Day One Biopharmaceuticals (DAWN) Risk Factors

An active trading market for our common stock may never be sustained. The market value of our common stock may decrease from the purchase price. As a result of these and other factors, you may be unable to resell your shares of our common stock at or above the purchase price. The lack of an active market may impair your ability to sell your shares at the time you wish to sell them or at a price that you consider reasonable. The lack of an active market may also reduce the fair market value of your shares. Furthermore, an inactive market may also impair our ability to raise capital by selling shares of our common stock and may impair our ability to enter into strategic collaborations or acquire companies or products by using our shares of common stock as consideration.

We have never declared or paid cash dividends on our common stock. We currently intend to retain all available funds and any future earnings to support operations and to finance the growth and development of our business. We do not intend to declare or pay any cash dividends on our capital stock in the foreseeable future. As a result, any investment return on our common stock will depend upon increases in the value for our common stock, which is not certain.

We have engaged in strategic transactions, for instance with affiliates of Takeda Pharmaceutical Company Limited, Viracta Therapeutics, Inc., Merck KGaA, Darmstadt, Germany, MabCare, and Ipsen, and from time to time, we may consider further strategic transactions, such as acquisitions of companies, businesses or assets and out-licensing or in-licensing of products, product candidates (such as DAY301 and VRK1) or technologies. Additional potential transactions that we may consider include a variety of different business arrangements, including spin-offs, strategic partnerships, joint ventures, restructurings, divestitures, business combinations and investments. Any such transaction may require us to incur non-recurring or other charges, may increase our near term or long-term expenditures and may pose significant integration challenges or disrupt our management or business, which could adversely affect our operations and financial results. For example, these transactions may entail numerous operational and financial risks, including: - exposure to unknown liabilities;- disruption of our business and diversion of our management's time and attention in order to develop acquired products, product candidates or technologies;- incurrence of substantial debt or dilutive issuances of equity securities to pay for acquisitions;- higher than expected acquisition and integration costs;- write-downs of assets or goodwill or impairment charges;- increased amortization expenses;- difficulty and cost in combining the operations, systems and personnel of any acquired businesses with our operations, systems and personnel;- impairment of relationships with key suppliers or customers of any acquired businesses due to changes in management and ownership; and - inability to retain key employees of any acquired businesses.

We and third parties who we work with are or may become subject to numerous domestic and foreign data protection laws and regulations (i.e., laws and regulations that address privacy and data security), the scopes of which are changing, subject to differing applications and interpretations, and may be inconsistent among countries, or conflict with other rules. We are or may become subject to the terms of contractual obligations related to privacy, data protection and data security. The actual or perceived failure by us or related third parties to comply with such obligations could increase our compliance and operational costs, expose us to regulatory scrutiny, actions, fines and penalties, result in reputational harm, lead to a loss of customers, result in litigation and liability and otherwise cause a material adverse effect on our business, financial condition and results of operations. In the United States, numerous federal and state laws and regulations, including federal health information privacy and security laws, federal and state data breach notification laws, state health information privacy laws and federal and state consumer protection laws (e.g., Section 5 of the Federal Trade Commission Act) that govern the collection, use, disclosure and protection of health-related and other personal information could apply to our operations or the operations of our collaborators. In addition, we may obtain protected health information from third parties (including research institutions from which we obtain clinical trial data) that are subject to privacy and security requirements under HIPAA, as amended by HITECH. Depending on the facts and circumstances, we could be subject to civil and criminal penalties if we obtain, use or disclose individually identifiable health information maintained by a HIPAA-covered entity in a manner that is not authorized or permitted by HIPAA. Washington state recently passed the My Health My Data Act, which is focused on the collection of consumer health data. The My Health My Data Act has a broader scope than HIPAA and includes a private right of action. The My Health Data Act became effective on March 31, 2024 and there may be substantial regulatory action and litigation associated with the My Health Data Act. The state of California recently enacted the