personal information. Maintaining the confidentiality and integrity of that confidential information is essential to our business. We also have outsourced elements of our operations to third parties, and as a result we work with a number of third-party contractors that have access to some of our confidential information. Although we have implemented security, backup and recovery measures, our internal information technology systems and those of our third-party manufacturers, CROs and other contractors or consultants may be vulnerable to cybersecurity attacks, computer viruses (including worms, malware, ransomware and other destructive or disruptive software or denial of service attacks), service interruptions, system malfunction, natural disasters, terrorism, war and telecommunication and electrical failures, security breaches from inadvertent or intentional actions by our employees, contractors, consultants, business partners or other third parties, physical or electronic break-ins and similar disruptions. We or our third-party manufacturers, CROs and other contractors and consultants could also experience directed attacks intended to lead to interruptions and delays in our service and operations as well as loss, misuse, theft or release of proprietary, confidential, sensitive or otherwise valuable company or subscriber data or information. Such a cybersecurity attack, virus, break-in, disruption or attack could remain undetected for an extended period, could harm our business, financial condition or results of operations, be expensive to remedy, expose us to litigation and/or damage our reputation. Our insurance may not cover expenses related to such disruptions or unauthorized access fully or at all. Any of the foregoing may compromise our system infrastructure or lead to data leakage. While we have not experienced any such cyber-related fraud, system failure, accident or security breach through the date of this report that has materially affected our business, we cannot assure that our and our vendors' data protection efforts and our and our vendors' investment in information technology will prevent cyber-attacks by malicious third parties, significant breakdowns, data leakages, breaches in our systems or other cyber incidents that could have a material adverse effect upon our reputation, business, operations or financial condition. For example, if such an event were to occur and cause interruptions in our operations or a direct financial loss due to misdirected or fraudulent payments, it could result in a material disruption of our business operations, including, distribution and manufacturing, or to a direct financial loss. We sell ILUVIEN in the U.S. primarily to two distributors and in Europe we use two logistics providers. Subject to the Supply Agreement with EyePoint Parent, EyePoint Parent is responsible for manufacturing and exclusively supplying (subject to certain exceptions) to us agreed-upon quantities of YUTIQ necessary for us to commercialize YUTIQ in the U.S. during the term of the Product Rights Agreement. We may elect to manufacture YUTIQ after an initial 18-month term following the date of the Product Rights Agreement, upon the satisfaction of certain conditions. A security breach that impairs these distribution or logistics operations could significantly impair our ability to deliver our products to healthcare providers. In addition, our products are manufactured and tested by third parties, and a security breach that impairs these third parties could significantly impair our ability to procure our products and deliver them to our distributors in a timely manner. There can be no assurance that our or their efforts will detect, prevent or fully recover systems or data from all breakdowns, service interruptions, attacks or breaches of systems, any of which could adversely affect our business and operations and/or result in the loss of critical or sensitive data, which could result in financial, legal, business or reputational harm to us or impact our stock price. In addition, the loss of clinical trial data for our product candidates or our post-market studies could result in delays in our regulatory approval efforts or marketing efforts and significantly increase our costs to recover or reproduce the data. Furthermore, significant disruptions or security breaches of our internal information technology systems or our vendors' technology systems could adversely affect or result in the loss of, misappropriation of, unauthorized access to, use of, disclosure of or the prevention of access to our confidential information, including trade secrets or other intellectual property, proprietary business information and personal information of our employees and patients in studies conducted on our behalf, which could result in financial, legal, business and reputational harm to us. For example, any such event that leads to unauthorized access to, use of or disclosure of personal information, including personal information regarding our employees or information we may have regarding patients, could harm our reputation directly, compel us to comply with federal and state breach notification laws and foreign law equivalents, subject us to mandatory corrective action and otherwise subject us to liability under laws and regulations that protect the privacy and security of personal information, which could result in significant legal and financial exposure and reputational damages that could potentially have an adverse effect on our business.

