ArriVent BioPharma, Inc. (AVBP) Risk Analysis

Until such time, if ever, as we can generate substantial product revenue, we expect to finance our cash needs through equity offerings, debt financings, or other capital sources, including potential collaborations, licenses and other similar arrangements. We do not have any committed external source of funds. On February 3, 2025, we filed an automatic universal shelf registration on Form S-3 with the SEC, which became effective upon filing, on which we registered for sale any combination of our common stock, preferred stock, debt securities, warrants, rights and/or units from time to time and at prices and on terms that we may determine (2025 Form S-3), including up to $250 million of common stock which we may offer and sell, from time to time at our sole discretion, under our at-the-market program sales agreement that we entered into with Jefferies LLC (Jefferies) in February 2025 (2025 Sales Agreement). In addition, we may seek additional capital due to favorable market conditions or strategic considerations, even if we believe that we have sufficient funds for our current or future operating plans. To the extent that we raise additional capital through the sale of equity or convertible debt securities, your ownership interest may be diluted, and the terms of these securities may include liquidation or other preferences that adversely affect your rights as a common stockholder. Debt financing and preferred equity financing, if available, may involve agreements that include covenants limiting or restricting our ability to take specific actions, such as incurring additional debt, making capital expenditures or declaring dividends. Such restrictions could adversely impact our ability to conduct our operations and execute our business plan. If we raise additional funds through collaborations, licenses and other similar arrangements, we may be required to relinquish valuable rights to our future revenue streams, product candidates, research programs, intellectual property or proprietary technology, or grant licenses on terms that may not be favorable to us and/or that may reduce the value of our common stock. If we are unable to raise additional funds through equity or debt financings or other arrangements when needed or on terms acceptable to us, we would be required to delay, limit, reduce, or terminate our product development or future commercialization efforts, or grant rights to develop and market product candidates that we might otherwise prefer to develop and market ourselves, or on less favorable terms than we would otherwise choose.

Pursuant to Section 404 of the Sarbanes-Oxley Act, our management is required to report on the effectiveness of our internal control over financial reporting. When we lose our status as an "emerging growth company" and do not otherwise qualify as a "smaller reporting company" with less than $100.0 million in annual revenue, our independent registered public accounting firm will be required to attest to the effectiveness of our internal control over financial reporting. The rules governing the standards that must be met for our management to assess our internal control over financial reporting are complex and require significant documentation, testing and possible remediation. To comply with the requirements of being a reporting company under the Exchange Act, we may need to upgrade our information technology systems; implement additional financial and management controls, reporting systems and procedures; and hire additional accounting and finance staff. If we or, if required, our auditors are unable to conclude that our internal control over financial reporting is effective, investors may lose confidence in our financial reporting and the trading price of our common stock may decline. The identification of material weaknesses could result in an adverse reaction in the financial markets due to a loss of confidence in the reliability of our financial statements. The PCAOB has defined a material weakness as "a deficiency, or a combination of deficiencies in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the annual or interim statements will not be prevented or detected on a timely basis." Although we determined that our internal controls over financing reporting were effective as of December 31, 2025, we may in the future identify internal control deficiencies that could rise to the level of a material weakness or uncover other errors in financial reporting. During the course of our evaluation of these material weaknesses, we may identify areas requiring improvement and may be required to design additional enhanced processes and controls to address issues identified through this review. There can be no assurance that such remediation efforts will be successful, that our internal control over financial reporting will be effective as a result of these efforts or that any such future deficiencies identified may not be material weaknesses that would be required to be reported in future periods. In addition, we cannot assure you that our independent registered public accounting firm will be able to attest that such internal controls are effective when they are required to do so. If we fail to maintain effective disclosure controls and procedures or internal control over financial reporting or remediate any future material weaknesses, you may not be able to rely on the integrity of our financial results, which could result in inaccurate or late reporting of our financial results, as well as delays or the inability to meet our reporting obligations or to comply with the rules and regulations of the Securities and Exchange Commission. Any of these events could result in delisting actions by the Nasdaq Stock Market, investigation and sanctions by regulatory authorities, and stockholder investigations and lawsuits, in addition to adversely affecting our business and the trading price of our common stock.

We are currently collaborating with third parties to develop certain of our potential drug candidates. For example, we are collaborating with Allist with respect to certain aspects of firmonertinib and are collaborating with Lepu Biopharma with respect to ARR-217. In the future, we may seek to enter into collaborations, joint ventures, license agreements and other similar arrangements for the development or commercialization of our current product candidates, and any future product candidates, due to capital costs required to develop or commercialize the product candidate or manufacturing constraints. For example, certain of the cancer disease areas that we believe our product candidates address require large, costly and later-stage clinical trials, which a collaboration partner may be better positioned to finance and/or conduct. In addition, a component of our strategy is to maximize the commercial value of our current and future product candidates, which may also strategically align with partnering commercial rights with partners that have large and established sales organizations. To the extent that we decide to enter into collaborations, joint ventures, license agreements and other similar arrangements, we may not be successful in our efforts to establish or maintain such collaborations because our research and development pipeline may be insufficient, any future product candidates may be deemed to be at too early of a stage of development for collaborative effort or third parties may not view our product candidates as having the requisite potential to demonstrate safety and efficacy or significant commercial opportunity. In addition, we face significant competition in seeking appropriate strategic partners, and the negotiation process can be time-consuming and complex. Even if we are successful in our efforts to establish such collaborations, the terms that we agree upon may not be favorable to us. For example, we may need to relinquish valuable rights to our future revenue streams, research programs, intellectual property or product candidates, or grant licenses on terms that may not be favorable to us, as part of any such arrangement, and such arrangements may restrict us from entering into additional agreements with other potential collaborators. In addition, if we enter into such collaborations, we will have limited control over the amount and timing of resources that our collaborators will dedicate to the development or commercialization of our product candidates. Our ability to generate revenue from these arrangements will depend on any future collaborators' abilities to successfully perform the functions assigned to them in these