ArriVent BioPharma, Inc. (AVBP) Risk Analysis

The trading market for our common stock depends in part on the research and reports that securities or industry analysts publish about us, our business, our market or our competitors. If one or more of the analysts who covers us downgrades our stock, or if we fail to meet the expectations of one or more of these analysts, our stock price would likely decline. If one or more of these analysts ceases to cover us or fails to regularly publish reports on us, interest in our stock could decrease, which could cause our stock price or trading volume to decline.

Biopharmaceutical product development is a highly speculative undertaking and involves a substantial degree of risk. We are a clinical-stage biopharmaceutical company with a limited operating history upon which you can evaluate our business and prospects. We commenced operations in April 2021 and, to date, we have focused primarily on organizing and staffing our company, business planning, raising capital, in-licensing our product candidate, furmonertinib, establishing our intellectual property portfolio and conducting research, preclinical studies, and clinical trials. We have not yet completed any pivotal clinical trials, obtained regulatory approvals, manufactured products at commercial scale, or arranged for a third party to do so on our behalf, or conducted sales and marketing activities necessary for successful product commercialization. Consequently, any predictions made about our future success or viability may not be as accurate as they could be if we had a history of successfully developing and commercializing biopharmaceutical products.

As of December 31, 2023, we had 40 full-time employees. As we continue development and pursue the potential commercialization of furmonertinib and any future product candidates, as well as transition to functioning as a public company, we will need to expand our financial, accounting, development, regulatory, manufacturing, information technology, marketing and sales capabilities or contract with third parties to provide these capabilities for us. We may have difficulty identifying, hiring and integrating new personnel. The expansion of our operations may lead to significant costs and may divert the attention of our management and business development resources away from day-to-day activities and devote a substantial amount of time to managing internal or external growth. As our operations expand, we expect that we will need to manage additional relationships with various strategic partners, suppliers and other third parties and we may not be successful in doing so. Our future financial performance and our ability to develop and commercialize furmonertinib and any future product candidates and to compete effectively will depend, in part, on our ability to manage any future growth effectively.

In the ordinary course of business, we collect, receive, store, process, generate, use, transfer, disclose, make accessible, protect, secure, dispose of, transmit, and share (collectively, process or processing) personal data and other sensitive information, including proprietary and confidential business data, trade secrets, employee data, intellectual property, data we collect about trial participants in connection with clinical trials, and other sensitive third-party data (collectively, sensitive data). Our data processing activities may subject us to numerous data privacy and security obligations, such as various laws, regulations, guidance, industry standards, external and internal privacy and security policies, contractual requirements, and other obligations relating to data privacy and security. Various federal, state, local and foreign legislative and regulatory bodies, or self-regulatory organizations, may expand current laws, rules or regulations, enact new laws, rules or regulations or issue revised rules or guidance regarding data privacy and security. In the United States, federal, state, and local governments have enacted numerous data privacy and security laws, including data breach notification laws, personal data privacy laws, consumer protection laws, e.g., Section 5 of the Federal Trade Commission Act, and other similar laws, e.g., wiretapping laws. HIPAA, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 and their respective implementing regulations (collectively, HIPAA), imposes certain privacy and security requirements for individually identifiable health information on certain entities, namely certain healthcare providers, health plans, and healthcare clearinghouses (covered entities) and their respective "business associates" who directly or as a subcontractor provide services involving the creation, use, maintenance or disclosure of individually identifiable health information on covered entities' behalf. As a clinical trial sponsor, we are not directly subject to HIPAA, but we do have relationships with providers and other entities subject to the law and thus must structure those relationships in a manner consistent with HIPAA requirements. If any of the physicians or other health care providers or entities with whom we expect to do business are found to be not in compliance with HIPAA or other applicable privacy laws, they may be subject to criminal, civil or administrative sanctions, including exclusions from government funded health care programs. If regulatory authorities challenge our activities, or those of a collaborator or other third party on which we rely, under HIPAA or other privacy laws applicable to the privacy and security of health information, any such challenge could have a material adverse effect on our reputation, business, results of operations and financial condition. Any investigation of or enforcement against us or the third parties with whom we contract, including a research collaborator, regardless of the outcome, would be costly