Ginkgo Bioworks Holdings (DNA) Risk Analysis

The Federal Select Agent Program ("FSAP") involves rules administered by the Centers for Disease Control and Prevention and the USDA's APHIS that regulate possession, use, and transfer of biological select agents and toxins that have the potential to pose a severe threat to public, animal, or plant health or to animal or plant products. In accordance with the International Gene Synthesis Consortium's ("IGSC") Harmonized Screening Protocol for screening of synthetic DNA sequence orders, we follow biosafety and biosecurity industry practices and avoid DNA synthesis activities that implicate FSAP rules by screening synthetic DNA sequence orders against the IGSC's Regulated Pathogen Database; however, we could err in our observance of compliance program requirements in a manner that leaves us in noncompliance with FSAP or other biosecurity rules. In addition, authorities could promulgate new biosecurity requirements that restrict our operations. One or more resulting legal penalties, restraints on our business or reputational damage could have material adverse effects on our business, financial condition, or results of operations.

Our success depends in part on our ability to obtain and maintain intellectual property protection for our proprietary technologies. We protect our proprietary technologies through patents and trade secrets, both of which entail risk. If we are unable to obtain, maintain or protect intellectual property rights related to our technology, or if our intellectual property rights are inadequate, our competitive position, business, financial conditions, results of operations and prospects may be harmed. Because of the volume and nature of our inventions, patent protection may not be practicable, available, or appropriate for some aspects of our proprietary technologies. While we own patents and pending patent applications in the United States and in foreign jurisdictions, these applications do not ensure the protection of our intellectual property. There may be prior art of which we are not aware. Additionally, obtaining, maintaining, defending and enforcing patents is costly, time consuming and complex, and we may not be able to file and prosecute all necessary or desirable patent applications, or maintain and enforce any patents that may issue from such patent applications at a reasonable cost or in a timely manner. As a result of our restructuring and cost-reduction efforts, we have determined to reduce the size of our patent portfolio and, therefore, some of our intellectual property assets may be inadequate protected. It is also possible that we will fail to identify patentable aspects of our technologies before it is too late to obtain patent protection. Although we enter into confidentiality agreements with parties who have access to confidential or patentable aspects of our R&D output, such as our employees, collaborators, consultants, advisors and other third parties, any of these parties may breach the agreements and disclose such output before a patent application is filed, thereby jeopardizing our ability to seek patent protection. Further, pending applications may not be issued or may be issued with claims significantly narrower than we currently seek. Patents for which claims have been allowed may be successfully challenged and invalidated. Unless and until our pending applications issue, their protective scope is impossible to determine and, even after issuance, their protective scope may be limited. Recent changes in patent law may make patents covering life science inventions more difficult to obtain and enforce. Further legislative changes or changes in the interpretation of existing patent law could increase the uncertainty and cost surrounding the prosecution of our owned patent applications and the maintenance, enforcement or defense of our owned patents. The Leahy-Smith America Invents Act ("the Leahy-Smith Act") included changes that affect the way patent applications are prosecuted; redefine prior art; enable third-party submission of prior art to the United States Patent and Trademark Office ("USPTO") during patent prosecution; and provide cost-effective avenues for competitors and other third parties to challenge the validity of patents at USPTO-administered post-grant proceedings, including post-grant review, inter partes review, and derivation proceedings. Thus, the Leahy-Smith Act and its continued implementation could increase the uncertainties and costs surrounding the prosecution of our patent applications and the enforcement or defense of our issued patents, all of which could have a material adverse effect on our business, financial condition, results of operations, and prospects. Other changes in the law may further detract from the value of life science patents and facilitate challenges to our patents. In some cases, we develop inventions with the assistance of machine learning and other computational tools that may be considered to be AI, and we expect to use such tools, and to use generative AI, in future development. Because the law is in flux with respect to AI-assisted inventions, there is uncertainty and risk associated with patenting such inventions. Depending on future actions by the U.S. Congress, the federal courts and the USPTO, the laws and regulations governing patents could change in unpredictable ways that could have a further material adverse effect on our patent rights and our ability to protect, defend and enforce our patent rights in the future. It is also possible that disclosure requirements with respect to use of AI tools may be imposed by the patent office, which could increase the cost of patent prosecution and cause uncertainty and delay in the enforcement of patent rights. In some cases, we use genetic sequence information from naturally occurring organisms. U.S. Supreme Court rulings have narrowed the scope of patent protection for naturally occurring sequences and for inventions based on the observation and exploitation of natural phenomena. These decisions have weakened the rights of patent owners in certain