CCPA, which creates new individual privacy rights for California consumers and places increased privacy and data security obligations on entities handling personal information of consumers or households. The CCPA, in effect since January 1, 2020, and most recently amended by the CPRA, is now in effect as of January 1, 2023 and enforced as of July 1, 2023, subject to the regulations promulgated through a newly created enforcement agency called the California Privacy Protection Agency, or the CPPA. The CCPA gives California residents expanded privacy rights, including the right to request correction, access and deletion of their personal information, the right to opt out of certain personal information sharing and the right to receive detailed information about how their personal information is processed, including by California residents' employers. The CCPA and CPRA provide for civil penalties and a private right of action for data breaches that is expected to increase data breach litigation. The CCPA and CPRA may increase our compliance costs and potential liability. The CCPA has prompted several proposals for new federal and state-level privacy legislation which, if enacted, could increase our potential liability and compliance costs, and adversely affect our business. Foreign data protection laws, including Regulation 2016/679, known as the General Data Protection Regulation, or GDPR, may apply to personal information (including health-related data) obtained from individuals in the European Economic Area, or the EEA, and Switzerland. The GDPR, and its implementing legislation across the EU, imposes strict obligations on businesses, including requiring changes to informed consent practices and more detailed notices for clinical trial subjects and investigators, requiring limitations on data processing, establishing a legal basis for processing personal information, notification of data processing obligations, notification of security incidents to appropriate data protection authorities or data subjects, protecting the security and confidentiality of the personal information, and establishing means for data subjects to exercise rights in relation to their personal information. The GDPR subjects noncompliant companies to fines of up to the greater of 20 million Euros or 4% of their global annual revenues, potential bans on processing of personal information (including clinical trials), and private litigation. To the extent applicable, the GDPR will increase our responsibility and liability in relation to personal information that we process, and we may be required to put in place additional mechanisms and expend additional time and resources to ensure compliance with the EU data protection rules. Additionally, the UK implemented the Data Protection Act effective in May 2018 and statutorily amended in 2019, that substantially implements the GDPR and contains provisions, including UK-specific derogations, for how GDPR is applied in the UK. Changes in these legislations may add additional complexity, variation in requirements, restrictions and potential legal risk, require additional investment in resources for compliance programs, could impact strategies and availability of previously useful data, and could result in increased compliance costs and/or changes in business practices and policies. In addition, supervisory authorities in the EEA, Switzerland, and the UK have enforced data protection legislation inconsistently, which may result in us having to spend additional resources in order to comply with rules and guidance applicable only in certain, local jurisdictions. Further, European data protection laws generally prohibit the transfer of personal information to countries outside of the EEA, UK and Switzerland, such as the United States, which are not considered by the European Commission to provide an adequate level of data protection. Switzerland has adopted similar restrictions. Although there are legal mechanisms to allow for the transfer of personal information from the EEA, UK, and Switzerland to the United States and other countries, they are or may become subject to legal challenges that, if successful, could invalidate these mechanisms, restrict our ability to process personal information of Europeans outside of Europe and adversely impact our business. For example, in July 2020, the Court of Justice of the European Union, or CJEU, invalidated the EU-U.S. Privacy Shield, which enabled the transfer of personal information from EU to the U.S. for companies that had self-certified to the Privacy Shield on the grounds that the EU-U.S. Privacy Shield failed to offer adequate protections to EU personal information transferred to the United States. While the CJEU did not invalidate the use of other data transfer mechanisms, such as the Standard Contractual Clauses, the decision has led to uncertainty regarding the use of such mechanisms for data transfers to the United States, and the CJEU made clear that reliance on Standard Contractual Clauses alone may not necessarily be sufficient in all circumstances. The European Data Protection Board, or EDPB, issued additional guidance regarding the CJEU's decision on November 11, 2020 which imposes higher burdens on the use of data transfer mechanisms, such as the Standard Contractual Clauses, for cross-border data transfers. In June 2021, the European Commission adopted new Standard Contractual Clauses under the