Centessa Pharmaceuticals (CNTA) Risk Factors

We may determine that certain product candidates or programs (preclinical and/or clinical) do not have sufficient potential to warrant the continued allocation of resources toward them. Accordingly, we may elect to terminate our programs for and, in certain cases, our licenses to, such product candidates or programs. If we terminate programs in which we have invested significant resources, we will have expended resources on a program that will not provide a full return on our investment and missed the opportunity to have allocated those resources to potentially more productive uses. In addition, program termination may result in significant additional wind-down related costs being incurred including penalties, redundancy and severance and professional fees and may expose us to additional risks including contractual breach and employment termination claims and may divert a disproportionate amount of management time. For example, in 2022, we determined to discontinue the lixivaptan program for the treatment of Autosomal Dominant Polycystic Kidney Disease ("ADPKD"), the small molecule EGFR Exon20 insertion mutation inhibitor program, the C797S mutation inhibitor program for the treatment of NSCLC, the ZF874 program for the treatment of AATD, and the dual-STAT3/5 degrader program in Acute Myeloid Leukemia ("AML"). Additionally, in December 2022, as a result of protocol defined stopping criterion having been met, we suspended dosing in the multiple ascending dose ("MAD") stage of the Phase 1 study of CBS001, a neutralizing therapeutic mAb to the inflammatory membrane form of LIGHT for inflammatory / fibrotic diseases. In the first half of 2023, we deprioritized and paused all development activities associated with CBS001, a neutralizing therapeutic mAb to the inflammatory membrane form of LIGHT for inflammatory / fibrotic diseases, CBS004, a therapeutic mAb targeting BDCA-2 for the potential treatment of autoimmune diseases, and MGX292, a protein-engineered variant of human bone morphogenetic protein 9 ("BMP9") for the treatment of pulmonary arterial hypertension ("PAH"). We subsequently terminated MGX292, and in late 2023, we out-licensed CBS004 to AnaptysBio, Inc. We may not be able to terminate a clinical program with an ongoing clinical trial on medical and other grounds and, to the extent we are able to terminate, such termination may expose us to additional risks including regulatory risk.

As is the case with other pharmaceutical and biopharmaceutical companies, our success depends in significant part on our ability and the ability of our licensors and collaborators to obtain, maintain, enforce and defend patents and other intellectual property rights with respect to our product candidates and technology and to operate our business without infringing, misappropriating, or otherwise violating the intellectual property rights of others. We have and expect to continue to maintain and expand our own patent estate. We have also licensed patent and other intellectual property rights to and from our partners. Some of these licenses give us the right to prepare, file and prosecute patent applications and maintain and enforce patents we have licensed, whereas other licenses may not give us such rights. In some circumstances, we may not have the right to control the preparation, filing and prosecution of patent applications or to maintain the patents covering technology that we license to or from our partners, and we may have to rely on our partners to fulfill these responsibilities. Consequently, these patents and applications may not be prosecuted and enforced in a manner consistent with the best interests of our business. If our current or future licensors, licensees or collaborators fail to establish, maintain or protect such patents and other intellectual property rights, such rights may be reduced or eliminated. If our licensors, licensees or collaborators are not fully cooperative or disagree with us as to the prosecution, maintenance or enforcement of any patent rights, such patent rights could be compromised. The patent prosecution process is expensive and time-consuming. We and our current or future licensors, licensees or collaborators may not be able to prepare, file and prosecute all necessary or desirable patent applications at a reasonable cost or in a timely manner. It is also possible that we or our licensors will fail to file patent applications covering inventions made in the course of development and commercialization activities before a competitor or another third party files a patent application covering, or publishes information disclosing, a similar, independently-developed invention. Such competitor's patent application may pose obstacles to our ability to obtain or limit the scope of patent protection we may obtain. Although we enter into non-disclosure and confidentiality agreements with parties who have access to confidential or patentable aspects of our research and development output, such as our employees, collaborators, CROs, contract manufacturers, consultants, advisors and other third parties, any of these parties may breach the agreements and disclose such output before a patent application is filed, thereby jeopardizing our ability to seek patent protection. In addition, publications of discoveries in the scientific literature often lag behind the actual discoveries, and patent applications in the United States and other jurisdictions are typically not published until 18 months after filing, or in some cases not at all. Therefore, we cannot be certain that we or our licensors were the first to make the inventions claimed in our owned or licensed patents or pending patent applications, or were the first to file for patent protection of such inventions, or if such licensed patents rights may otherwise become invalid. The patent position of biotechnology and pharmaceutical companies generally is uncertain, involves complex legal and factual questions and is the subject of much litigation. As a result, the issuance, scope, validity, enforceability and commercial value of our and our current or future licensors' patent rights are uncertain. Our and our licensors' pending and future patent applications may not result in patents being issued that protect our technology or products, in whole or in part, or which effectively exclude others from commercializing competitive technologies and products. The patent examination process may require us or our licensors to narrow the scope of the claims of our pending and future patent applications, and therefore, even if such patent applications issue as patents, they may not issue in a form that will provide us with any meaningful protection, prevent competitors or other third parties from competing with us, or otherwise provide us with any competitive advantage. Our and our licensors' patent applications cannot be enforced against third parties practicing the technology claimed in such applications unless and until a patent issues from such applications, and then only to the extent the issued claims cover such technology. Any of the foregoing could harm our competitive position, business, financial condition, results of operations and prospects.