Our business exposes us to the risk of product liability claims, which is inherent in the manufacturing, testing and marketing of drugs and related products. We face an increased risk of product liability as we further commercialize our current products, especially in the U.S. If the use of our current products or one or more of our future products causes physical harm, we may be subject to costly and damaging product liability claims. We believe that we may be at a greater risk of product liability claims relative to other pharmaceutical companies because our current products are inserted into the eye, and it is possible that we may be held liable for eye injuries of patients who receive our products. Any product liability lawsuits may divert our management from pursuing our business strategy and may be costly to defend. In addition, if we are held liable in any of these lawsuits, we may incur substantial liabilities and may be forced to limit or forego further commercialization of our current products or one or more of our future products. Even if we are not held liable, product liability lawsuits could cause adverse publicity and decrease the demand for our current products, which could have a material adverse effect on our business, results or operations and financial condition. We have not had any material claims against us through the date of this report. Although we maintain product liability insurance covering our clinical trial activities and our product sales, our aggregate coverage limit under these insurance policies is limited to $10 million in most jurisdictions, and while we believe this amount of insurance is sufficient to cover our product liability exposure, these limits may not be high enough to fully cover potential liabilities. These insurance policies provide worldwide coverage where allowed by law. As we generate product revenue in new countries, we intend to obtain compulsory coverage in those countries that require it. However, we may not be able to obtain or maintain sufficient insurance coverage at an acceptable cost or otherwise to protect against potential product liability claims. If we are unable to obtain insurance at acceptable cost or otherwise protect against potential product liability claims, we will be exposed to significant liabilities, which may materially and adversely affect our business and financial position. These liabilities could prevent or interfere with our product development and commercialization efforts. Certain Risks of Owning Our Common Stock

As a multinational organization, we may be subject to taxation in several jurisdictions around the world with increasingly complex tax laws, the application, interpretation and enforcement of which can be uncertain. Changes in tax laws or their interpretations could result in changes to enacted tax rates and may require complex computations to be performed that were not previously required, significant judgments to be made in interpretation of the new or revised tax regulations and significant estimates in calculations, as well as the preparation and analysis of information not previously relevant or regularly produced. Future changes in enacted tax rates could negatively affect our results of operations. For example, the recently enacted Inflation Reduction Act of 2022 includes a minimum tax equal to fifteen percent of the adjusted financial statement income of certain corporations as well as a one percent excise tax on share buybacks, which went effective for tax years beginning in 2023. It is possible that the minimum tax could result in an additional tax liability over the regular federal corporate tax liability in a given year based on differences between book and taxable income (including as a result of temporary differences). Relevant foreign taxing authorities may disagree with our determinations as to whether we have established a taxable nexus, often referred to as a "permanent establishment," or the income and expenses attributable to specific jurisdictions. In addition, these authorities may take aggressive tax recovery positions that the funds flows we process are subject to value added tax or goods and services tax. If disagreements with relevant taxing authorities on other unknown matters were to occur, and our position was not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows and lower overall profitability of our operations. Our tax returns and positions are subject to review and audit by federal, state, local and international taxing authorities. An unfavorable outcome to a tax audit could result in higher tax expense, thereby negatively affecting our results of operations and cash flows. We have recognized estimated liabilities on the balance sheet for material known tax exposures relating to deductions, transactions and other matters involving some uncertainty as to the proper tax treatment of the item. These liabilities reflect what we believe to be reasonable assumptions as to the likely final resolution of each issue if raised by a taxing authority. While we believe that the liabilities are adequate to cover reasonably expected tax risks, there can be no assurance that, in all instances, an issue raised by a tax authority will be finally resolved at a financial amount no more than any related liability. An unfavorable resolution, therefore, could negatively affect our financial position, results of operations and cash flows in the current and/or future periods.