situations. The Federal Circuit and the Supreme Court have also issued a series of rulings that create obstacles to the patenting of groups of genetic sequences that share functional characteristics, making it more difficult to obtain claims to certain genetic constructs, particularly antibodies. These changes in the law have created uncertainty with respect to the validity and enforceability of patents covering natural and engineered sequences. Further, the issuance of a patent is not conclusive as to its inventorship, scope, validity or enforceability, and our patents may be challenged in the courts or patent offices in the United States and abroad. An adverse determination in any such challenge could result in loss of exclusivity, or patent claims being narrowed, invalidated or held unenforceable, in whole or in part. Any of these results could limit our ability to stop others from using or commercializing similar or identical technology to compete directly with us. In addition, if the breadth or strength of protection provided by our patents or patent applications is threatened, regardless of the outcome, it could dissuade companies from collaborating with us. Such proceedings also may result in substantial cost and require significant time from our scientists and management, even if the eventual outcome is favorable to us. The laws of some countries do not protect intellectual property rights to the same extent as do the laws of the United States or may apply different rules concerning the assignment of intellectual property rights. Many companies have encountered significant problems in protecting and defending intellectual property rights in certain jurisdictions. We may encounter similar difficulties, particularly as we expand to work with foreign employees and contractors and expand our collaboration activities into foreign markets. The legal systems of certain countries, particularly certain developing countries, do not favor the enforcement of patents by foreign holders and, in some cases, do not favor the enforcement of patents at all, particularly patents in the life sciences. This could make it difficult for us to stop the infringement of our patents. Proceedings to enforce our patent rights in foreign jurisdictions could result in substantial costs and divert our efforts and attention from other aspects of our business and could be unsuccessful. Reductions in the scope or enforceability of our patent protection may adversely affect our customers' ability to commercialize their products and may thus reduce our downstream value from royalties, commercial milestone payments and/or equity.

We have used "open-source" software in connection with the development and deployment of our software platform, and we expect to continue to use open-source software in the future. Open-source software is licensed by its authors or other third parties under open-source licenses, which in some instances may subject us to certain unfavorable conditions, including requirements that we offer our products that incorporate the open-source software for no cost, that we make publicly available all or part of the source code for any modifications or derivative works we create based upon, incorporating or using the open-source software, or that we license such modifications or derivative works under the terms of the particular open-source license. Companies that incorporate open-source software into their products have, from time to time, faced claims challenging the use of open-source software and compliance with open-source license terms. We could be subject to similar suits by parties claiming ownership of what we believe to be open-source software or claiming noncompliance with open-source licensing terms. While we monitor our use of open-source software and try to ensure that none is used in a manner that would require us to disclose our proprietary source code or that would otherwise breach the terms of an open-source agreement, we cannot guarantee that we will be successful, that all open-source software is reviewed prior to use in our platform, that our developers have not incorporated open- source software into our products that we are unaware of or that they will not do so in the future. Furthermore, there are an increasing number of open-source software license types, almost none of which have been interpreted by U.S. or foreign courts, resulting in a dearth of guidance regarding the proper legal interpretation of such licenses. As a result, there is a risk that open-source software licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to market or provide our products and services. If we are held to have breached or failed to fully comply with all the terms and conditions of an open-source software license, we could face infringement claims or other liability, or be required to seek costly licenses from third parties to continue providing our offerings on terms that are not economically feasible, if at all, to re-engineer all or a portion of our platform, to discontinue or delay the provision of our offerings if re-engineering could not be accomplished on a timely basis or to make generally available, in source code form, our proprietary code. Further, in addition to risks related to license requirements, use of certain open-source software carries greater technical and legal risks than does the use of third-party commercial software. For example, open-source software is generally provided without any support or warranties or other contractual protections regarding infringement or the quality of the code, including the existence of security vulnerabilities. To the extent that our platform depends upon the successful operation of open-source software, any undetected errors or defects in open-source software that we use could prevent the deployment or impair the functionality of our systems and injure our reputation. In addition, the public availability of such software may make it easier for others to compromise our platform. Any of the foregoing risks could materially and adversely affect our business, financial condition and results of operations.