If a drug or biologic is intended for the treatment of a serious or life-threatening condition and the product demonstrates the potential to address unmet medical needs for this condition, the product sponsor may apply for FDA Fast Track designation for a particular indication. In May 2023, we received Fast Track designation from the FDA for SerpinPC for the treatment of hemophilia B, with or without inhibitors. We may seek Fast Track designation for certain of our other current and future product candidates, but there is no assurance that the FDA will grant this status to any of our proposed product candidates. The FDA has broad discretion whether or not to grant Fast Track designation, so even if we believe a particular product candidate is eligible for this designation, there can be no assurance that the FDA would decide to grant it. Even for SerpinPC and any other product candidate that may receive Fast Track designation, we may not experience a faster development process, regulatory review or approval compared to conventional FDA procedures, and receiving a Fast Track designation does not provide assurance of ultimate FDA approval. In addition, the FDA may withdraw Fast Track designation if it believes that the designation is no longer supported by data from our clinical development program. In addition, the FDA may withdraw any Fast Track designation at any time.

The market price of our securities may be volatile and, in the past, companies that have experienced volatility in the market price of their stock have been subject to securities class action litigation. Historically, securities class action litigation has often been brought against a company following a decline in the market price of its securities. This risk is especially relevant for us because biotechnology and pharmaceutical companies have experienced significant share price volatility in recent years. If we were to be sued, it could result in substantial costs and a diversion of management's attention and resources, which could harm our business.

The ability of the FDA to review and approve new products can be affected by a variety of factors, including government budget and funding levels, the ability to hire and retain key personnel and accept the payment of user fees, and statutory, regulatory and policy changes. Average review times at the agency have fluctuated in recent years as a result. In addition, government funding of the SEC and other government agencies on which our operations may rely, including those that fund research and development activities, is subject to the political process, which is inherently fluid and unpredictable. Disruptions at the FDA and other agencies may also slow the time necessary for new product candidates to be reviewed and/or approved by necessary government agencies, which would adversely affect our business. If a prolonged government shutdown occurs, it could significantly impact the ability of the FDA to timely review and process our regulatory submissions, which could have a material adverse effect on our business. Further, future government shutdowns could impact our ability to access the public markets and obtain necessary capital in order to properly capitalize and continue our operations.