We are subject to data protection laws and regulations. In the U.S., numerous federal and state laws and regulations, including state data breach notification laws, state health information and/or genetic privacy laws, and federal and state consumer protection laws, govern the collection, use, disclosure, and protection of health related and other personal information. In California, the California Consumer Privacy Act ("CCPA") establishes certain requirements for data use and sharing transparency, and provides California residents certain rights concerning the use, disclosure, and retention of their personal data. The California Privacy Rights Act currently in effect, significantly amends the CCPA. Virginia, Colorado, Utah, and Connecticut have enacted privacy laws similar to the CCPA that impose new obligations or limitations in areas affecting our business, and similar laws are under consideration in other states. These laws and regulations are evolving and subject to interpretation and may impose limitations on our activities or otherwise adversely affect our business. The obligations to comply with the CCPA and evolving legislation may involve, among other things, updates to our notices and the development of new processes. We may be subject to fines, penalties, or private actions in the event of non-compliance with such laws. In addition, we may obtain health information from third parties (e.g., healthcare providers who prescribe our product) that are subject to privacy and security requirements under the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act, and their implementing regulations, (collectively, "HIPAA"). HIPAA imposes privacy and security obligations on covered entity health care providers, health plans, and health care clearinghouses, as well as their "business associates"-certain persons or entities that create, receive, maintain, or transmit protected health information in connection with providing a specified service or performing a function on behalf of a covered entity. Although we are not directly subject to HIPAA, we could be subject to criminal penalties if we knowingly receive individually identifiable health information maintained by a HIPAA covered entity in a manner that is not authorized or permitted by HIPAA. Further at the federal level, the Federal Trade Commission ("FTC") also sets expectations for failing to take appropriate steps to keep consumers' personal information secure, or failing to provide a level of security commensurate to promises made to individual about the security of their personal information (such as in a privacy notice) may constitute unfair or deceptive acts or practices in violation of Section 5(a) of the Federal Trade Commission Act ("FTC Act"). The FTC expects a company's data security measures to be reasonable and appropriate in light of the sensitivity and volume of consumer information it holds, the size and complexity of its business, and the cost of available tools to improve security and reduce vulnerabilities. Individually identifiable health information is considered sensitive data that merits stronger safeguards. With respect to privacy, the FTC also sets expectations that companies honor the privacy promises made to individuals about how the company handles consumers' personal information; any failure to honor promises, such as the statements made in a privacy policy or on a website, may also constitute unfair or deceptive acts or practices in violation of the FTC Act. While we do not intend to engage in unfair or deceptive acts or practices, the FTC has the power to enforce promises as it interprets them, and events that we cannot fully control, such as data breaches, may result in FTC enforcement. Enforcement by the FTC under the FTC Act can result in civil penalties or enforcement actions. EU Member States and other jurisdictions where we operate have adopted data protection laws and regulations, which impose significant compliance obligations. For example, the General Data Protection Regulation (GDPR) imposes strict obligations and restrictions on the ability to collect, analyze and transfer personal data, including health data from clinical trials and adverse event reporting. Switzerland has adopted laws that impose restrictions and obligations similar to the GDPR. The obligations and restrictions under the GDPR and Switzerland's laws concern, in particular, in some instances the consent of the individuals to whom the personal data relate, the processing details disclosed to the individuals, the sharing of personal data with third parties, the transfer of personal data out of the EEA or Switzerland, contracting requirements (such as with clinical trial sites and vendors), and security breach notifications, as well as substantial potential fines, in some cases up to 4% of annual global turnover, for breaches of the data protection obligations. Data protection authorities from the different EU Member States and the EEA may interpret the GDPR and applicable related national laws differently which could effectively result in requirements additional to those currently understood to apply under the GDPR. In addition, guidance on implementation and compliance practices may be updated or otherwise revised, which adds to the complexity of processing personal data in the EU. When processing personal data of subjects in the EU, we have to comply with applicable data protection and electronic communications laws. In particular, as we rely