We are engaged in certain research activities involving the development of microbes designed to generate precursors and other chemical intermediaries which may be regulated as controlled substances in the United States. Controlled substances are subject to state, federal, and foreign laws and regulations regarding their manufacture, use, sale, importation, exportation, and distribution. Among other laws, controlled substances are regulated under the federal Controlled Substances Act of 1970 and implementing regulations of the DEA. The DEA regulates controlled substances as Schedule I, II, III, IV or V substances. Schedule I substances by definition have no established medicinal use and may generally not be marketed or sold in the United States. Schedule I substances are subject to the most stringent controls and Schedule V the least controls of the five schedules, based on their relative risk of abuse. Regulations associated with controlled substances govern manufacturing, labeling, packaging, testing, dispensing, production and procurement quotas, recordkeeping, reporting, handling, shipment and disposal. These regulations include required security measures, such as background checks on employees and physical control of inventory and increase the personnel needs and the expense associated with development and commercialization of products or product candidates including controlled substances. Regulators conduct periodic inspections of entities involved in handling, manufacturing, or otherwise distributing controlled substances, and have broad enforcement authorities. If we are found to be non-compliant with applicable controlled substance registrations and related requirements, we may need to modify its business activities and/or stop handling or producing the products regulated as controlled substances, and could be subject to enforcement action, significant fines or penalties, and/or adverse publicity, among other consequences. Various states also independently regulate controlled substances. Though state-controlled substances laws often mirror federal law, because the states are separate jurisdictions, they may separately schedule substances, as well. The failure to comply with applicable regulatory requirements could lead to enforcement actions and sanctions from the states in addition to those from the DEA or otherwise arising under federal law.

From time to time, we may in the ordinary course of business be named as a defendant in lawsuits, indemnity claims and other legal proceedings. These actions may seek, among other things, compensation for alleged product liability, personal injury, employment discrimination, breach of contract, property damage and other losses or injunctive or declaratory relief. The marketing, sale and use of our services engineered cells, production processes and resulting products could lead to the filing of product liability claims were someone to allege that our services, engineered cells, production processes or resulting products failed to perform as designed or intended or caused injury or other harms. A product liability claim could result in substantial damages and be costly and time-consuming for us to defend. Regardless of merit or eventual outcome, product liability claims may result in: - decreased demand for programs and resulting products;- loss of revenue;- substantial monetary payments;- significant time and costs to defend related litigation;- the inability to commercialize any products from our programs; and - injury to our reputation and significant negative media attention. In the event that such actions, claims or proceedings are ultimately resolved unfavorably to us at amounts exceeding our accrued liability, or at material amounts, the outcome could materially and adversely affect our business and results of operations. In addition, payments of significant amounts, even if reserved, could adversely affect our liquidity position. We maintain product liability insurance, but this insurance may not fully protect us from the financial impact of defending against product liability claims. Any product liability claim brought against us, with or without merit, could increase our insurance rates or prevent us from securing insurance coverage in the future. Additionally, any product liability lawsuit could cause current collaborators to terminate existing agreements or potential collaborators to seek other companies, any of which could impact our business and results of operations.

Numerous state and federal laws, regulations, standards and other legal obligations, including consumer protection laws and regulations, which govern the collection, dissemination, use, access to, confidentiality, security and processing of personal information, including health-related information, could apply to our operations or the operations of our partners. For example, HIPAA imposes privacy, security and breach notification obligations on certain healthcare providers, health plans, and healthcare clearinghouses, known as covered entities, as well as their business associates that perform certain services that involve creating, receiving, maintaining or transmitting individually identifiable health information for or on behalf of such covered entities, and their covered subcontractors. HIPAA requires covered entities and business associates to develop and maintain policies with respect to the protection of, use and disclosure of protected health information ("PHI"), including the adoption of administrative, physical and technical safeguards to protect such information, and certain notification requirements in the event of a breach of unsecured PHI. If in the future we engage in certain types of standard electronic transactions involving payors, including billing the Medicare or Medicaid programs or commercial health plans, we will be subject to HIPAA as a "covered entity." We are currently subject to HIPAA as a "business associate" because we performed certain services involving the use or disclosure of PHI on behalf of covered entity customers with respect to our prior COVID-19 testing service offerings. Implementation of the infrastructure necessary to meet HIPAA standards requires substantial investment. Being subject to HIPAA as a covered