The legislative and regulatory framework relating to the collection, use, retention, safeguarding, disclosure, sharing, transfer, security and other processing (collectively, "Process" or "Processing") of personal data (including health-related personal data) worldwide is rapidly evolving and is likely to remain uncertain for the foreseeable future. Globally, virtually every jurisdiction in which we operate has established its own data security and privacy frameworks with which we must comply and some of which may impose potentially conflicting obligations. Accordingly, we are, or may become, subject to data privacy and security laws, regulations, and industry standards as well as policies, contracts and other obligations that apply to the Processing of personal data both by us and on our behalf (collectively, Data Protection Requirements). If we fail, or are perceived to have failed, to address or comply with Data Protection Requirements, this could result in government enforcement actions against us that could include investigations, fines, penalties, audits and inspections, additional reporting requirements and/or oversight, temporary or permanent bans on all or some Processing of personal data, orders to destroy or not use personal data, and imprisonment of company officials. Further, individuals or other relevant stakeholders could bring a variety of claims against us for our actual or perceived failure to comply with the Data Protection Requirements. Any of these events could have a material adverse effect on our reputation, business, or financial condition, and could lead to a loss of actual or prospective customers, collaborators or partners; interrupt or stop clinical trials; result in an inability to Process personal data or to operate in certain jurisdictions; limit our ability to develop or commercialize our products; or require us to revise or restructure our operations. For example, in Europe, the collection and use of personal data, including health related data, is governed by the General Data Protection Regulation ("EU GDPR") which is applicable across the European Economic Area ("EEA"), and by related applicable data protection and privacy laws of the member states of the EEA. Switzerland has passed similar laws, and, following Brexit, the United Kingdom ("UK") has transposed the EU GDPR into UK domestic law with effect from January 2021 ("UK GDPR"). In this Quarterly Report on Form 10-Q, "GDPR" refers to both the UK GDPR and the EU GDPR, unless specified otherwise. Collectively, European data protection laws (including the GDPR) are wide-ranging in scope and impose numerous, significant and complex compliance burdens in relation to the Processing of personal data, which increase our obligations (including with respect to clinical trials conducted in the EEA or the UK), such as: limiting permitted Processing of personal data to only that which is necessary for specified, explicit and legitimate purposes; requirements to conduct data protection impact assessments, requiring the establishment of a legal basis for Processing personal data; adopting a broad definition of personal data to possibly include ‘pseudonymized' or key-coded data; creating obligations for controllers and processors to appoint data protection officers in certain circumstances; imposing stringent transparency obligations to data subjects, which requires more detailed notices for clinical trial subjects and investigators; introducing the obligation to carry out data protection impact assessments in certain circumstances; establishing limitations on the collection and retention of personal data through ‘data minimization' and ‘storage limitation' principles; establishing obligations to implement ‘privacy by design'; introducing obligations to honor increased rights for data subjects; formalizing a heightened and codified standard of data subject consent; establishing obligations to implement certain technical and organizational safeguards to protect the security and confidentiality of personal data; introducing obligations to agree to certain specific contractual terms and to take certain measures when working with third-party processors or joint controllers; imposing mandatory data breach notification requirements; and mandating the appointment of representatives in the UK and/or EU in certain circumstances. In particular, the Processing of "special category personal data" (such as personal data related to health and genetic information), which is relevant to our operations in the context of our conduct of clinical trials, imposes heightened compliance burdens under European data protection laws and is a topic of active interest among relevant regulators. In addition, the GDPR provides that EEA member states may introduce specific or additional requirements related to the Processing of special categories of personal data such as health data that we may process in connection with clinical trials or otherwise. In the UK, the UK Data Protection Act 2018 complements the UK GDPR in this regard. This fact may lead to greater divergence on the law that applies to the Processing of such personal data across the EEA and/or UK, which may increase our costs and overall compliance risk. Such country-specific regulations could also limit our ability to Process relevant personal data in the context of our EEA and/or UK operations ultimately having an adverse impact on our business, and harming our business and financial condition. Further, certain European data protection laws restrict transfers of personal data to countries outside Europe that are not considered by the European Commission and UK government as providing an adequate level of protection to personal data, like the United States in certain circumstances (so-called "third countries"). These transfers are prohibited unless an appropriate transfer safeguard mechanism specified by the European data protection laws is implemented, such as the Standard Contractual Clauses ("SCCs") approved by the European Commission and/or the UK International Data Transfer Agreement/Addendum approved by the UK government, or a derogation applies. Where relying on the SCCs or UK IDTA for data transfers, we may also be required to carry