arrangements. We cannot be certain that, following a collaboration, license or strategic transaction, we will achieve an economic benefit that justifies such transaction. Furthermore, we may not be able to maintain such collaborations if, for example, the development or approval of a product candidate is delayed, the safety of a product candidate is questioned or the sales of an approved product candidate are unsatisfactory. Collaborations involving our current or future product candidates would pose significant risks to us, including the following: - collaborators have significant discretion in determining the efforts and resources that they will apply to these collaborations;- collaborators may not perform their obligations as expected or at all;- we could grant exclusive rights to our collaborators that would prevent us from collaborating with others;- collaborators may not pursue development and commercialization of any product candidates that achieve regulatory approval or may elect not to continue or renew development or commercialization programs based on clinical trial results, changes in the collaborators' strategic focus or available funding, or external factors, such as an acquisition, that divert resources or create competing priorities;- collaborators may delay clinical trials, provide insufficient funding for a clinical trial program, stop a clinical trial or abandon a product candidate, repeat or conduct new clinical trials or require a new formulation of a product candidate for clinical testing;- collaborators could independently develop, or develop with third parties, products that compete directly or indirectly with our product candidates if the collaborators believe that competitive products are more likely to be successfully developed or can be commercialized under terms that are more economically attractive than ours;- product candidates discovered in collaboration with us may be viewed by our collaborators as competitive with their own product candidates or drugs, which may cause collaborators to cease to devote resources to the commercialization of our product candidates;- a collaborator with marketing and distribution rights to any product candidate that achieves regulatory approval may not commit sufficient resources to the marketing and distribution of such products;- a collaborator's sales and marketing activities or other operations may not be in compliance with applicable laws, resulting in civil or criminal proceedings;- disagreements with collaborators, including disagreements over proprietary rights, contract interpretation or the preferred course of development, might cause delays in or termination of the research, development or commercialization of product candidates, might lead to additional responsibilities for us with respect to product candidates, or might result in litigation or arbitration, any of which would be time-consuming and expensive;- collaborators may not properly enforce, maintain or defend our or their intellectual property rights or may use our or their proprietary information in such a way as to invite litigation that could jeopardize or invalidate such intellectual property or proprietary information or expose us to potential litigation;- collaborators may infringe, misappropriate or otherwise violate the intellectual property rights of third parties, which may expose us to litigation and potential liability;- collaborators may not provide us with timely and accurate information regarding development, regulatory or commercialization status or results, which could adversely impact our ability to manage our own development efforts, accurately forecast financial results or provide timely information to our stockholders regarding our out-licensed product candidates;- we may be required to invest resources and attention into such collaboration, which could distract from other business objectives;- disputes may arise between the collaborators and us regarding ownership of or other rights in the intellectual property generated in the course of the collaborations;- collaboration agreements may not lead to development or commercialization of product candidates in the most efficient manner or at all;- if a collaborator of ours were to be involved in a business combination, the continued pursuit and emphasis on our product development or commercialization program could be delayed, diminished or terminated; and - collaborations may be terminated, including for the convenience of the collaborator, prior to or upon the expiration of the agreed upon terms and, if terminated, we may find it more difficult to enter into future collaborations or be required to raise additional capital to pursue further development or commercialization of the applicable product candidates. Any termination of collaborations we currently depend on or may enter into in the future, or any delay in entering into collaborations related to our current or future product candidates, could delay the development and commercialization of our product candidates and reduce their competitiveness if they reach the market, which could have a material adverse effect on our business, financial condition, results of operations and prospects.

In the ordinary course of business, we collect and process personal data and other sensitive information, including proprietary and confidential business data, trade secrets, employee data, intellectual property, data we collect about trial participants in connection with clinical trials, and other sensitive third-party data. Our data processing activities may subject us to numerous privacy and data protection obligations, such as various laws, regulations, guidance, industry standards, external and internal privacy and security policies, contractual requirements, and other obligations relating to privacy and data protection. Various federal, state, local and foreign legislative and regulatory bodies, or self-regulatory organizations, may expand or amend current laws, rules or regulations, enact new laws, rules or regulations or issue revised rules or guidance regarding privacy and data protection. In the United States, federal, state, and local governments have enacted numerous privacy and data protection laws, including data breach notification laws, personal data privacy laws, consumer protection laws, e.g., Section 5 of the Federal Trade Commission Act, and other similar laws, e.g., wiretapping laws. HIPAA, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 and their respective implementing regulations (collectively, HIPAA), imposes certain privacy and security requirements for individually identifiable health information on certain entities, namely certain healthcare providers, health plans, and healthcare clearinghouses (covered entities) and their respective "business associates" who directly or as a subcontractor provide services involving the creation, use, maintenance or disclosure of individually identifiable health information on covered entities' behalf. As a clinical trial sponsor, we are not directly subject to HIPAA, but we do have relationships with providers and other entities subject to the law and thus must structure those relationships in a manner consistent with HIPAA requirements. If any of the physicians or other health care providers or entities with whom we expect to do business are found to be not in compliance with HIPAA or other applicable privacy laws, they may be subject to criminal, civil or administrative sanctions, including exclusions from government funded health care programs. If regulatory authorities challenge our activities, or those of a collaborator or other third party on which we rely, under HIPAA or other privacy laws applicable to the privacy and security of health information, any such challenge could have a material adverse effect on our reputation, business, results of operations and financial condition. Any investigation of or enforcement against us or the third parties with whom we contract, including a research collaborator, regardless of the outcome, would be costly and time consuming, and may negatively affect our ability to conduct clinical trials, results of operations and financial condition. Other federal and state laws establish additional requirements for protecting the privacy and security of health information that is not protected by HIPAA. For instance, Washington state recently passed the "My Health My Data" Act, which came into force in 2024 and regulates "consumer health data," which is defined as "personal information that is linked or reasonably linkable to a consumer and that identifies a consumer's past, present, or