and time consuming, and may negatively affect our ability to conduct clinical trials, results of operations and financial condition. Additionally, the California Consumer Privacy Act (CCPA) applies to personal information of consumers, business representatives, and employees, and among other things requires covered businesses to provide specific disclosures in privacy notices and honor requests of California residents to exercise certain privacy rights, including the right to opt out of certain disclosures of their information. The CCPA provides for civil penalties of up to $7,500 per violation as well as a private right of action with statutory damages for certain data breaches, thereby potentially increasing risks associated with a data breach. Although the law includes limited exceptions, including for certain information collected as part of clinical trials, the CCPA may impact our processing of personal information and increase our compliance costs. Additionally, the California Privacy Rights Act of 2020 (CPRA) significantly expands the CCPA, such as granting additional rights to California residents, including the right to correct personal information and additional opt-out rights. The CPRA also establishes a regulatory agency dedicated to enforcing the CCPA and the CPRA. Other states, such as Connecticut, Colorado, Indiana, Iowa, Texas and Utah, have also passed comprehensive privacy laws, and similar laws are being considered in several other states, as well as at the federal and local levels. While these state privacy laws, like the CCPA, also exempt some data processed in the context of clinical trials (and most also exempt employee and business personal data), these developments further complicate compliance efforts, and increase legal risk and compliance costs for us and the third parties upon whom we rely. The scope and enforcement of these laws is uncertain and subject to rapid change. For example, increasing concerns about health information privacy have recently prompted the federal government to take a newly expansive view of the scope of existing privacy laws and regulations. Congress and some states are considering (and in some cases have passed) new laws and regulations that further and more broadly protect the privacy and security of personal health information. In addition to government activity, privacy advocacy groups and technology and other industries are considering various new, additional or different self-regulatory standards that may place additional burdens on us. There are also various laws and regulations in other jurisdictions outside the United States relating to data privacy and security, with which we may need to comply. For example, the EU GDPR and the United Kingdom's equivalent (UK GDPR, and together with the EU GDPR, the GDPR), impose strict requirements for processing personal data. Notably, the EU GDPR and UK GDPR impose large penalties for noncompliance, including the potential for fines of up to €20 million under the EU GDPR / £17.5 million under the UK GDPR, or 4% of the annual global revenue of the noncompliant entity, whichever is greater. The EU GDPR and UK GDPR also provide for private litigation related to processing of personal data brought by classes of data subjects or consumer protection organizations authorized at law to represent their interests. Additionally, EU member states may introduce further conditions, including limitations, and make their own laws and regulations further limiting the processing of ‘special categories of personal data, including personal data related to health, biometric data used for unique identification purposes and genetic information, which could limit our ability to collect, use and share EU data, and could cause our compliance costs to increase, ultimately adversely affecting our business, financial condition, results of operations and prospects. In addition to the GDPR and U.S. data privacy laws, virtually every international jurisdiction in which we operate has established its own legal framework relating to privacy, data protection, and information security matters to which we may also be subject. For example, we are also subject to laws in China. Under the Cybersecurity Law of the People's Republic of China (China's Cybersecurity Law), any collection, use, transfer and storage of personal information of a Chinese citizen through a network by the network operator should be based on the three principles of legitimacy, justification and necessity and requires the consent of the data subject. The rules, purposes, methods and ranges of such collection should also be disclosed to the data subject. China's data localization requirements are becoming increasingly common in sector-specific regulations, and laws including data localization requirements exist in many of the other jurisdictions in which we operate. For example, China's Cybersecurity Law requires operators of critical information infrastructure (CIIOs) to store personal information and important data collected and generated from the critical information infrastructure within China. Non-compliance with China's Cybersecurity Law can result in fines for the relevant entity as well as for the personnel directly responsible. On September 14, 2022, the Cyberspace Administration of China (CAC), China's top cybersecurity regulator, released new amendments to China's Cybersecurity Law for public consultation and if the amendments are passed, the amended law will increase the penalties for violations of cybersecurity obligations under the Cybersecurity Law to up to RMB 50 million, in line with those under the Data Security Law and PIPL. Building on this, China's Data Security Law (Data Security Law) became effective on September 1, 2021. The primary purpose of the Data Security Law is to regulate data activities, safeguard data security, promote data development and usage, protect