out transfer impact assessments to assess whether the recipient is subject to local laws which allow public authority access to personal data. The international transfer obligations under the European data protection laws will require significant effort and cost and may result in us needing to make strategic considerations around where EEA and UK personal data is transferred and which service providers we can utilize for the processing of EEA and UK personal data. These transfer restrictions and may ultimately prevent us from transferring personal data outside Europe, which would cause significant business disruption. At present, there are few, if any, viable alternatives to the SCCs and UK IDTA. The risks associated with such exports of personal data from locations within Europe are particularly relevant to our business as our group comprises several operating entities, many of which are located, and/or sponsor clinical trials, in Europe. We have adopted and implemented certain processes, systems and other relevant measures within our organization, and/or with our relevant collaborators, service providers, contractors or consultants, which are appropriate to address relevant requirements relating to international transfers of personal data from Europe, and to minimize the potential impacts and risks resulting from those requirements, across our organization. Failure to implement valid mechanisms for personal data transfers from Europe may result in increased exposure to regulatory actions, substantial fines and injunctions against processing personal data subject to European data protection laws. Inability to export personal data may also: restrict our activities outside Europe; limit our ability to collaborate with partners as well as other service providers, contractors and other companies outside of Europe; and/or require us to increase our Processing capabilities within Europe at significant expense or otherwise cause us to change the geographical location or segregation of our relevant systems and operations – any or all of which could adversely affect our operations or financial results. Additionally, other countries outside of Europe have enacted or are considering enacting similar cross-border data transfer restrictions and laws requiring local data residency, which could increase the cost and complexity of delivering our services and operating our business. The type of challenges we face in Europe will likely also arise in other jurisdictions that adopt laws similar in construction to the GDPR or regulatory frameworks of equivalent complexity. European data protection laws also provide for robust regulatory enforcement and significant penalties for noncompliance, including, for example, under the GDPR, fines of up to €20 million (£17.5 million for the UK) or 4% of global annual revenue of any noncompliant organization for the preceding financial year, whichever is higher. In addition to administrative fines, a wide variety of other potential enforcement powers are available to competent supervisory authorities in respect of potential and suspected violations of the GDPR, including extensive audit and inspection rights, and powers to order temporary or permanent bans on all or some Processing of personal data carried out by noncompliant businesses – including permitting authorities to require destruction of improperly gathered or used personal data. European supervisory authorities have shown a willingness to impose significant fines and issue orders preventing the processing of personal data on non-compliant businesses. The GDPR also confers a private right of action on data subjects and non-profit associations to lodge complaints with supervisory authorities, seek judicial remedies, and obtain compensation for damages resulting from violations of the GDPR. Further, following the UK's departure from the EU, often referred to as Brexit, the data protection obligations of the EU GDPR continue to apply to UK-related Processing of personal data in substantially unvaried form under the UK GDPR by virtue of section 3 of the EU (Withdrawal) Act 2018, as amended). With respect to international transfers, although the UK is regarded as a third country under the EU GDPR, the European Commission has issued an adequacy finding recognizing the UK as providing adequate protection under the EU GDPR and, therefore, transfers of personal data originating in the EEA to the UK remain unrestricted. The UK government has confirmed that personal data transfers from the UK to the EEA remain free flowing. However, going forward, there is increasing risk for divergence in application, interpretation and enforcement of the data protection laws as between the UK and EEA. The UK Government has introduced a Data Protection and Digital Information Bill ("UK Bill") into the UK legislative process. The aim of the UK Bill is to reform the UK's data protection regime following Brexit. If passed, the final version of the UK Bill may have the effect of altering the similarities between the UK and EEA data protection regimes and threaten the adequacy finding granted to the United Kingdom by the EU Commission, to enable personal data to transfer from the EEA to the UK. This may lead to additional compliance costs and could increase our overall risk. The UK Bill will result in changes to the UK GDPR that may affect our efforts to create a harmonized approach to processing European personal data and exposes us to two parallel regimes where the UK GDPR and EU GDPR both apply, each of which potentially authorizes similar fines and other potentially divergent enforcement actions for certain violations. The lack of clarity on future UK laws and regulations and their interaction with EU laws and regulations could add legal risk, uncertainty, complexity and compliance cost to the handling of European personal data and our privacy and data security compliance programs could require us to amend our processes and procedures to implement different compliance measures for the UK and EEA. If we do not designate a lead supervisory authority in an EEA member state, we are not able to benefit from the GDPR's ‘one stop shop' mechanism. Amongst other things, this would mean that, in the event