future physical or mental health." The "My Health My Data" Act provides exemptions for personal data used or shared in connection with certain research activities, including data subject to 45 C.F.R. Parts 46, 50 and 56. Notably, the "My Health My Data" Act contains a private right of action. In addition, Nevada recently enacted a consumer health data privacy bill, SB 370, which also took effect in 2024, and regulates "consumer health data." SB 370 shares many similarities with Washington's "My Health My Data" Act, and Connecticut recently amended its comprehensive privacy law to include heighted regulation of "consumer health data." Additional states may adopt health-specific privacy laws that could impact our business activities and our collection and handling of health-related data. More broadly, various U.S. states now regulate the processing of personal data. For example, California was the first of an ever-increasing number of states to enact comprehensive state privacy legislation with the California Consumer Privacy Act (CCPA), which went into effect in January of 2020. The CCPA established a privacy framework for covered businesses by creating an expanded definition of personal data, establishing data privacy rights for California residents, requiring covered businesses to provide disclosures to California residents, and creating a statutory damages framework with the potential for severe damages for violations of the CCPA and for businesses that fail to implement reasonable security procedures and practices to prevent data breaches, as well as a private right of action for certain data breaches. Additionally, in 2020 California voters passed the California Privacy Rights Act of 2020 (CPRA), which went into effect on January 1, 2023. The CPRA significantly amends and expands the CCPA, such as granting additional rights to California residents, including the right to correct personal data and additional opt-out rights. Among other things, the CPRA also establishes a regulatory agency, the California Privacy Protection Agency, which enacts new regulations under the CCPA and has expanded enforcement authority. In 2023, comprehensive privacy laws in Virginia, Colorado, Connecticut, and Utah all took effect, and laws in Montana, Oregon, and Texas took effect during 2024. Laws in a number of other U.S. states took effect, or are set to take effect, in 2025, in 2026, and beyond. Additional U.S. states have proposals under consideration, all of which are likely to increase our regulatory compliance costs and risks, exposure to regulatory enforcement action, and other liabilities. While these state privacy laws, such as the CCPA, contain exemptions for certain types of personal data, such as personal data processed in the context of clinical trials, these laws may further complicate compliance efforts, and increase legal risk and compliance costs for us and the third parties upon whom we rely. The scope and enforcement of these laws is uncertain and evolving. In addition to government activity, privacy advocacy groups and technology and other industries are considering various new, additional or different self-regulatory standards that may place additional burdens on us. Numerous other countries have, or are developing, laws governing the collection, use and transmission of personal data as well. In the ordinary course of business, we transfer personal data from Europe and other jurisdictions to the United States or other countries and may be subject to the General Data Protection Regulation (GDPR) and UK GDPR, as well as other foreign data protection laws. Europe and other jurisdictions have enacted laws requiring data to be localized or limiting the transfer of personal data to other countries and impose other restrictions on processing sensitive personal data, including genetic information and testing information. In particular, the EEA and the United Kingdom have significantly restricted the transfer of personal data to the United States and other countries whose privacy laws it generally believes are inadequate. Other jurisdictions may adopt or have already adopted similarly stringent data localization and cross-border data transfer laws. In July 2023, the European Commission adopted an adequacy decision for a new mechanism for transferring personal data from the European Union to the United States, the EU-U.S. Data Privacy Framework, which provides EU individuals with several new rights, including the right to obtain access to their data, or obtain correction or deletion of incorrect or unlawfully handled data. In addition, the EU-U.S. Data Privacy Framework offers additional redress avenues for violations, including free of charge independent dispute resolution mechanisms and an arbitration panel. The United Kingdom followed the European Commission in October of 2023 and adopted its "extension" to the EU-U.S. Data Privacy Framework. The European Commission and the United Kingdom will continually review developments in the United States along with their adequacy decisions. Adequacy decisions can be adapted or even withdrawn in the event of developments affecting the level of protection in the applicable jurisdiction. Future actions of EU and UK data protection authorities are difficult to predict, and the GDPR permits EU states to frame national legislation that may derogate from the GDPR. If there is no lawful manner for us to transfer personal data from the EEA, the UK or other jurisdictions to the United States, or if the requirements for a legally-compliant transfer are too onerous, we could face significant adverse consequences, including the interruption or degradation of our operations at significant expense, increased exposure to regulatory actions, substantial fines and penalties, the inability to transfer data and work with partners, vendors and other third parties, and injunctions against our processing or transferring of personal data necessary to operate our business. Additionally, companies that transfer personal data out of the EEA and UK to other jurisdictions, particularly to the United States, are subject to increased scrutiny from regulators, individual litigants, and activist groups.  Some European regulators have ordered certain companies to suspend or permanently cease certain transfers out of Europe for allegedly violating the GDPR's cross-border data transfer limitations. Regulators in the United States such as the Department of Justice are also increasingly scrutinizing certain personal data transfers and, effective October of 2025, the DOJ has implemented what is known as the Bulk Transfer Rule restricting transfers of bulk sensitive personal data (like health, genomic, or financial info) and U.S. government-related data to "countries of concern" (e.g., China, Russia) or related entities, focusing on national security by preventing adversary access, absent an exception that permits such transfers. It requires U.S. companies to implement data security programs, audit compliance, and maintain records, with significant penalties for violations, aiming to safeguard sensitive U.S. data from foreign adversaries. In the ordinary course of business, as part of our clinical development programs, we transfer health and other data to China and we could face significant adverse consequences, including the interruption or degradation of our operations at significant expense, increased exposure to regulatory actions, substantial fines and penalties, the inability to transfer data and work with partners, vendors and other third parties, and injunctions against our processing or transferring of personal data necessary to operate our business if we are unable to comply with the requirements of the Bulk Transfer Rule. In addition to privacy and data protection laws in the United States, European Union, and United Kingdom, various other jurisdictions in which we operate have established legal frameworks relating to privacy, data protection, and information security matters to which we may also be subject. For example, we are also subject to laws in China. Under the Cybersecurity Law of the People's Republic of China (China's Cybersecurity Law), any collection, use, transfer and storage of personal information of a Chinese citizen through a network by the network operator should be based on the three principles of legitimacy, justification and necessity and requires the consent of the data subject. The rules, purposes, methods and ranges of such collection should also be disclosed to the data subject. China's data localization requirements are becoming increasingly common in sector-specific regulations, and laws