individuals and entities' legitimate rights and interests, and safeguard state sovereignty, state security and development interests. The Data Security Law applies extraterritorially, and to a broad range of activities that involve "data" (not only personal or sensitive data). Under the Data Security Law, entities and individuals carrying out data activities must abide by various data security obligations. For example, the Data Security Law proposes to classify and protect data based on the importance of data to the state's economic development, as well as the degree of harm it will cause to national security, public interests, or legitimate rights and interests of individuals or organizations when such data is tampered with, destroyed, leaked, or illegally acquired or used. The appropriate level of protective measures is required to be taken for each respective class of data. The Data Security Law also echoes the data localization requirement in the Cybersecurity Law and requires important data to be stored locally in China. Such important data may only be transferred outside of China subject to compliance with certain data transfer restrictions, such as passing a security assessment organized by the relevant authorities. The Cybersecurity Review Measures, which took effect on February 15, 2022 in China, clarify when entities must apply for a mandatory cybersecurity review from the Chinese government authorities. These circumstances include (i) when CIIOs purchase network products that may affect national security, (ii) when a network platform operator's data processing activities may affect national security, or (iii) when a network platform operator holds personal information of more than one million individuals and plans on listing publicly outside China. Network platform operators are not defined under the Cybersecurity Review Measures, but are understood to be broadly interpreted to include all Internet platform operators or service providers, thus providing for a broad application. A mandatory cybersecurity review is likely to prolong the timeline of any contemplated listing timeline outside China and increase the regulatory compliance burden on entities that are subject to this requirement. At this time, the Company does not act as a network platform operator and does not hold the personal information of more than one million individuals in China, and as such, we do not believe the Company would be subject to the Cybersecurity Review Measures. However, the relevant Chinese authorities have great discretion and it is generally uncertain as to how they may interpret and enforce the Cybersecurity Review Measures in practice. Additionally, on August 20, 2021, China announced the Personal Information Protection Law (PIPL), which took effect on November 1, 2021. The PIPL is intended to clarify the scope of application, the definitions of personal information and sensitive personal information, the legality of personal information processing and the basic requirements of notice and consent, among other things. The PIPL also sets out data localization requirements for CIIOs and personal information processors who process personal information above a certain threshold prescribed by the relevant authorities. The PIPL also includes a list of rules which must be complied with prior to the transfer of personal information outside of China, such as compliance with a security assessment or certification by an agency designated by the relevant authorities or entering into standard form model contracts approved by the relevant authorities with the overseas recipient. On July 7, 2022, the CAC issued Security Assessment Measures for Outbound Data Transfers, which became effective on September 1, 2022. The Security Assessment Measures for Outbound Data Transfers clarifies the security assessment requirement under the PIPL and requires a data processor to apply for the security assessment organized by the CAC under any of the following circumstances before the information is transferred outbound: (i) where a data processor provides key data overseas, (ii) critical information infrastructure operator and personal information processors who process more than one million individuals' personal information; (iii) where a data processor has cumulatively provided personal information of over 100,000 individuals or sensitive personal information of over 10,000 individuals in total abroad since January 1st of the previous year. Additionally, on November 18, 2022, the CAC and the State Administration of Market Regulation issued the Implementation Rules for Personal Information Protection Certification which apply with immediate effect and which provide important guidance on obtaining a personal information certification for lawful cross-border transfer of personal information under the PIPL. Notably, the PIPL, similar to both the GDPR and certain U.S. privacy laws, applies extraterritorially. Failure to comply with PIPL can result in fines of up to RMB 50 million or 5% of the prior year's total annual revenue for the personal information processor and/or a suspension of services or data processing activities. Other potential penalties include a fine of up to RMB 1 million on the person in charge or directly responsible personnel and, in serious cases, individuals and entities may be exposed to criminal liabilities under other local Chinese law, such as the Criminal Law of the People's Republic of China. The PIPL also prohibits responsible personnel for violations of the PIPL from holding high level management or data protection officer positions in relevant enterprises. In addition to China's Cybersecurity Law, the Data Security Law and the PIPL, the government agencies of China promulgated several regulations or released a number of draft regulations for public comments which are designed to provide further implemental guidance