of a violation of the GDPR affecting data subjects across the EEA, we could be investigated by, and ultimately fined by the supervisory authority in each and every EEA member state where data subjects have been affected by such violation. In the United States, there are a broad variety of data protection laws and regulations that may apply to our activities such as state data breach notification laws, state personal data privacy laws (for example, the California Consumer Privacy Act ("CCPA")), state health information privacy laws, and federal and state consumer protection laws. A range of enforcement agencies exist at both the state and federal levels that can enforce these laws and regulations. For example, the CCPA requires covered businesses that process personal information of California residents to disclose their data collection, use and sharing practices. Further, the CCPA provides California residents with new data privacy rights (including the ability to opt out of certain disclosures of personal data), imposes new operational requirements for covered businesses, provides for civil penalties for violations as well as a private right of action for data breaches and statutory damages (that is expected to increase data breach class action litigation and result in significant exposure to costly legal judgements and settlements). Aspects of the CCPA and its interpretation and enforcement remain uncertain. In addition, the CCPA was expanded on January 1, 2023, when the California Privacy Rights Act of 2020 ("CPRA") became operative. The amendments introduced by the CPRA, among other things, gives California residents the ability to limit use of certain sensitive personal information, further restrict the use of cross-contextual advertising, establish restrictions on the retention of personal information, expand the types of data breaches subject to the CCPA's private right of action, provide for increased penalties for violations concerning California residents under the age of 16, and establish a new California Privacy Protection Agency to implement and enforce the new. Although there are limited exemptions for clinical trial data and information subject to HIPAA under the CCPA, the CCPA and other similar laws could impact our business activities depending on how it is interpreted. Additionally, some observers have noted that the CCPA could mark the beginning of a trend toward more stringent privacy legislation in the United States, which could increase our potential liability and adversely affect our business. Already, in the United States, we have witnessed significant developments at the state level with numerous other states passing comprehensive privacy laws that incorporate many similar concepts of the CCPA. In addition, a number of other states have proposed new privacy laws, some of which are similar to the above discussed recently passed laws. Such proposed legislation, if enacted, may add additional complexity, variation in requirements, restrictions and potential legal risk, require additional investment of resources in compliance programs, impact strategies and the availability of previously useful data and could result in increased compliance costs and/or changes in business practices and policies. There are also states that are specifically regulating health information. For example, Washington state recently passed a health privacy law, effective March 31, 2024, that regulates the collection and sharing of health information, and the law also has a private right of action, which further increases the relevant compliance risk. Connecticut and Nevada have also passed similar laws regulating consumer health data. In addition, other states have proposed and/or passed legislation that regulates the privacy and/or security of certain specific types of information. For example, a small number of states have passed laws that specifically regulate biometric data. These various privacy and security laws may impact our business activities, including our identification of research subjects, relationships with business partners and ultimately the marketing and distribution of our products. State laws are changing rapidly and there is discussion in the U.S. Congress of a new comprehensive federal data privacy law to which we may likely become subject, if enacted. In other foreign jurisdictions in which we operate or have operated (including sponsoring past, present or future clinical trials), such as, without limitation, Canada and Georgia, we may also be subject to stringent Data Protection Requirements. In Canada, for instance, Quebec's new comprehensive data protection law recently entered into force and is expected to have far-reaching effects. Generally, these laws exemplify the vulnerability of our business to the evolving regulatory environment related to personal data and may require us to modify our Processing practices at substantial costs and expenses in an effort to comply. Additionally, regulations promulgated pursuant to HIPAA, as amended, establish privacy and security standards that limit the use and disclosure of individually identifiable health information, or protected health information, and require the implementation of administrative, physical and technological safeguards designed to protect the privacy, confidentiality, integrity and availability of protected health information. These provisions may be applicable to our business or that of our collaborators, service providers, contractors or consultants. Determining whether protected health information has been handled in compliance with applicable Data Protection Requirements can be complex and may be subject to changing interpretation. If we are unable to properly protect the privacy and security of protected health information, we could be found to have violated these privacy and security laws and/or breached certain contracts with our business partners (including as a business associate). Further, if we fail to comply with applicable Data Protection Requirements, such as, to the extent applicable, HIPAA privacy and security standards, we could face significant civil and criminal penalties. In the United States, the Department of Health and Human Services' and state