including data localization requirements exist in many of the other jurisdictions in which we operate. For example, China's Cybersecurity Law requires operators of critical information infrastructure (CIIOs) to store personal information and important data collected and generated from the critical information infrastructure within China. Non-compliance with China's Cybersecurity Law can result in fines for the relevant entity as well as for the personnel directly responsible. On September 14, 2022, the Cyberspace Administration of China (CAC), China's top cybersecurity regulator, released new amendments to China's Cybersecurity Law for public consultation and if the amendments are passed, the amended law will increase the penalties for violations of cybersecurity obligations under the Cybersecurity Law to up to RMB 50 million, in line with those under the Data Security Law and PIPL. Building on this, China's Data Security Law (Data Security Law) became effective on September 1, 2021. The primary purpose of the Data Security Law is to regulate data activities, safeguard data security, promote data development and usage, protect individuals and entities' legitimate rights and interests, and safeguard state sovereignty, state security and development interests. The Data Security Law applies extraterritorially, and to a broad range of activities that involve "data" (not only personal or sensitive data). Under the Data Security Law, entities and individuals carrying out data activities must abide by various data security obligations. For example, the Data Security Law proposes to classify and protect data based on the importance of data to the state's economic development, as well as the degree of harm it will cause to national security, public interests, or legitimate rights and interests of individuals or organizations when such data is tampered with, destroyed, leaked, or illegally acquired or used. The appropriate level of protective measures is required to be taken for each respective class of data. The Data Security Law also echoes the data localization requirement in the Cybersecurity Law and requires important data to be stored locally in China. Such important data may only be transferred outside of China subject to compliance with certain data transfer restrictions, such as passing a security assessment organized by the relevant authorities. The Cybersecurity Review Measures, which took effect on February 15, 2022 in China, clarify when entities must apply for a mandatory cybersecurity review from the Chinese government authorities. These circumstances include (i) when CIIOs purchase network products that may affect national security, (ii) when a network platform operator's data processing activities may affect national security, or (iii) when a network platform operator holds personal information of more than one million individuals and plans on listing publicly outside China. Network platform operators are not defined under the Cybersecurity Review Measures but are understood to be broadly interpreted to include all Internet platform operators or service providers, thus providing for a broad application. A mandatory cybersecurity review is likely to prolong the timeline of any contemplated listing timeline outside China and increase the regulatory compliance burden on entities that are subject to this requirement. At this time, the Company does not act as a network platform operator and does not hold the personal information of more than one million individuals in China, and as such, we do not believe the Company would be subject to the Cybersecurity Review Measures. However, the relevant Chinese authorities have great discretion, and it is generally uncertain as to how they may interpret and enforce the Cybersecurity Review Measures in practice. Additionally, on August 20, 2021, China announced the Personal Information Protection Law (PIPL), which took effect on November 1, 2021. The PIPL is intended to clarify the scope of application, the definitions of personal information and sensitive personal information, the legality of personal information processing and the basic requirements of notice and consent, among other things. The PIPL also sets out data localization requirements for CIIOs and personal information processors who process personal information above a certain threshold prescribed by the relevant authorities. The PIPL also includes a list of rules which must be complied with prior to the transfer of personal information outside of China, such as compliance with a security assessment or certification by an agency designated by the relevant authorities or entering into standard form model contracts approved by the relevant authorities with the overseas recipient. On July 7, 2022, the CAC issued Security Assessment Measures for Outbound Data Transfers, which became effective on September 1, 2022. The Security Assessment Measures for Outbound Data Transfers clarifies the security assessment requirement under the PIPL and requires a data processor to apply for the security assessment organized by the CAC under any of the following circumstances before the information is transferred outbound: (i) where a data processor provides key data overseas, (ii) critical information infrastructure operator and personal information processors who process more than one million individuals' personal information; (iii) where a data processor has cumulatively provided personal information of over 100,000 individuals or sensitive personal information of over 10,000 individuals in total abroad since January 1st of the previous year. Additionally, on November 18, 2022, the CAC and the State Administration of Market Regulation issued the Implementation Rules for Personal Information Protection Certification which apply with immediate effect and which provide important guidance on obtaining a personal information certification for lawful cross-border transfer of personal information under the PIPL. Notably, the PIPL, similar to both the GDPR and certain U.S. privacy laws, applies extraterritorially. Failure to comply with PIPL can result in fines of up to RMB 50 million or 5% of the prior year's total annual revenue for the personal information processor and/or a suspension of services or data processing activities. Other potential penalties include a fine of up to RMB 1 million on the person in charge or directly responsible personnel and, in serious cases, individuals and entities may be exposed to criminal liabilities under other local Chinese law, such as the Criminal Law of the People's Republic of China. The PIPL also prohibits responsible personnel for violations of the PIPL from holding high level management or data protection officer positions in relevant enterprises. In addition to China's Cybersecurity Law, the Data Security Law and the PIPL, the government agencies of China promulgated several regulations or released a number of draft regulations for public comments which are designed to provide further implemental guidance in accordance with the laws mentioned above. We cannot predict what impact the new laws and regulations or the increased costs of compliance, if any, will have on our operations in China, in particular the Data Security Law or PIPL, or the increased costs of compliance, if any, will have on our operations in China due to their recent enactment and the limited guidance available on their scope and applicability, particularly on PIPL. It is also generally unclear how the laws will be interpreted and enforced in practice by the relevant government authorities as often the abovementioned laws are drafted broadly and thus leaves great discretion to the relevant government authorities to exercise. We also publicly post privacy policies and notices that describe our practices concerning our collection, use, disclosure and other processing of personal data. Although we endeavor to comply with our public-facing privacy policies and notices, we may at times fail to do so or be perceived to have failed to do so, and we may be subject us to enforcement actions if our privacy policies and notices are found to be deceptive, unfair or misrepresentative of our actual practices, which could result in, regulatory inquiries and investigations or adverse publicity and could cause our customers and collaborators to lose trust in us, any of which could adversely affect our business, financial condition, results of operations and prospects. Applicable data privacy and data protection laws may conflict with each other, and by complying with the laws or regulations of one jurisdiction, the Company may find that it is