GDPR for transfers of personal data outside the EU to countries that the European Commission has not deemed to provide an adequate level of protection for such personal data. Effective July 10, 2023, the new EU-U.S. Data Privacy Framework, or the DPF, has been recognized as adequate under EU law to allow transfers of personal data from the EU to certified companies in the United States. However, the DPF is subject to further legal challenges which could cause the legal requirements for personal data transfers from the EU to the United States to become uncertain once again. While the DPF does not apply to the UK, on October 12, 2023, the UK government adopted an adequacy decision concluding that the United States ensures an adequate level of protection transferred from the UK to the United States under the UK Extension to the EU-U.S. Data Privacy Framework, or the UK DPF. We anticipate a similar adequacy decision from the Swiss government, or Swiss DPF. Both the UK DPF and the Swiss DPF could also be contested or otherwise affected by any challenges to the EU-U.S. DPF. If we cannot implement a valid compliance mechanism for cross-border data transfers, we may face increased exposure to regulatory actions, substantial fines, and injunctions against processing or transferring personal data from Europe or other foreign jurisdictions. In the EU and other markets, potential new rules and restrictions on the flow of data across borders could increase the cost and complexity of doing business in those regions. In addition, further to the UK's exit from the EU on January 31, 2020, the GDPR ceased to apply in the UK at the end of the transition period on December 31, 2020. However, as of January 1, 2021, the United Kingdom's European Union (Withdrawal) Act 2018 incorporated the GDPR (as it existed on December 31, 2020 but subject to certain UK-specific amendments) into UK law, referred to as the UK GDPR. The UK GDPR and the UK Data Protection Act 2018 set out the UK's data protection regime, which is independent from but aligned to the EU's data protection regime. Non-compliance with the UK GDPR may result in monetary penalties of up to £17.5 million or 4% of worldwide revenue, whichever is higher. With respect to transfers of personal data from the EU to the United Kingdom, on June 28, 2021 the European Commission issued an adequacy decision in respect of the UK's data protection framework, enabling data transfers from EU member states to the UK to continue without requiring organizations to put in place contractual or other measures in order to lawfully transfer personal data between the territories. While it is intended to last for at least four years, the European Commission may unilaterally revoke the adequacy decision at any point, and if this occurs it could lead to additional costs and increase our overall risk exposure. Other countries, including China, Brazil, Australia and Japan, for example, have adopted certain legal requirements for local storage and processing of data and cross-border transfers of personal information, any and all of which could increase the cost and complexity of conducting preclinical testing and clinical trials or delivering our future products, if any, and operating our business. These obligations may be interpreted and applied in a manner that is inconsistent from one jurisdiction to another and may conflict with other requirements or our practices. Further, on July 26, 2023, the SEC adopted new cybersecurity disclosure rules for public companies that require disclosure regarding cybersecurity risk management (including the board's role in overseeing cybersecurity risks, management's role and expertise in assessing and managing cybersecurity risks and processes for assessing, identifying and managing cybersecurity risks) in annual reports on Form 10-K. These new cybersecurity disclosure rules also require the disclosure of material cybersecurity incidents by Form 8-K, within four business days of determining an incident is material. We are or may become subject to the terms of external and internal privacy and security policies, representations, certifications and publications related to privacy and security. Compliance with domestic and foreign privacy, data security and data protection laws, regulations and contractual and other obligations could require us to take on more onerous obligations in our contracts, restrict our ability to collect, use and disclose data, or in some cases, impact our ability to operate in certain jurisdictions. The actual or perceived failure to comply with domestic and foreign privacy, data privacy and data protection laws and regulations could result in government enforcement actions (which could include civil, criminal and administrative penalties), private litigation and/or adverse publicity and could negatively affect our operating results and business. Moreover, clinical trial subjects about whom we or our potential collaborators obtain information, as well as the providers who share this information with us, may contractually limit our ability to use and disclose the information. Claims that we have violated individuals' privacy rights, failed to comply with privacy, data security and data protection laws or breached our contractual obligations, even if we are not found liable, could be expensive and time consuming to defend and could result in adverse publicity that could harm our business.