on service providers processing personal data of subjects in the EU, we have to enter into suitable contract terms with such providers and receive sufficient guarantees that such providers meet the requirements of the applicable data protection laws, particularly the GDPR which imposes specific and relevant obligations. Enforcement by EU and U.K. regulators is active, and failure to comply with the GDPR or applicable Member State law may result in substantial fines. Legal mechanisms to allow for the transfer of personal data from the EEA or U.K. to the US may impact our ability to transfer personal data or otherwise may cause us to incur significant costs to do so legally. On July 16, 2020, the European Court of Justice ruled that the Privacy Shield is an invalid data transfer mechanism and confirmed that the Standard Contractual Clauses ("SCCs") remain valid. If companies are relying on the SCCs as their transfer mechanism to transfer personal information from the EEA to the US (or to other jurisdictions not recognized as adequate by the EU), they must be incorporated into new and existing agreements within prescribed timeframes. The U.K. adopted versions of their own SCCs. Updating agreements to incorporate these new SCCs for the EEA and U.K. may require significant time and resources to implement, including through adjusting our operations, conducting requisite data transfer assessments, and revising our contracts. Companies that have not taken steps to demonstrate that their SCCs and personal data recipients in the US or other non-adequate jurisdictions are suitable to receive the personal data may be subject to enforcement actions by competent authorities in the EU for failure to comply with related data privacy rules. Additionally, the European Commission adopted a draft adequacy decision for the EU-US Data Privacy Framework, which reflects the assessment by the European Commission of the US legal framework. The draft decision concludes that the U.S. ensures an adequate level of protection for personal data transferred from the EU to US companies. After an approval process, the European Commission is expected to adopt the final adequacy decision, which will allow data to flow freely from the EU to the U.S. If we or our distributors fail to comply with applicable data privacy laws concerning, or if the legal mechanisms we or our distributors rely upon to allow, the transfer of personal data from the EEA or Switzerland to the US (or other countries not considered by the European Commission to provide an adequate level of data protection) are not considered adequate, we could be subject to government enforcement actions, including an order to stop transferring the personal data outside of the EEA and significant penalties against us. Moreover, our business could be adversely impacted if our ability to transfer personal data out of the EEA or Switzerland to the US is restricted, which could adversely impact our operating results. Failure to comply with data protection laws and regulations could result in unfavorable outcomes, including increased compliance costs, delays or impediments in the development of new products, increased operating costs, diversion of management time and attention, government enforcement actions and create liability for us (which could include civil, administrative, and/or criminal penalties), private litigation and/or adverse publicity that could negatively affect our operating results and business.

Adverse weather conditions and natural disasters may affect our manufacturers' supply chains, which could negatively impact our ability to source materials and components to make our products and, in more severe cases, such as hurricanes, earthquakes, floods, droughts, tornadoes or blizzards, eliminate the availability, or significantly increase the cost, of the components to make our products, sometimes for prolonged periods of time. The response of federal, state and local governmental bodies and agencies to climate change through regulations, mandates, reporting and disclosure requirements, taxes or levies could materially increase our cost to operate or obtain product components at a reasonable price, resulting in a material adverse effect on our financial results. Any of these situations could materially and adversely harm our business and financial condition. Manufacturing Risks and Dependence on Third Parties

Approximately 30% of our product revenues in 2023 were international. A substantial majority of our international revenues and expenses are denominated in British Pounds and Euros, and as such are sensitive to changes in exchange rates. We also have balances, such as cash, accounts receivable, accounts payable and accruals, that are denominated in foreign currencies. These foreign currency transactions and balances are sensitive to changes in exchange rates. Fluctuations in exchange rates of the British Pound and Euro in relation to the U.S. Dollar could materially reduce our future revenues as compared to prior periods. We do not seek to mitigate this exchange rate effect by using derivative financial instruments. To the extent we are unable to match revenues received in foreign currencies with costs paid in the same currency, exchange rate fluctuations in that currency could have a material adverse effect on our business and results of operations. As our international operations continue to grow, our risks associated with fluctuations in currency rates will become greater.