violating the laws or regulations of another jurisdiction. Despite the Company's efforts, the Company may not have fully complied in the past and may not in the future. Evolving legal, contractual, and other privacy and data protection obligations, could impose significant limitations, require changes to our business, or restrict our collection, use, storage or processing of personal data, which may increase our compliance expenses and make our business more costly or less efficient to conduct. In addition, any such changes could impact our ability to develop an adequate marketing strategy and pursue our growth strategy effectively, or even prevent us from providing certain products in jurisdictions in which we currently operate, and in which we may operate in the future, or incur potential liability in an effort to comply, which, in turn, could adversely affect our business, financial condition, results of operations and prospects. Complying with these numerous, complex and often evolving requirements is expensive and difficult, and suspected and actual failure to comply, whether by us, our service providers, CROs, business partners or other third parties, or any inadvertent or unauthorized access to or use or disclosure of data that we store or handle as part of operating our business, could adversely affect our business, financial condition, results of operations and prospects, including but not limited to: loss of customers; interruptions or stoppages in our business operations (including clinical trials); inability to process personal data or to operate in certain jurisdictions; limit our ability to develop or commercialize our products; expenditure of time and resources; investigation costs; material fines and penalties; compensatory, special, punitive and statutory damages; litigation; consent orders regarding our privacy and security practices; requirements that we provide notices, credit monitoring services and/or credit restoration services or other relevant services to impacted individuals; adverse actions against our licenses to do business; reputational damage; and injunctive relief. We may also be contractually required to indemnify and hold harmless third parties. The successful assertion of one or more large claims against us that exceeds our available insurance coverage, or results in changes to our insurance policies (including premium increases or the imposition of large deductible or co-insurance requirements), could have an adverse effect on our business. In addition, we cannot be sure that our existing insurance coverage will continue to be available on acceptable terms or that our insurers will not deny coverage as to any future claim.

In the past, securities class action litigation has often been brought against a company following a decline in the market price of its securities. This risk is especially relevant for us because biotechnology and biopharmaceutical companies have experienced significant stock price volatility in recent years. If we face such litigation, even if ultimately decided in our favor, it could result in substantial costs that may not be fully covered by insurance, and a diversion of our management's attention and resources, which could harm our business.

The ability of the FDA and other government agencies to review and approve new medical products can be affected by a variety of factors, including government budget and funding levels, statutory, regulatory and policy changes, a government agency's ability to hire and retain key personnel and accept the payment of user fees, and other events that may otherwise affect the government agency's ability to perform routine functions. Average review times at the FDA and other government agencies have fluctuated in recent years as a result. In addition, government funding of other government agencies that fund research and development activities is subject to the political process, which is inherently fluid and unpredictable. Disruptions at the FDA and other agencies may also slow the time necessary for new drugs or modifications to approved drugs to be reviewed and/or approved by necessary government agencies, which would adversely affect our business. For example, over the last several years, including during the fourth quarter of 2025, the U.S. government has shut down several times and certain regulatory agencies, such as the FDA, have had to furlough critical employees and stop critical activities during that period. Additionally, over the past year the FDA has experienced significant and rapid fluctuations in leadership and scientific review personnel, which may be key contributing factors in multiple reported delays in agency decision making on marketing applications and agency requests for additional data that are inconsistent with prior regulatory feedback. The impact of the current administration's mass layoffs at the agency, as well as at other governmental offices with which we interact is unclear at this time. Separately, during the heights of the COVID-19 pandemic, the FDA postponed most inspections of domestic and foreign manufacturing facilities at various points, and regulatory authorities outside the United States adopted similar policy measures. Future emerging infectious disease outbreaks, epidemics or pandemics may lead to such policy and resource prioritization changes in the future. If a prolonged government shutdown or slowdown occurs, or if global health concerns similar to COVID-19 prevent the FDA or other regulatory authorities from conducting their regular inspections, reviews or other regulatory activities, it could significantly impact the ability of the FDA or other regulatory authorities to timely review and process our regulatory submissions, which could have a material adverse effect on our business. Further, in our operations as a public company, future government shutdowns could impact our ability to access the public markets and obtain necessary capital in order to properly capitalize and continue our operations.

We are exposed to the risk that our employees and independent contractors, including principal investigators, CROs, consultants and vendors may engage in misconduct or other illegal activity. Misconduct by these parties could include intentional, reckless and/or negligent conduct or disclosure of unauthorized activities to us that violate: (i) the laws and regulations of the FDA and other similar foreign regulatory authority requirements, including those laws that require the reporting of true, complete and accurate information to such authorities, (ii) manufacturing standards, including cGMP requirements, (iii) federal and state data privacy, security, fraud and abuse and other healthcare laws and regulations in the United States and abroad (iv) laws that require the true, complete and accurate reporting of financial information or data, or (v) laws that prohibit insider trading. Activities subject to these laws also involve the improper use or misrepresentation of information obtained in the course of clinical trials, the creation of fraudulent data in our nonclinical studies or clinical trials or illegal misappropriation of drug product, which could result in regulatory sanctions and cause serious harm to our reputation. It is not always possible to identify and deter misconduct by employees and other third parties, and the precautions we take to detect and prevent this activity may not be effective in controlling unknown or unmanaged risks or losses or in protecting us from governmental investigations or other actions or lawsuits stemming from a failure to be in compliance with such laws or regulations. In addition, we are subject to the risk that a person or government could allege such fraud or other misconduct, even if none occurred. If any such actions are instituted against us, and we are not successful in defending ourselves or asserting our rights, those actions could have a significant impact on our business and financial results, including, without limitation, the imposition of significant civil, criminal and administrative penalties, damages, monetary fines, disgorgements, possible exclusion from participation in Medicare, Medicaid and other federal healthcare programs, imprisonment, contractual damages, reputational harm, diminished profits and future earnings, additional reporting requirements and oversight if we become subject to a corporate integrity agreement or similar agreement to resolve allegations of non-compliance with these laws and curtailment of our operations, any of which could adversely affect our ability to operate our business and our results of operations.