in accordance with the laws mentioned above. We cannot predict what impact the new laws and regulations or the increased costs of compliance, if any, will have on our operations in China, in particular the Data Security Law or PIPL, or the increased costs of compliance, if any, will have on our operations in China due to their recent enactment and the limited guidance available on their scope and applicability, particularly on PIPL. It is also generally unclear how the laws will be interpreted and enforced in practice by the relevant government authorities as often the abovementioned laws are drafted broadly and thus leaves great discretion to the relevant government authorities to exercise. The evolving and overarching complexity of privacy and data protection laws and regulations around the world may require us to design, implement and maintain different types of state- or country-based, privacy-related compliance controls and programs simultaneously in multiple jurisdictions, thereby further increasing the complexity and cost of compliance. These costs, including others relating to increased regulatory oversight and compliance, could materially and adversely affect our business or our growth plans and result in damages or liability in other forms as a result of failure to implement proper programmatic controls, failure to adhere to those controls, or the malicious or inadvertent breach of applicable privacy and data protection requirements by us, our employees, our business partners, or our customers. In addition, we may be unable to transfer personal data from Europe and other jurisdictions to the United States or other countries due to data localization requirements or limitations on cross-border data flows. Europe and other jurisdictions have enacted laws requiring data to be localized or limiting the transfer of personal data to other countries. In particular, the European Economic Area (EEA) and the UK have significantly restricted the transfer of personal data to the United States and other countries whose privacy laws it believes are inadequate. Other jurisdictions may adopt similarly stringent interpretations of their data localization and cross-border data transfer laws. Although there are currently various mechanisms that may be used to transfer personal data from the EEA and the UK to the United States in compliance with law, such as the EEA and UK's standard contractual clauses, these mechanisms are subject to legal challenges, and there is no assurance that we can satisfy or rely on these measures to lawfully transfer personal data to the United States. If there is no lawful manner for us to transfer personal data from the EEA, the UK or other jurisdictions to the United States, or if the requirements for a legally-compliant transfer are too onerous, we could face significant adverse consequences, including the interruption or degradation of our operations, the need to relocate part of or all of our business or data processing activities to other jurisdictions at significant expense, increased exposure to regulatory actions, substantial fines and penalties, the inability to transfer data and work with partners, vendors and other third parties, and injunctions against our processing or transferring of personal data necessary to operate our business. Additionally, companies that transfer personal data out of the EEA and the UK to other jurisdictions, particularly to the United States, are subject to increased scrutiny from regulators, individual litigants, and activist groups. Some European regulators have ordered certain companies to suspend or permanently cease certain transfers out of Europe for allegedly violating the EU GDPR's cross-border data transfer limitations. In addition to data privacy and security laws, we are also bound by other contractual obligations related to data privacy and security, and our efforts to comply with such obligations may not be successful. Each of these laws, rules, regulations and contractual obligations relating to data privacy and security, and any other such changes or new laws, rules, regulations or contractual obligations could impose significant limitations, require changes to our business, or restrict our collection, use, storage or processing of personal information, which may increase our compliance expenses and make our business more costly or less efficient to conduct. In addition, any such changes could compromise our ability to develop an adequate marketing strategy and pursue our growth strategy effectively or even prevent us from providing certain products in jurisdictions in which we currently operate and in which we may operate in the future or incur potential liability in an effort to comply with such legislation, which, in turn, could adversely affect our business, financial condition, results of operations and prospects. Complying with these numerous, complex and often changing laws, regulations and contractual requirements is expensive and difficult, and suspected and actual failure to comply with any data privacy or security requirements, whether by us, one of our CROs, business partners or another third party, could adversely affect our business, financial condition, results of operations and prospects, including but not limited to: investigation costs; material fines and penalties; compensatory, special, punitive and statutory damages; litigation; consent orders regarding our privacy and security practices; requirements that we provide notices, credit monitoring services and/or credit restoration services or other relevant services to impacted individuals; adverse actions against our licenses to do business; reputational damage; and injunctive relief. The recent implementation of the CCPA, EU GDPR and UK GDPR have increased our responsibility and liability in relation to personal data that we process, including in clinical trials, and we may