attorneys general enforcement activity can result in financial liability and reputational harm, and responses to such enforcement activity can consume significant internal resources. In addition, state attorneys general are authorized to bring civil actions seeking either injunctions or damages in response to violations that threaten the privacy of state residents. We cannot be sure how these regulations will be interpreted, enforced or applied to our operations. In addition to the risks associated with enforcement activities and potential contractual liabilities, our ongoing efforts to comply with evolving laws and regulations at the federal and state level may be costly and require ongoing modifications to our policies, procedures and systems. Given the breadth and evolving nature of Data Protection Requirements, preparing for and complying with these requirements is rigorous, time-intensive and requires significant resources and a review of our technologies, systems and practices, as well as those of any third-party collaborators, service providers, contractors or consultants that Process personal data on our behalf. We may publish privacy policies and other documentation regarding our Processing of personal data and/or other confidential, proprietary or sensitive information. Although we endeavor to comply with our published policies and other documentation, we may at times fail to do so or may be perceived to have failed to do so. Moreover, despite our efforts, we may not be successful in achieving compliance if our employees, third-party collaborators, service providers, contractors or consultants fail to comply with our policies and documentation. Such failures can subject us to potential foreign, local, state and federal action if they are found to be deceptive, unfair, or misrepresentative of our actual practices. Moreover, subjects about whom we or our partners obtain information, as well as the providers who share this information with us, may contractually limit our ability to use and disclose the information. Claims that we have violated individuals' privacy rights or failed to comply with data protection laws or applicable privacy notices even if we are not found liable, could be expensive and time-consuming to defend and could result in adverse publicity that could harm our business or otherwise materially and negatively impact our business.

As of May 3, 2024, we had 77 full-time equivalent employees who are located in different geographies across the U.S., U.K. and the European Union who provide services across our organization (including operational, administrative, research and development, and other support services). We also have consultants who we rely on for research and development, business development, and other services. While we believe this structure enables us to reduce certain infrastructure costs, the small size of our team may limit our ability to devote adequate personnel, time, and resources to support our operational, research and development activities, and the management of compliance, financial, accounting, and reporting matters. If our team fails to provide adequate operational, administrative, research and development, or other services across our entire organization, our business, financial condition, and results of operations could be harmed.

We currently conduct and expect to continue to rely on third parties such as contract development and manufacturing organizations, or CMOs, and contract research organizations, or CROs, to manufacture our products and conduct our clinical trials. We do not currently have the ability to independently conduct large-scale clinical trials, such as a Phase 3 clinical trial, without assistance of third parties. We have relied upon and plan to continue to rely upon medical institutions, clinical investigators, contract laboratories and other third parties, such as CROs, to conduct or assist us in conducting GCP-compliant clinical trials on our product candidates properly and on time, and may not currently have all of the necessary contractual relationships in place to do so. Once we have established contractual relationships with such third-party CROs, we will have only limited control over their actual performance of these activities. We and our CMOs, CROs and other vendors are required to comply with cGMP, GCP and GLP which are regulations and guidelines enforced by the FDA, the Competent Authorities of the Member States of the European Union and any comparable foreign regulatory authorities for all of our product candidates in preclinical and clinical development. Regulatory authorities enforce these regulations through periodic inspections of trial sponsors, principal investigators, clinical trial sites and other contractors. Although we rely on CROs to conduct any current or planned GLP-compliant preclinical studies and GCP-compliant clinical trials and have limited influence over their actual performance, we remain responsible for ensuring that each of our preclinical studies and clinical trials is conducted in accordance with its investigational plan and protocol and applicable laws and regulations, and our reliance on the CROs does not relieve us of our regulatory responsibilities. If we or any of our CROs or vendors fail to comply with applicable regulations, the data generated in our preclinical studies and clinical trials may be deemed unreliable and the FDA, EMA, MHRA or any comparable foreign regulatory agency may require us to perform additional preclinical studies and clinical trials before approving our marketing applications. We cannot assure you that upon inspection by a given regulatory agency, such regulatory agency will determine that all of our clinical trials comply with GCP regulations. In addition, our clinical trials must be conducted with products produced under cGMP requirements. Our failure to comply with these requirements may require us to repeat clinical trials, which would delay the regulatory approval process. While we will have agreements governing their activities, our CROs will not be our employees, and we will not be able to control whether or not they devote sufficient time and resources to our future preclinical and clinical programs. These