Our business exposes us to significant product liability risks inherent in the development, testing, manufacturing and commercialization of OJEMDA and any future products and marketing of therapeutic treatments. Product liability claims could delay or prevent completion of our development programs. If we succeed in marketing products, such claims could result in an FDA or other regulatory authority investigation of the safety and effectiveness of our products, our manufacturing processes and facilities or our marketing programs. The FDA or other regulatory authority investigations could potentially lead to a recall of our products or more serious enforcement action, limitations on the approved indications for which they may be used or suspension or withdrawal of approvals. Regardless of the merits or eventual outcome, liability claims may also result in decreased demand for our products, injury to our reputation, costs to defend the related litigation, a diversion of management's time, our resources and substantial monetary awards to trial participants or patients. We currently have product liability insurance that we believe is appropriate for our stage of development and may need to obtain higher levels prior to advancing our product candidates into clinical trials or marketing any of our product candidates, if approved. Any insurance we have or may obtain may not provide sufficient coverage against potential liabilities. Furthermore, clinical trial and product liability insurance is becoming increasingly expensive. As a result, we may be unable to obtain sufficient insurance at a reasonable cost to protect us against losses caused by product liability claims that could have an adverse effect on our business and financial condition.

We do not have any manufacturing facilities, and we currently contract with certain third-party manufacturers in China. We rely, and expect to continue to rely, on third parties for the manufacture of OJEMDA and our product candidates for clinical testing, product development purposes, to support regulatory application submissions, as well as for commercial manufacture of our product candidates. In addition, we expect to contract with analytical laboratories for release and stability testing of OJEMDA and our product candidates. This reliance on third parties increases the risk that we will not have sufficient quantities of OJEMDA or our product candidates or products or such quantities at an acceptable cost or quality, which could delay, prevent or impair our development or commercialization efforts and cause the FDA to withdraw certain designations, including orphan drug designation. For example, we cannot be sure to what extent the supply chain issues caused by geopolitical uncertainty and public health epidemics, may impact our ability to procure sufficient supplies for the development of OJEMDA and our product candidates and what, if any, impact that may have on our facilities and operations in the region, including but not limited to a decrease or disruption of production, increased costs of production or other interruptions in our supply chain. In addition, any disruption in production or inability of our manufacturers, specifically in China, to produce adequate quantities to meet our needs, whether as a result of a natural disaster or other causes, could impair our ability to operate our business on a day-to-day basis and to continue our development of OJEMDA and our product candidates. Furthermore, since these manufacturers are located in China, we are exposed to the possibility of product supply disruption and increased costs in the event of changes in the policies of the United States or Chinese governments, political unrest or unstable economic conditions in China. Legislation has been introduced in Congress to limit certain U.S. biotechnology companies from using equipment or services produced or provided by select Chinese biotechnology companies, including those affiliated with the manufacture of our API, Wuxi STA, and others in Congress have advocated for the use of existing executive branch authorities to limit those Chinese service providers' ability to engage in business in the U.S. We cannot predict what actions may ultimately be taken with respect to trade relations between the United States and China or other countries, what products and services may be subject to such actions or what actions may be taken by the other countries in retaliation. Any of these matters could materially adversely affect our business, financial condition and results of operations. In addition, disruptions in logistics routes and transportation capabilities could disrupt our supply chain. And, if we experience unexpected spikes in demand over time, we risk running out of our necessary supplies. We entered into a manufacturing and supply agreement with Quotient for drug manufacturing of OJEMDA and a packaging agreement with Sharp Corporation, or Sharp, for the packaging and serialization of OJEMDA. Supply chain issues, such as those related to certain packaging material, may negatively impact our ability to package and deliver OJEMDA and our product candidates if not managed effectively. Moreover, if any of our existing or future contract manufacturers or suppliers fail to perform satisfactorily, it could delay development or regulatory approval of our drug candidates or commercialization of our drugs, which could negatively impact our results of operations and business. We may be unable to enter into additional agreements with third-party manufacturers or suppliers or do so on favorable terms. Our anticipated reliance on a limited number of third party-manufacturers or suppliers exposes us to the following risks: - reliance on the third party for regulatory, compliance and quality assurance;- reliance on the third party for product development, analytical testing and data generation to support regulatory applications;- operations of our third-party manufacturers or suppliers could be disrupted by conditions unrelated to our business or operations, including the bankruptcy of the manufacturer or supplier, the issuance of an FDA Form 483 notice or warning letter or other enforcement action by the FDA