in the future be required to put in place additional mechanisms to ensure compliance with the CCPA and other applicable state laws, EU GDPR and UK GDPR and other applicable laws and regulations, which could divert management's attention and increase our cost of doing business. In addition, new regulation or legislative actions regarding data privacy and security (together with applicable industry standards) may increase our costs of doing business. In this regard, we expect that there will continue to be new proposed laws, regulations and industry standards relating to privacy and data protection in the United States, the EEA and other jurisdictions, and we cannot determine the impact such future laws, regulations and standards may have on our business. Any actual or perceived failure by us or our third-party service providers to comply with any federal, state or foreign laws, rules, regulations, industry self-regulatory principles, industry standards or codes of conduct, regulatory guidance, orders to which we may be subject or other legal obligations relating to privacy, data protection, data security or consumer protection could adversely affect our reputation, brand and business. We may also be contractually required to indemnify and hold harmless third parties from the costs or consequences of non-compliance with any standards, laws, rules and regulations or other legal obligations relating to privacy or any inadvertent or unauthorized use or disclosure of data that we store or handle as part of operating our business. Any of these events could adversely affect our reputation, business, or financial condition, including but not limited to: loss of customers; interruptions or stoppages in our business operations (including clinical trials); inability to process personal data or to operate in certain jurisdictions; limited ability to develop or commercialize our products; expenditure of time and resources to defend any claim or inquiry; adverse publicity; or substantial changes to our business model or operations. We cannot assure you that our CROs, CMOs or other third-party service providers with access to our or our suppliers', manufacturers', collaborators', trial participants' and employees' sensitive information in relation to which we are responsible will not breach contractual obligations imposed by us, or that they will not experience data security incidents, which could have a corresponding effect on our business, including putting us in breach of our obligations under privacy laws and regulations and/or which could in turn adversely affect our business, financial condition, results of operations and prospects. We cannot assure you that our contractual measures and our own privacy and security-related safeguards will protect us from the risks associated with the third-party processing of such information. Any of the foregoing could adversely affect our business, financial condition, results of operations and prospects. We also publicly post our privacy policies and practices concerning our collection, use, disclosure and other processing of the personal information provided to us by our website visitors and by our customers. Although we endeavor to comply with our public statements and documentation, we may at times fail to do so or be perceived to have failed to do so. Our publication of our privacy policies and other statements we publish that provide promises and assurances about privacy and security can subject us to potential state and federal action if they are found to be deceptive, unfair or misrepresentative of our actual practices. Any actual or perceived failure by us to comply with federal, state or foreign laws, rules or regulations, industry standards, contractual or other legal obligations, or any actual, perceived or suspected cybersecurity incident, whether or not resulting in unauthorized access to, or acquisition, release or transfer of personal information or other data, may result in enforcement actions and prosecutions, private litigation, significant fines, penalties and censure, claims for damages by customers and other affected individuals, regulatory inquiries and investigations or adverse publicity and could cause our customers and collaborators to lose trust in us, any of which could adversely affect our business, financial condition, results of operations and prospects. The successful assertion of one or more large claims against us that exceeds our available insurance coverage, or results in changes to our insurance policies (including premium increases or the imposition of large deductible or co-insurance requirements), could have an adverse effect on our business. In addition, we cannot be sure that our existing insurance coverage will continue to be available on acceptable terms or that our insurers will not deny coverage as to any future claim.

In the past, securities class action litigation has often been brought against a company following a decline in the market price of its securities. This risk is especially relevant for us because biotechnology and biopharmaceutical companies have experienced significant stock price volatility in recent years. If we face such litigation, even if ultimately decided in our favor, it could result in substantial costs that may not be fully covered by insurance, and a diversion of our management's attention and resources, which could harm our business.

The IRA introduced, among other changes, a 15% corporate minimum tax on certain United States corporations and a 1% excise tax on certain stock redemptions by United States corporations. The U.S. government may enact further significant changes to the taxation of business entities. The likelihood of these changes being enacted or implemented is unclear. We are currently unable to predict the ultimate impact of the Inflation Reduction Act or any such further changes on our business.