CROs may also have relationships with other commercial entities, including our competitors, for whom they may also be conducting clinical trials, or other drug development activities which could harm our business. We face the risk of potential unauthorized disclosure or misappropriation of our intellectual property by CROs, which may reduce our trade secret protection and allow our potential competitors to access and exploit our proprietary technology. CROs also may use our proprietary information and intellectual property in such a way as to result in litigation or other intellectual property-related proceedings that could jeopardize or invalidate our proprietary information and intellectual property. If our CROs do not successfully carry out their contractual duties or obligations, fail to meet expected deadlines, or if the quality or accuracy of the clinical data they obtain is compromised due to the failure to adhere to our clinical protocols or regulatory requirements or for any other reason, our clinical trials may be extended, delayed or terminated, the clinical data generated in our clinical trials may be deemed unreliable, and we may not be able to obtain regulatory approval for, or successfully commercialize any product candidate that we develop. If our CROs become subject to regulatory investigations or sanctions or are otherwise prevented or restricted from performing their business, this may result in a material delay to our development and/or commercial activities, add significant additional cost, require that we move our non-clinical and/or clinical development activities to alternative vendors, in each case, which may materially and adversely impact our ability to conduct our clinical trials and/or develop or commercialize our products in a timely manner or at all. As a result, our financial results and the commercial prospects for any product candidate that we develop would be harmed, our costs could increase, and our ability to generate revenue could be delayed. If our relationships with these CROs terminate, we may not be able to enter into arrangements with alternative CROs or do so on commercially reasonable terms. Switching or adding additional CROs involves substantial cost and requires management time and focus, and could delay development and commercialization of our product candidates. In addition, there is a natural transition period when a new CRO commences work. As a result, delays occur, which can negatively impact our ability to meet our desired clinical development timelines. Though we intend to carefully manage our relationships with our CROs, there can be no assurance that we will not encounter challenges or delays in the future or that these delays or challenges will not have a negative impact on our business and financial condition.

We have received orphan drug designation for SerpinPC in the United States for the treatment of HB, with or without inhibitors, and may in the future seek orphan drug designation for certain of our other product candidates, but we may be unable to maintain orphan drug designation or obtain any benefits associated with orphan drug designation, including market exclusivity. Regulatory authorities in some jurisdictions, including the United States and the European Union, may designate drugs and biologics intended to treat relatively small patient populations as orphan drugs. Under the Orphan Drug Act of 1983, FDA may designate a product candidate as an orphan drug if it is intended to treat a rare disease or condition, which is defined as a disease or condition having a patient population of fewer than 200,000 individuals in the United States, or a patient population greater than 200,000 in the United States where there is no reasonable expectation that the cost of developing the drug will be recovered from sales in the United States. In the EU, the European Commission, after recommendation from the EMA's Committee for Orphan Medicinal Products, grants orphan designation in respect of products that are intended for the diagnosis, prevention or treatment of a life-threatening or chronically debilitating condition which either affects not more than 5 in 10,000 persons in the EU when the application for orphan designation is made, or products intended for the diagnosis, prevention or treatment of a life-threatening, seriously debilitating or serious and chronic condition when, without incentives, it is unlikely that sales of the product in the EU would be sufficient to justify the necessary investment in developing the product. In each case, there must be no satisfactory method of diagnosis, prevention or treatment which is authorized for marketing in the EU, or, if such a method exists, the product would be of significant benefit to those affected by the condition. Certain of our current product candidates, and our future potential product candidates may target patient populations that are smaller than the numbers described above. If we request orphan drug designation for our product candidates, there can be no assurances that FDA or the European Commission will grant any of our product candidates such designation. Additionally, the designation of any of our product candidates as an orphan product does not guarantee that any regulatory agency will accelerate regulatory review of, or ultimately approve, that product candidate, nor does it limit the ability of any regulatory agency to grant orphan drug designation to product candidates of other companies that treat the same indications as our product candidates prior to our product candidates receiving exclusive marketing approval. Generally, if a product candidate with an orphan drug designation receives the first marketing approval for the indication for which it has such designation, the product is entitled to a period of marketing exclusivity, which precludes the FDA or the European Commission from approving another marketing application for a product that constitutes the same drug (or a "similar medicinal product" in the EU) treating the same indication for that marketing exclusivity period, except in limited circumstances. If another sponsor receives such approval before we do (regardless of our orphan drug designation), we will