or other regulatory authority;- the possible breach of the manufacturing agreement by the third party;- the possible misappropriation of our proprietary information, including our trade secrets and know-how;- the possible termination or nonrenewal of the agreement by the third party at a time that is costly or inconvenient for us;- carrier disruptions or increased costs that are beyond our control; and - failure to deliver our drugs under specified storage conditions and in a timely manner. Third-party manufacturers may not be able to comply with cGMP regulations or similar regulatory requirements outside of the United States. If the FDA determines that our CMOs are not in compliance with FDA laws and regulations, including those governing cGMPs, the FDA may not approve an NDA until the deficiencies are corrected or we replace the manufacturer in our application with a manufacturer that is in compliance. Moreover, our failure, or the failure of our third-party manufacturers and suppliers, to comply with applicable regulations could result in sanctions being imposed on us, including clinical holds, fines, injunctions, civil penalties, seizures or recalls of product candidates or products, operating restrictions and criminal prosecutions, any of which could significantly and adversely affect supplies of our products. In addition, approved products and the facilities at which they are manufactured are required to maintain ongoing compliance with extensive FDA requirements and the requirements of other similar agencies, including ensuring that quality control and manufacturing procedures conform to cGMP requirements. As such, our CMOs are subject to continual review and periodic inspections to assess compliance with cGMPs. Furthermore, although we do not have day-to-day control over the operations of our CMOs, we are responsible for ensuring compliance with applicable laws and regulations, including cGMPs. In addition, our third-party manufacturers and suppliers are subject to numerous environmental, health and safety laws and regulations, including those governing the handling, use, storage, treatment and disposal of waste products, and failure to comply with such laws and regulations could result in significant costs associated with civil or criminal fines and penalties for such third parties. Based on the severity of regulatory actions that may be brought against these third parties in the future, our clinical or commercial supply of drug and packaging and other services could be interrupted or limited, which could harm our business. OJEMDA and our product candidates and any products that we may develop may compete with other product candidates and products for access to manufacturing facilities. As a result, we may not obtain access to these facilities on a priority basis or at all. There are a limited number of manufacturers that operate under cGMP regulations and that might be capable of manufacturing for us. As we prepare for later-stage clinical trials and commercialization of OJEMDA, we will need to take steps to increase the scale of production of OJEMDA and our product candidates. Other than for our product OJEMDA, we have not yet scaled up the manufacturing process for any of our product candidates and may need to scale further to support future supply needs for any of our product candidates. Third-party manufacturers may be unable to successfully increase the manufacturing capacity for any of our product candidates in a timely or cost-effective manner, or at all. In addition, quality issues may arise during scale-up or commercial activities. For example, if microbial, viral or other contaminations are discovered in our product candidates or in the manufacturing facilities in which our product candidates are made, such manufacturing facilities may need to be closed for an extended period of time to investigate and remedy the contamination. Any performance failure on the part of our existing or future manufacturers could delay clinical development or marketing authorization. If our current CMOs for clinical testing cannot perform as agreed, we may be required to replace such CMOs. Although we believe that there are several potential alternative manufacturers who could manufacture OJEMDA or our product candidates, we may incur added costs and delays in identifying and qualifying any such replacement manufacturer or be able to reach agreement with any alternative manufacturer. Further, our third-party manufacturers may experience manufacturing or shipping difficulties due to resource constraints or as a result of natural disasters, labor disputes, unstable political environments or public health epidemics. If our current third-party manufacturers cannot perform as agreed, we may be required to replace such manufacturers and we may be unable to replace them on a timely basis or at all. Our current and anticipated future dependence upon others for the manufacture of OJEMDA or our product candidates may adversely affect our future profit margins and our ability to commercialize any products that obtain marketing authorization on a timely and competitive basis.

As is common in the biopharmaceutical industry, in addition to our employees, we engage the services of consultants to assist us in the development of OJEMDA and our product candidates. Many of these consultants, and many of our employees, were previously employed at, or may have previously provided or may be currently providing consulting services to, other pharmaceutical companies including our competitors or potential competitors. We may become subject to claims that we, our employees or a consultant inadvertently or otherwise used or disclosed trade secrets or other information proprietary to their former employers or their former or current clients. Litigation may be necessary to defend against these claims. If we fail in defending any such claims, in addition to paying monetary damages, we may lose valuable intellectual property rights or personnel, which could adversely affect our business. Even if we are successful in defending against these claims, litigation could result in substantial costs and be a distraction to our management team and other employees.