We are exposed to the risk that our employees and independent contractors, including principal investigators, CROs, consultants and vendors may engage in misconduct or other illegal activity. Misconduct by these parties could include intentional, reckless and/or negligent conduct or disclosure of unauthorized activities to us that violate: (i) the laws and regulations of the FDA and other similar foreign regulatory authority requirements, including those laws that require the reporting of true, complete and accurate information to such authorities, (ii) manufacturing standards, including cGMP requirements, (iii) federal and state data privacy, security, fraud and abuse and other healthcare laws and regulations in the United States and abroad (iv) laws that require the true, complete and accurate reporting of financial information or data, or (v) laws that prohibit insider trading. Activities subject to these laws also involve the improper use or misrepresentation of information obtained in the course of clinical trials, the creation of fraudulent data in our nonclinical studies or clinical trials or illegal misappropriation of drug product, which could result in regulatory sanctions and cause serious harm to our reputation. It is not always possible to identify and deter misconduct by employees and other third parties, and the precautions we take to detect and prevent this activity may not be effective in controlling unknown or unmanaged risks or losses or in protecting us from governmental investigations or other actions or lawsuits stemming from a failure to be in compliance with such laws or regulations. In addition, we are subject to the risk that a person or government could allege such fraud or other misconduct, even if none occurred. If any such actions are instituted against us, and we are not successful in defending ourselves or asserting our rights, those actions could have a significant impact on our business and financial results, including, without limitation, the imposition of significant civil, criminal and administrative penalties, damages, monetary fines, disgorgements, possible exclusion from participation in Medicare, Medicaid and other federal healthcare programs, imprisonment, contractual damages, reputational harm, diminished profits and future earnings, additional reporting requirements and oversight if we become subject to a corporate integrity agreement or similar agreement to resolve allegations of non-compliance with these laws and curtailment of our operations, any of which could adversely affect our ability to operate our business and our results of operations.

We are dependent on third parties to conduct our clinical trials and preclinical and nonclinical studies. Specifically, we rely on, and intend to continue to rely on, medical institutions, clinical investigators, CROs and consultants to conduct nonclinical studies and clinical trials, in each case in accordance with our study protocols and applicable regulatory requirements. These CROs, investigators and other third parties play a significant role in the conduct and timing of these studies or trials and the subsequent collection and analysis of data. Though we expect to carefully manage our relationships with our CROs, investigators and other third parties, there can be no assurance that we will not encounter challenges or delays in the future or that these delays or challenges will not have a material adverse impact on our business, financial condition and prospects. Further, while we have and will have agreements governing the activities of our third-party contractors, we have limited influence over their actual performance. Nevertheless, we are responsible for ensuring that each of our clinical trials is conducted in accordance with the applicable protocol and legal, regulatory and scientific standards and requirements, and our reliance on our CROs and other third parties does not relieve us of our regulatory responsibilities. In addition, we and our CROs are required to comply with GLP and GCP requirements, as applicable, which are regulations and guidelines enforced by the FDA and comparable foreign regulatory authorities related to the conduct of nonclinical studies and clinical trials, respectively. Regulatory authorities enforce GCPs through periodic inspections of trial sponsors, principal investigators and trial sites. If we or any of our CROs or trial sites fail to comply with applicable GLP or GCP or other requirements, the collected nonclinical data or the clinical data generated in our clinical trials may be deemed unreliable, and the FDA or comparable foreign regulatory authorities may require us to perform additional nonclinical studies or clinical trials before approving our marketing applications, if ever. Furthermore, our clinical trials must be conducted with materials manufactured in accordance with cGMP regulations. Failure to comply with these regulations may require us to repeat clinical trials, which would delay the regulatory approval process. There is no guarantee that any of our CROs, investigators or other third parties will devote adequate time and resources to such trials or studies or perform as contractually required. If any of these third parties fail to meet expected deadlines, adhere to our clinical protocols or meet regulatory requirements, or otherwise perform in a substandard manner, our clinical trials may be extended, delayed or terminated. In addition, many of the third parties with whom we contract may also have relationships with other commercial entities, including our competitors, for whom they may also be conducting clinical trials or other development activities that could harm our competitive position. In addition, principal investigators for our clinical trials are expected to serve as scientific advisors or consultants to us from time to time and may receive cash or equity compensation in connection with such services. If these relationships and any related compensation result in perceived or actual conflicts of interest, or the FDA concludes that the financial relationship may have affected the interpretation of the study, the integrity of the data generated at the applicable clinical trial site may be questioned and the utility of the clinical trial itself may be jeopardized, which could result in the delay or rejection by the FDA of any NDA we submit. Any such delay or rejection could prevent us from receiving regulatory approval for, or commercializing, furmonertinib and any future product candidates. Our CROs have the right to terminate their agreements with us in the event of an uncured material breach and under other specified circumstances. If any of our relationships with these third parties terminate, we may not be able to enter into arrangements with alternative third parties on commercially reasonable terms, in a timely manner or at all. Switching or adding CROs, investigators and other third parties involves additional cost and requires our management's time and focus. In addition, there is a natural transition period when a new CRO commences work. As a result, delays occur, which can materially impact our ability to meet our desired clinical development timelines. Though we work to carefully manage our relationships with our CROs, investigators and other third parties, there can be no assurance that we will not encounter challenges or delays in the future or that these delays or challenges will not have a material adverse impact on our business, financial condition and prospects.