We are a pharmaceutical company with two products, ILUVIEN, currently available for commercial sale in the U.S., the U.K., most of the countries in the EEA and a limited number of other markets, and our other product, YUTIQ, available for commercial sale in the U.S. Because we do not currently have any other products or product candidates available for sale or in clinical development, our future success depends on our and our distributors' successful commercialization of ILUVIEN and YUTIQ. We market ILUVIEN directly in the U.S., Germany, the U.K., Portugal and Ireland. In addition, we have entered into various agreements under which distributors are providing or will provide regulatory, reimbursement and sales and marketing support for ILUVIEN in Austria, Belgium, the Czech Republic, Denmark, Finland, France, Italy, Luxembourg, the Netherlands, Norway, Spain, Sweden, Switzerland, Australia, New Zealand and several countries in the Middle East. In addition, we have granted an exclusive license to Ocumension for the development and commercialization of our 0.19 mg fluocinolone acetonide intravitreal injection in China, East Asia and the Western Pacific. As of December 31, 2023 we have recognized sales of ILUVIEN to international distributors in the Middle East, China, Austria, Belgium, Czech Republic, France, Italy, Luxembourg, Spain, the Netherlands, and certain Nordic countries. In the U.S., YUTIQ is indicated for the treatment and prevention of chronic NIU-PS. Pursuant to the Product Rights Agreement with EyePoint Parent, we have the commercialization rights to YUTIQ in the entire world, except Europe, the Middle East and Africa as we had previously licensed from EyePoint rights to certain products, which included YUTIQ (known as ILUVIEN in Europe, the Middle East and Africa) for the prevention of relapse in recurrent NIU-PS in those territories. The Product Rights Agreement also excludes any rights to YUTIQ for the treatment and prevention of chronic NIU-PS in China and certain other countries and regions in Asia, which rights are subject to a pre-existing exclusive license between EyePoint Parent and Ocumension. We have incurred and expect to continue to incur significant expenses: - to continue to support our sales efforts in the U.S., Germany, Portugal, the U.K. and Ireland;- to pursue the regulatory and reimbursement approval for ILUVIEN in other countries for both DME and NIU-PS;- to grow our operational capabilities;- to support our NEW DAY and SYNCHRONICITY Studies; and - to support our NIU-PS study in pediatric patients. These represent a significant investment in the commercial and regulatory success of our products, which is uncertain. If we or our distributors do not successfully maintain our sales in countries where we are approved to sell our products or our distributors do not successfully commence and grow our sales of our products in other countries where we are seeking to begin selling our products or have recently done so, our business may be seriously harmed. In addition, we may experience delays and unforeseen difficulties in the commercialization of our products , including unfavorable pricing or reimbursement levels in certain countries that could negatively affect our ability to increase revenues.

We rely on our manufacturers to purchase materials from third-party suppliers necessary to produce our products. Suppliers may not sell these materials to our manufacturers when needed or on commercially reasonable terms. We do not have any control over the process or timing of our manufacturers' acquisition of these materials. If our manufacturers are unable to obtain these materials in sufficient amounts, our sales of our products would be hampered or there would be a shortage in supply, which would materially affect our ability to generate the revenues from the sale of our products that we expect. Moreover, although we have agreements with our suppliers for the supply of the active pharmaceutical ingredients in our products , the commercial production of the implants and the commercial production of our products' applicators, the suppliers may be unable to meet their contractual or quality requirements or choose not to supply us in a timely manner or in the minimum guaranteed quantities. If our manufacturers are unable to obtain these essential supplies, their ability to manufacture our products and thus the supply of our products for sale would be delayed, which could significantly reduce the sales of our products and have an adverse impact on our business. We may incur higher costs in acquiring component parts for our products' inserters and inserts as a result of increases in applicable inflationary indexes specified in our contracts with manufacturers. Moreover, economic or political instability or disruptions, such as the conflicts between Russia and Ukraine and Israel and Hamas, could negatively affect our manufacturers' supply chains or further increase our costs. Financial Risks

The development and commercialization of new drugs is highly competitive, and the commercial success of our products or any of our future products or product candidates will depend on several factors, including our ability to differentiate any such products or product candidates from our competitors' current or future products. We face competition from major pharmaceutical companies, specialty pharmaceutical companies and biotechnology companies worldwide with respect to our current products and to any future products or product candidates that we may develop or commercialize in the future. Our commercial opportunities for our current products will be reduced or eliminated if our competitors develop or market products that: - are more effective;- receive better reimbursement terms;- have higher rates of acceptance by physicians;- have fewer or less severe adverse side effects;- are better tolerated;- are more adaptable to various modes of dosing;- have better distribution channels;- are easier to administer; or - are less expensive, including a generic version of our products. Many pharmaceutical companies, biotechnology companies, public and private universities, government agencies and research organizations actively engage in research and development of products, some of which may target the same indications as our current products or any future products or product candidates. Our competitors include larger, more established, fully integrated pharmaceutical companies and biotechnology companies that have substantially greater capital resources, existing competitive products, larger research and development staffs and facilities, greater experience in drug development and in obtaining regulatory approvals and greater marketing capabilities than we do. Genentech, Novartis, Regeneron and AbbVie (Allergan) provide a short-term therapy that competes with our current products.