We rely on a limited number of suppliers, some of whom are our sole source for certain materials, and some of whom are based in foreign jurisdictions. Our small number of suppliers involves a number of additional risks, including risks related to supplier capacity constraints, component availability, price increases, timely delivery, component quality, failure of a key supplier to remain in business and adjust to market conditions, including inflation and changes in interest rates, actual or perceived instability in the global banking system, changes in the U.S. presidential administration, uncertainty with respect to the federal debt ceiling and budget and potential government shutdowns related thereto, natural disasters, fire, regional geopolitical conflicts, acts of terrorism, pandemics, or other catastrophic events. Further, in the case of materials for which we have a sole supplier, even if we are able to replace any raw materials or other materials with an alternative, such alternatives may cost more, result in lower yields or not be as suitable for our purposes. In addition, some of the materials that we use to manufacture OJEMDA and our product candidates are complex materials, which may be more difficult to substitute. Therefore, any disruptions arising from our sole suppliers could result in delays and additional regulatory submissions, which may adversely affect our business and results of operations.

OJEMDA has been administered only to a limited number of patients in clinical studies. While the FDA granted accelerated approval of OJEMDA based on the data included in the NDAs, we do not know whether the real world safety and effectiveness of the product will be consistent with the safety and effectiveness profile seen in the clinical studies. New data relating to OJEMDA, including from adverse events reports and our post-marketing commitments in the United States, and from other ongoing clinical studies, may result in changes to the product label and may adversely affect sales, or result in withdrawal of OJEMDA from the market. If any of these actions were to occur, it could result in significant expense and delay and/or limit our ability to generate future sales revenues in line with our expectations.

We recently began commercializing our first product, OJEMDA, in the United States. As a company, we had no prior experience commercializing a product. The success of our commercialization efforts for OJEMDA and any future approved products is difficult to predict and subject to the effective execution of our business plan, including, among other things, the continued development of our internal sales, marketing, and distribution capabilities and our ability to navigate the significant expenses and risks involved with the development and management of such capabilities. For example, we have completed hiring in areas to support commercialization, including in sales management, sales representatives, marketing, access and reimbursement, sales support, and distribution. There are significant expenses and risks involved with establishing our own sales, marketing, and distribution capabilities, including our ability to hire, retain, and appropriately incentivize qualified individuals, provide adequate training to sales and marketing personnel, and effectively manage geographically dispersed sales and marketing teams to generate sufficient demand. Any failure or delay in the development of these capabilities could delay or negatively affect the success of our commercialization efforts and our business. For example, the commercialization of OJEMDA may not develop as planned or anticipated, which may require us to, among others, adjust or amend our business plan and incur significant expenses. Alternatively, we may license certain rights with respect to our products or product candidates to collaborators and rely on the assistance and guidance of those collaborators. We may also seek collaborations to secure marketing authorizations and commercialize our products outside of the United States. We cannot assure that any collaboration(s) will result in short-term or long-term benefit to the company. If we choose to collaborate, either globally or on a territory-by-territory basis, with third parties that have direct sales forces and established distribution systems, either to augment our own sales force and distribution systems or in lieu of our own sales force and distribution systems, we will be required to negotiate and enter into arrangements with such third parties relating to the proposed collaboration and such arrangements may prove to be less profitable than commercializing the product on our own. If we are unable to build our own distribution and marketing capabilities or to find suitable partners for the commercialization of our products and product candidates, we may not generate substantial revenues, if any, from them or be able to reach or sustain profitability. Given our lack of experience commercializing products, we do not have a track record of successfully executing on the commercialization of an approved product. If we are unsuccessful in accomplishing our objectives and executing on our business plan, or if the commercialization of OJEMDA or any future approved products does not develop as planned, we may require significant additional capital and financial resources, we may not become profitable, and we may not be able to compete against more established companies in our industry.