The global credit and financial markets have recently experienced extreme volatility and disruptions, including severely diminished liquidity and credit availability, declines in consumer confidence, declines in economic growth, increases in unemployment rates and uncertainty about economic stability. The financial markets and the global economy may also be adversely affected by the current or anticipated impact of military conflict, including the conflicts in the Middle East and between Russia and Ukraine, terrorism or other geopolitical events. Sanctions imposed by the United States and other countries in response to such conflicts, including the ones in the Middle East and in Ukraine, may also adversely impact the financial markets and the global economy, and any economic countermeasures by the affected countries or others could exacerbate market and economic instability. There can be no assurance that further deterioration in credit and financial markets and confidence in economic conditions will not occur. Our general business strategy may be adversely affected by any such economic downturn, volatile business environment or continued unpredictable and unstable market conditions. If the current equity and credit markets deteriorate, it may make any necessary debt or equity financing more difficult, more costly and more dilutive. Failure to secure any necessary financing in a timely manner and on favorable terms could have a material adverse effect on our growth strategy, financial performance and stock price and could require us to delay, limit, reduce, or terminate our product development or future commercialization efforts or grant rights to develop and market our product candidates even if we would otherwise prefer to develop and market such product candidates ourselves, or on less favorable terms than we would otherwise choose. In addition, one or more of our current service providers, manufacturers and other partners may not survive an economic downturn, which could directly affect our ability to attain our clinical development goals on schedule and on budget. Uncertainty about global economic conditions could result in increased costs related to the manufacture of our product candidates and, if our drug candidates are approved and made available for sale, customers may postpone purchases of our drug candidates in response to tighter credit, unemployment, negative financial news and/or declines in income or asset values and other macroeconomic factors, which could have a material adverse effect on demand for our drug candidates,

Our future growth may depend, in part, on our ability to develop and commercialize furmonertinib and any future product candidates in foreign markets. We are not permitted to market or promote any product candidate before we receive regulatory approval from applicable regulatory authorities in foreign markets, and we may never receive such regulatory approvals for furmonertinib or any future product candidates. To obtain separate regulatory approval in many other countries we must comply with numerous and varying regulatory requirements regarding safety and efficacy and governing, among other things, clinical trials, commercial sales, pricing and distribution of furmonertinib and any future product candidates. Approval procedures may be more onerous than those in the United States and may require that we conduct additional preclinical studies or clinical trials. If we obtain regulatory approval of product candidates and ultimately commercialize our products in foreign markets, we would be subject to additional risks and uncertainties, including: - different regulatory requirements for approval of drugs in foreign countries;- reduced protection for intellectual property rights;- the existence of additional third-party patent rights of potential relevance to our business;- unexpected changes in tariffs, trade barriers and regulatory requirements;- economic weakness, including inflation, or political instability in particular foreign economies and markets;- compliance with export control and import laws and regulations;- compliance with tax, employment, immigration and labor laws for employees living or traveling abroad;- foreign currency fluctuations, which could result in increased operating expenses and reduced revenue, and other obligations incident to doing business in another country;- foreign reimbursement, pricing and insurance regimes;- workforce uncertainty in countries where labor unrest is common;- differing regulatory requirements with respect to manufacturing of products;- production shortages resulting from any events affecting raw material supply or manufacturing capabilities abroad;- business interruptions resulting from geopolitical actions, including war and terrorism, or natural disasters including earthquakes, typhoons, floods and fires; and - disruptions resulting from the impact of public health pandemics or epidemics (including, for example, COVID-19).