We do not own or operate manufacturing facilities and have no plans to develop our own clinical or commercial-scale manufacturing capabilities. We rely on Chinese third parties, and expect to continue to rely, on such third parties for the manufacture of firmonertinib, ARR-217, and ARR-002, and related raw materials for clinical development, as well as for commercial manufacture of firmonertinib, should firmonertinib receive marketing approval. The facilities used by third-party manufacturers to manufacture our product candidates must be approved by the FDA and any comparable foreign regulatory authority pursuant to inspections that will be conducted after we submit an NDA/BLA to the FDA or make any comparable submission to a foreign regulatory authority. We do not control the manufacturing process of, and are completely dependent on, third-party manufacturers for compliance with cGMP requirements for manufacture of products. If these third-party manufacturers cannot successfully manufacture material that conforms to our specifications and the strict regulatory requirements of the FDA or any comparable foreign regulatory authority, they will not be able to secure and/or maintain regulatory approval for their manufacturing facilities. In addition, we have no control over the ability of third-party manufacturers to maintain adequate quality control, quality assurance and qualified personnel. If the FDA or any comparable foreign regulatory authority does not approve these facilities for the manufacture of our current product candidates or if it withdraws any such approval in the future, we may need to find alternative manufacturing facilities, which would significantly impact our ability to develop, obtain regulatory approval for or market our current product candidates if approved. Our failure, or the failure of our third-party manufacturers, to comply with applicable regulations also could result in sanctions being imposed on us, including clinical holds, fines, injunctions, civil penalties, delays, suspension or withdrawal of approvals, seizures or recalls of our current product candidates or any future products, operating restrictions and criminal prosecutions, any of which could significantly and adversely affect supplies of our products and our financial position. Our or a third party's failure to execute on our manufacturing requirements on commercially reasonable terms, in a timely manner and in compliance with cGMP or other regulatory requirements could adversely affect our business in a number of ways, including: - an inability to initiate or complete clinical trials of our current product candidates, or any other future product candidates in a timely manner;- delay in submitting regulatory applications, or receiving marketing approvals for our current product candidates or any future product candidates;- subjecting third-party manufacturing facilities or our potential future manufacturing facilities to additional inspections by regulatory authorities;- requirements to cease development or to recall batches of our current or future product candidates; and - in the event of approval to market and commercialize our current or future product candidates, an inability to meet commercial demands for our current or future product candidates. In addition, we do not have any long-term commitments or supply agreements with any third-party manufacturers. We may be unable to establish any long-term supply agreements with third-party manufacturers or to do so on acceptable terms, which increases the risk of failing to timely obtain sufficient quantities of our product candidates or such quantities at an acceptable cost. Even if we are able to establish agreements with third-party manufacturers, reliance on third-party manufacturers entails additional risks, including: - failure of third-party manufacturers to comply with regulatory requirements and maintain quality assurance;- breach of the manufacturing agreement by the third party;- failure to manufacture our product candidates according to our specifications;- failure to obtain adequate raw materials and other materials required for manufacturing;- failure to manufacture our product according to our schedule or at all;- failure to successfully scale up manufacturing capacity, if required;- misappropriation of our proprietary information, including any potential trade secrets and know-how; and - termination or nonrenewal of the agreement by the third party at a time that is costly or inconvenient for us. Any performance failure on the part of our existing or future manufacturers could delay clinical development or marketing approval or jeopardize our ability to commence or continue commercialization of our current product candidates or any future product candidates, and any related remedial measures may be costly or time consuming to implement. We do not currently have arrangements in place for redundant supply or a second source for all required raw materials used in the manufacture of our product candidates. If our existing or future third-party manufacturers cannot perform as agreed, we may be required to replace such manufacturers and we may be unable to replace them on a timely basis or at all. Without additional suppliers of required raw materials, we may also be unable to meet the commercial needs of a commercial launch of any future product candidates. In addition, our current and anticipated future dependence upon others for the manufacture of our product candidates and any future product candidates may adversely affect our future profit margins and our ability to commercialize any products that receive marketing approval on a timely and competitive basis. A portion of our product development and manufacturing for our current product candidates takes place in China through third-party manufacturers. A significant disruption in the operation of those manufacturers, a trade war or political unrest in China, or a change in the regulatory framework in the United States or China, could materially adversely affect our business, financial condition and results of operations. Currently, we rely on and have agreements with two third-party contract manufacturers, Raybow and WuXi STA, to supply the drug substance for firmonertinib for use in ongoing and planned clinical trials. We also rely on and have an agreement with WuXi STA to manufacture the clinical trial supplies of firmonertinib drug product and supplies for initial commercial launch in the United States, if approved. Both third-party contract manufacturers are located in China, and we expect to continue to use such third-party manufacturers for such firmonertinib drug substance and drug product supplies. We expect to rely on manufacturers in China for ARR-217 drug substance and drug product for use in clinical studies and also expect to rely on WuXi XDC for the manufacture of ARR-002 for initial clinical studies. Any disruption in production or inability of our manufacturers in China to produce adequate quantities to meet our needs, whether as a result of a natural disaster, infectious disease outbreak, or other causes could impair our ability to operate our business on a day-to-day basis and to continue our development of our product candidates, and commercialization of firmonertinib, if approved. Furthermore, since these manufacturers are located in China, we are exposed to the possibility of product supply disruption and increased costs in the event of changes in the policies of the U.S. or Chinese governments, political unrest or unstable economic conditions in China. The National Defense Authorization Act for Fiscal Year 2026 includes a section titled, "Prohibition on Contracting with Certain Biotechnology Providers," also known as the BIOSECURE Act, aimed at discouraging federal contracting with certain biotechnology companies for biotechnology equipment or services in China and other countries of concern. The statute prohibits federal executive agencies from procuring any biotechnology equipment or service from a biotechnology company of concern (BCC) or contracting with any such company or any entity that procures or uses equipment or services from a BCC. Any company on the Department of Defense's Chinese Military Companies List (1260H list) is considered a BCC under the new law and the White House Office of Management and