be precluded from receiving marketing approval for our product for the applicable exclusivity period. The applicable period is seven years in the United States and 10 years in the European Union. The exclusivity period in the United States can be extended by six months if the sponsor submits pediatric data that fairly respond to a written request from the FDA for such data, and the exclusivity period in the EU can be extended by two years when the results of pediatric studies are completed in accordance with a fully compliant pediatric investigation plan and reflected in the summary of product characteristics (SmPC). The exclusivity period in the European Union can be reduced to six years if a product no longer meets the criteria for orphan drug designation or if the product is sufficiently profitable so that market exclusivity is no longer justified. Proposed amendments to EU legislation regarding orphan medicines are under consideration that, if implemented following the conclusion of the legislative process, have the potential to shorten the ten-year period of marketing exclusivity. Orphan drug exclusivity may be revoked if any regulatory agency determines that the request for designation was materially defective or if the manufacturer is unable to assure sufficient quantity of the product to meet the needs of patients with the rare disease or condition. Even if we obtain orphan drug exclusivity for a product candidate, that exclusivity may not effectively protect the product candidate from competition because different drugs can be approved for the same condition. In the United States, even after an orphan drug is approved, the FDA may subsequently approve another drug for the same condition if the FDA concludes that the latter drug is not the same drug or is clinically superior in that it is shown to be safer, more effective or makes a major contribution to patient care. In the EU, a marketing authorization may be granted to a similar medicinal product for the same orphan indication if: - the second applicant can establish in its application that its medicinal product, although similar to the orphan medicinal product already authorized, is safer, more effective or otherwise clinically superior;- the holder of the marketing authorization for the original orphan medicinal product consents to a second orphan medicinal product application; or - the holder of the marketing authorization for the original orphan medicinal product cannot supply sufficient quantities of orphan medicinal product.

A large proportion of our value may at any time reside in a limited number of our programs and/or developmental assets or product candidates. Our consolidated financial condition and prospects may be materially diminished if the clinical development or potential commercialization prospects of one of our product candidates or programs or one or more of the intellectual property rights held by us become impaired. Furthermore, a large proportion of our consolidated revenue may at any time be derived from one, or a small number of, licensed technologies, and termination or expiration of licenses to these technologies would likely have a material adverse effect on our consolidated revenue. Any material adverse impact on the value of intellectual property rights or the clinical development of product candidates or programs, could have a material adverse effect on our consolidated business, financial condition, results of operations or prospects.

We currently have no sales and marketing organization. To successfully commercialize any products that may result from our development programs, we will need to develop these capabilities, either on our own or with others. The establishment and development of our own commercial team or the establishment of a contract sales force to market any products we may develop will be expensive and time-consuming and could delay any product launch. Moreover, we cannot be certain that we will be able to successfully develop this capability. We may enter into collaborations regarding our product candidates with entities to utilize their established marketing and distribution capabilities, but we may be unable to enter into such agreements on favorable terms, if at all. If any current or future collaborators do not commit sufficient resources to commercialize our products, or we are unable to develop the necessary capabilities on our own, we will be unable to generate sufficient product revenue to sustain our business. We compete with many companies that currently have extensive, experienced and well-funded medical affairs, marketing and sales operations to recruit, hire, train and retain marketing and sales personnel. We also face competition in our search for third parties to assist us with the sales and marketing efforts of our product candidates. Without an internal team or the support of a third party to perform marketing and sales functions, we may be unable to compete successfully against these more established companies. Our efforts to educate the medical community and third-party payors on the benefits of our product candidates may require significant resources and may never be successful. Such efforts may require more resources than are typically required due to the complexity and uniqueness of our potential products. If any of our product candidates is approved but fails to achieve market acceptance among physicians, patients or third-party payors, we will not be able to generate significant revenues from such product, which could have a material adverse effect on our business, financial condition, results of operations and prospects.

Geo-political conflicts including the Russia-Ukraine war and the Middle East conflict(s) and tensions in U.S.-China relations may impact our CROs, clinical data management organizations, and clinical investigators' ability to conduct certain of our trials in the applicable countries, and may prevent us from obtaining data on patients already enrolled at sites in these countries. This could negatively impact the completion of our clinical trials and/or analyses of clinical results, which may increase our product development costs, elongate clinical trial timeframes and materially harm our business.