COVID-19, which was recently declared no longer a public health emergency both globally and in the United States, presented substantial public health and economic challenges and affected our employees, patients, physicians and other healthcare providers, communities and business operations, as well as the U.S. and global economies and financial markets. International and U.S. governmental authorities in impacted regions took multiple and diverse actions in an effort to slow the spread of COVID-19 and variants of the virus, including issuing varying forms of "stay-at-home" orders. To date we have not experienced material disruptions in our business operations due to COVID-19. Such measures taken by the governmental authorities to respond to any future epidemic or pandemic disease outbreaks could disrupt the supply chain and the manufacture or shipment of drug substances and finished drug products for furmonertinib for use in our clinical trials and research and nonclinical studies and, delay, limit or prevent our employees and CROs from continuing research and development activities, impede our clinical trial initiation and recruitment and the ability of patients to continue in clinical trials, including due to measures taken that may limit social interaction or prevent reopening of high-transmission settings, impede testing, monitoring, data collection and analysis and other related activities, any of which could delay our nonclinical studies and clinical trials and increase our development costs, and have a material adverse effect on our business, financial condition and results of operations. Any future epidemic or pandemic disease outbreak could also potentially further affect the business of the FDA, the European Medical Association (EMA) or other regulatory authorities, which could result in delays in meetings related to our planned clinical trials. Any future epidemic disease outbreak may have an adverse impact on global economic conditions which could have an adverse effect on our business and financial condition, including impairing our ability to raise capital when needed.

The precise incidence and prevalence for the various mutations of NSCLC we aim to address with furmonertinib or any future product candidates are unknown. Our projections of both the number of people who have EGFRm NSCLC or other diseases we target, as well as the subset of people with these diseases who have the potential to benefit from treatment with our product candidates, are based on a number of internal and third-party estimates. These estimates have been derived from a variety of sources, including the scientific literature, surveys of clinics, patient foundations or market research, and may prove to be incorrect. Further, new trials may change the estimated incidence or prevalence of these indications. While we believe our assumptions and the data underlying our estimates are reasonable, we have not independently verified the accuracy of the third-party data on which we have based our assumptions and estimates, and these assumptions and estimates may not be correct and the conditions supporting our assumptions or estimates may change at any time, including as a result of factors outside our control, thereby reducing the predictive accuracy of these underlying factors. The total addressable market across all of the potential indications for furmonertinib and any future product candidates will ultimately depend upon, among other things, the diagnosis criteria included in the final label for each such product candidate which receives marketing approval for these indications, the availability of alternative treatments and the safety, convenience, cost and efficacy of such product candidates relative to such alternative treatments, acceptance by the medical community and patient access, drug pricing and reimbursement. The number of patients in the United States and other major markets and elsewhere may turn out to be lower than expected, patients may not be otherwise amenable to treatment with our product candidates or new patients may become increasingly difficult to identify or gain access to, all of which would adversely affect our business, financial condition and results of operations.

We have no internal sales, marketing or distribution capabilities, nor have we commercialized a product. If furmonertinib or any future product candidate ultimately receives regulatory approval, we must build a marketing and sales organization with technical expertise and supporting distribution capabilities to commercialize each such product in major markets, which will be expensive and time consuming, or collaborate with third parties that have direct sales forces and established distribution systems, either to augment our own sales force and distribution systems or in lieu of our own sales force and distribution systems. We have no prior experience as a company with the marketing, sale or distribution of biopharmaceutical products and there are significant risks involved in the building and managing of a sales organization, including our ability to hire, retain and incentivize qualified individuals, generate sufficient sales leads, provide adequate training to sales and marketing personnel, monitor compliance on an ongoing basis, and effectively manage a geographically dispersed sales and marketing team. Any failure or delay in the development of our internal sales, marketing and distribution capabilities would adversely impact the commercialization of these products. We compete with many companies that currently have extensive, experienced and well-funded market access, marketing and sales operations to recruit, hire, train and retain marketing and sales personnel, and will have to compete with those companies to recruit, hire, train and retain any of our own market access, marketing and sales personnel. If we are unable to expand our sales and marketing team, we may be unable to compete successfully against these more established companies We may not be able to enter into collaborations or hire consultants or external service providers to assist us in sales, marketing and distribution functions on acceptable financial terms, or at all. In addition, our product revenue and our profitability, if any, may be lower if we rely on third parties for these functions than if we were to market, sell and distribute any products that we develop ourselves. We likely will have little control over such third parties, and any of them may fail to devote the necessary resources and attention to sell and market our products effectively. If we are not successful in commercializing our products, either on our own or through arrangements with one or more third parties, we may not be able to generate any future product revenue and we would incur significant additional losses.