Budget is empowered to designate companies as BCCs based on consultations with Cabinet Secretaries and other key leaders from the executive branch. Such prohibitions may limit our ability to obtain federal government grants for research involving our products, if approved, or product candidates manufactured in China or to enter contracts to sell any such products, if approved, to the federal government. If we are required to change manufacturers for any reason, we will be required to verify that the new manufacturer maintains facilities and procedures that comply with quality standards and with all applicable regulations and guidelines. For example, in the event that we need to switch our third- party manufacturer of firmonertinib or ARR-002 from WuXi STA or related entities, we anticipate that the complexity of the manufacturing process may impact the amount of time it may take to secure a replacement manufacturer. The delays associated with the verification of a new manufacturer, once we are able to identify an alternative source, could negatively affect our ability to develop product candidates in a timely manner or within budget, which could materially adversely affect our business, financial condition and results of operations. Changes in United States trade policy, including recently announced or potential future tariffs, could have a material adverse impact on our business, financial condition, and results of operations. The imposition of new tariffs or increases in existing tariffs on goods imported from or expected to be imported from countries where we or our suppliers operate could result in higher costs for materials or components essential to our operations. For example, in April 2025, the United States imposed broad tariffs on imports from virtually all countries, with particularly high tariffs on imports from China. Since this announcement, most tariffs for countries other than China have been suspended temporarily. In response to tariffs, some countries have implemented retaliatory tariffs on U.S. goods, while others seek to negotiate agreements regarding U.S.-imposed tariffs. Historically, tariffs have led to increased trade and political tensions and, to date, the outcome of the negotiations between the United States and the various countries is not yet clear. Political tensions as a result of trade policies could reduce trade volume, investment, technological exchange and other economic activities between major international economies, resulting in a material adverse effect on global economic conditions and the stability of global financial markets. Any changes in political, trade, regulatory, and economic conditions, including U.S. trade policies, could have a material adverse effect on our financial condition or results of operations.

The precise incidence and prevalence for the various mutations of NSCLC we aim to address with firmonertinib or any other current or future product candidates are unknown. Similarly, the precise incidence and prevalence for the gastrointestinal cancers we aim to address with ARR-217 or any other current or future product candidates are unknown. Our projections of both the number of people who have such cancers or other diseases we target, as well as the subset of people with these diseases who have the potential to benefit from treatment with our product candidates, are based on a number of internal and third-party estimates. These estimates have been derived from a variety of sources, including scientific literature, surveys of clinics, patient foundations or market research, and may prove to be incorrect. Further, new trials may change the estimated incidence or prevalence of these indications. While we believe our assumptions and the data underlying our estimates are reasonable, we have not independently verified the accuracy of the third-party data on which we have based our assumptions and estimates, and these assumptions and estimates may not be correct and the conditions supporting our assumptions or estimates may change at any time, including as a result of factors outside our control, thereby reducing the predictive accuracy of these underlying factors. The total addressable market across all of the potential indications for our current product candidates, and any future product candidates will ultimately depend upon, among other things, the diagnosis criteria included in the final label for each such product candidate which receives marketing approval for these indications, the availability of alternative treatments and the safety, convenience, cost and efficacy of such product candidates relative to such alternative treatments, acceptance by the medical community and patient access, drug pricing and reimbursement. The number of patients in the United States and other major markets and elsewhere may turn out to be lower than expected, patients may not be otherwise amenable to treatment with our product candidates or new patients may become increasingly difficult to identify or gain access to, all of which would adversely affect our business, financial condition and results of operations.

The availability of coverage and the adequacy of reimbursement by governmental healthcare programs such as Medicare and Medicaid, private health insurers and other third-party payors are essential for most patients to be able to afford prescription medications such as our current product candidates, and any future product candidates, if approved. Our ability to achieve coverage and acceptable levels of reimbursement for our products by third-party payors will have an effect on our ability to successfully commercialize those products. Accordingly, we will need to successfully implement a coverage and reimbursement strategy for any approved product candidate. Even if we obtain coverage for a given product by a third-party payor, the resulting reimbursement payment rates may not be adequate or may require co-payments that patients find unacceptably high. If we participate in the Medicaid Drug Rebate Program or other governmental pricing programs, in certain circumstances, our products would be subject to ceiling prices set by such programs, which could reduce the revenue we may generate from any such products. Participation in such programs would also expose us to the risk of significant civil monetary penalties, sanctions and fines should we be found to be in violation of any applicable obligations thereunder. For products administered under the supervision of a physician, obtaining coverage and adequate reimbursement may be particularly difficult because of the higher prices often associated with such drugs. Additionally, separate reimbursement for the product itself or the treatment or procedure in which the product is used may not be available, which may impact physician utilization. We cannot be sure that coverage and reimbursement in the United States, the European Union or elsewhere will be available, or at an acceptable level, for any product that we may develop, and any reimbursement that may become available may be decreased or eliminated in the future. Third-party payors increasingly are challenging prices charged for biopharmaceutical products and services, and many third-party payors may refuse to provide coverage and reimbursement for particular drugs when an equivalent generic drug or a less expensive therapy is available. Even if we are successful in demonstrating improved efficacy or improved convenience of administration with our future products, pricing of existing drugs may limit the amount we will be able to charge for our products. Increasingly, other third-party payors are requiring that drug companies provide them with predetermined discounts from list prices and are challenging the prices charged for medical products. Payors may deny or revoke the reimbursement status of a given product or establish prices for new or existing marketed products at levels that are too low to enable us to realize an appropriate return on our investment in product development. If reimbursement is not available or is available only at limited levels, we may not be able to successfully commercialize our future products and may not be able to obtain a satisfactory financial return on products that we may develop. There is significant uncertainty related to third-party payor coverage and reimbursement of newly approved products. In the United States, third-party payors, including private and governmental payors, such as the Medicare and Medicaid programs, play an important role in determining the extent to which new drugs will be covered. Some third-party payors may require pre-approval of coverage for new or innovative drugs before they will reimburse healthcare providers who use such therapies. It is difficult to predict at this time what third-party payors will decide with respect to the coverage and reimbursement for our current product candidates and any future product candidates, if approved. Obtaining and maintaining reimbursement status is time-consuming, costly and uncertain. The Medicare and Medicaid programs increasingly are used as models for how private payors and other governmental payors develop their coverage and reimbursement policies for drugs. However, no uniform policy for coverage and reimbursement for products exists among third-party payors in the United States. Therefore, coverage and reimbursement for products can differ significantly from payor to payor. As a result, the coverage determination process is often a time consuming and costly process that will require us to provide scientific and clinical support for the use of our products to each payor separately, with no assurance that coverage and adequate reimbursement will be applied consistently or obtained in the first instance. Furthermore,rules and regulations regarding reimbursement change frequently and, in some cases, at short notice, and we believe that changes in these rules and regulations are likely. Additionally, the IRA authorized the CMS to negotiate drug prices annually for a select number of single source Medicare Part D drugs without generic competition starting in payment year 2026, and to negotiate drug prices for a select number of Medicare Part B drugs starting for payment year 2028. If a drug product is selected by CMS for negotiation, it is expected that the revenue generated from such drug will decrease. CMS implemented these new statutory requirements, and has announced lists of Medicare Part D drugs subject to the pricing provisions of the IRA, but their impact on the biopharmaceutical industry in the United States remains uncertain, in part due to several pending federal lawsuits challenging the constitutionality of the program. The outcome of such ongoing lawsuits, as well as potential legislative changes enacted by Congress or programmatic changes implemented at CMS by the Trump Administration, may impact the IRA drug price negotiation program in the future. We cannot be sure that coverage and reimbursement will be available for any product that we commercialize in the future and, if reimbursement is available, what the level of reimbursement will be. Outside of the United States, international biopharmaceutical sales are generally subject to extensive governmental price controls and other market regulations, and we believe the increasing emphasis on cost-containment initiatives in Europe and other countries has and will continue to put pressure on the pricing and usage of our product candidates, if approved in these jurisdictions. In many countries, the prices of medical products are subject to varying price control mechanisms as part of national health systems. Other countries allow companies to fix their own prices for medical products but monitor and control company profits. Additional foreign price controls or other changes in pricing regulation could restrict the amount that we are able to charge for our products. Accordingly, in markets outside the United States, if any, the reimbursement for our products may be reduced compared with the United States and may be insufficient to generate commercially reasonable revenue and profits. Moreover, increasing efforts by governmental and third-party payors in the United States and abroad to cap or reduce healthcare costs may cause such organizations to limit both coverage and the level of reimbursement for newly approved products and, as a result, they may not cover or provide adequate payment for our products.

While inflation in the United States has been relatively low in recent years, from 2021 to 2023, the economy in the United States encountered a material level of inflation. Inflation and fluctuations in inflation rates have had in the past, and may in the future have, negative effects on economies and financial markets, particularly in emerging economies. For example, increases in inflation raise our costs for commodities, labor, materials and services and other costs required to grow and operate our business, and failure to secure these on reasonable terms may adversely impact our financial condition. Governmental efforts to curb inflation often have negative effects on the level of economic activity. There can be no assurance that inflation will not become a serious problem in the future and have an adverse impact on the Company's returns. The geopolitical developments such as the Russia-Ukraine and Middle East conflicts and global supply chain disruptions continue to increase uncertainty in the outlook of near-term and long-term economic activity, as well as the interest rate environment, which may make it more difficult, costly or dilutive for us to secure additional financing. A failure to adequately respond to these risks could have a material adverse impact on our financial condition, results of operations or cash flows. In light of the presidential transition in 2025, global trade disputes may be magnified, including the continuing trade dispute between the United States and China, pursuant to which both countries have, among other things, imposed tariffs on one another, has had an adverse economic effect on U.S. markets and international trade more broadly. This adverse economic effect is likely to become more pronounced if the dispute remains unresolved, which could have a material adverse impact on our financial condition, results of operations or cash flows.

Our business, financial condition, and results of operations could be adversely affected by public health threats, including epidemics and pandemics, that disrupt our commercial operations, supply chains, clinical trials, and other essential activities.COVID-19, which is no longer considered a public health emergency both globally and in the United States, presented substantial public health and economic challenges and affected our employees, patients, physicians and other healthcare providers, communities and business operations, as well as the U.S. and global economies and financial markets. During the COVID-19 pandemic, international and U.S. governmental authorities in impacted regions took multiple and diverse actions in an effort to slow the spread of COVID-19 and variants of the virus, including issuing varying forms of "stay-at-home" orders. Such measures taken by the governmental authorities to respond to any future epidemic or pandemic disease outbreaks could disrupt the supply chain and the manufacture or shipment of drug substances and finished drug products for firmonertinib and our other product candidates for use in our clinical trials and research and nonclinical studies and, delay, limit or prevent our employees and CROs from continuing research and development activities, impede our clinical trial initiation and recruitment and the ability of patients to continue in clinical trials, including due to measures taken that may limit social interaction or prevent reopening of high-transmission settings, impede testing, monitoring, data collection and analysis and other related activities, any of which could delay our nonclinical studies and clinical trials and increase our development costs, and have a material adverse effect on our business, financial condition and results of operations. Any future epidemic or pandemic disease outbreak could also potentially further affect the business of the FDA, the European Medicines Agency (EMA) or other comparable regulatory authorities, which could result in delays in meetings related to our planned clinical trials. Any future epidemic disease outbreak may have an adverse impact on global economic conditions which could have an adverse effect on our business and financial condition, including impairing our ability to raise capital when needed.