entity or business associate exposes us to significant fines and penalties, including criminal fines and penalties. Entities that are found to be in violation of HIPAA as the result of a breach of unsecured PHI, a complaint about privacy practices or an audit by HHS, may be subject to significant civil, criminal and administrative fines and penalties and/or additional reporting and oversight obligations if required to enter into a resolution agreement and corrective action plan with HHS to settle allegations of HIPAA non-compliance. HIPAA also authorizes state attorneys general to file suit on behalf of their residents. Courts may award damages, costs and attorneys' fees related to violations of HIPAA in such cases. While HIPAA does not create a private right of action allowing individuals to sue us in civil court for violations of HIPAA, its standards have been used as the basis for duty of care in state civil suits such as those for negligence or recklessness in the misuse or breach of PHI. Even when HIPAA or a state law does not apply, according to the FTC, violating consumers' privacy rights or failing to take appropriate steps to keep consumers' personal information secure may constitute unfair and/or deceptive acts or practices in violation of Section 5(a) of the FTC Act. The FTC expects a company's data security measures to be reasonable and appropriate in light of the sensitivity and volume of consumer information it holds, the size and complexity of its business, and the cost of available tools to improve security and reduce vulnerabilities. Several states have enacted privacy laws governing the use and disclosure of health information, such as the California Confidentiality of Medical Information Act; these laws are not preempted by HIPAA to the extent they are more stringent than HIPAA. Such laws and regulations will be subject to interpretation by various courts and other governmental authorities, thus creating potentially complex compliance issues for us and our partners. Further, in recent years, there have been a number of well-publicized data breaches involving the improper dissemination of personal information of individuals both within and outside of the healthcare industry. Laws in all 50 states require businesses to provide notice to individuals whose personally identifiable information has been disclosed as a result of a data breach. The laws are not consistent, and compliance in the event of a widespread data breach is costly. States are also constantly amending existing laws, and creating new data privacy and security laws, requiring attention to frequently changing regulatory requirements. For example, the California Consumer Privacy Act of 2018 ("CCPA") went into effect on January 1, 2020. The CCPA creates new transparency requirements and grants California residents several new rights with respect to their personal information. Failure to comply with the CCPA may result in, among other things, significant civil penalties and injunctive relief, or potential statutory or actual damages. On November 3, 2020, California voters passed a ballot initiative for the California Privacy Rights Act ("CPRA"), which significantly expands the CCPA. The CPRA imposes additional data protection obligations on covered businesses, including additional consumer rights processes, limitations on data uses, new audit requirements for higher risk data, and opt outs for certain uses of sensitive data, such as the right to opt out of the sale of personal information or the sharing of personal information for purposes of cross-context behavioral advertising. The CPRA also provides for a private right of action for certain data breaches. It also creates a new California data protection agency authorized to issue substantive regulations and could result in increased privacy and information security enforcement. Additional compliance investment and potential business process changes may be required to remain compliant with similar laws that have been proposed or passed in other states. For example, comprehensive privacy laws akin to the CPRA have recently gone into effect in twelve other states, and several other states have passed similar laws that will go into effect in the next two years. It is possible that other states, federal agencies or local governments will follow suit. The data privacy laws under consideration by federal and state legislators also include sector-specific laws. The My Health My Data Act, which recently became effective in Washington, contains new notice and consent requirements for the processing of "consumer health data" with the potential for large penalties enforceable through private lawsuits. The FTC and other authorities are likewise imposing standards for the collection, use, dissemination and security of personal information under consumer protection laws. Additionally, in the United States, laws in all 50 states require businesses to provide notice to individuals whose personally identifiable information has been disclosed as a result of a data breach. The laws are not consistent, and compliance in the event of a widespread data breach is costly. In addition, laws, regulations, and standards covering marketing and advertising activities conducted by telephone, email, mobile devices and the internet are applicable to our business, including the Telephone Consumer Protection Act (the "TCPA") and the Controlling the Assault of Non-Solicited Pornography and Marketing Act ("CAN-SPAM Act"). The TCPA places certain restrictions on making certain outbound calls, faxes, and text messages to consumers. The CAN-SPAM Act imposes penalties for the transmission of commercial emails that do not comply with certain requirements, such as providing an opt-out mechanism for stopping future emails from the sender. Further, state and federal auto-renewal laws continue to evolve, which may require us to make changes to our processes in order to comply with such laws. The evolving patchwork of differing state and federal privacy and data security laws increases the cost and complexity of operating our business and increases our exposure to liability, including from third-party litigation and regulatory investigations, enforcement, fines, and penalties. Through our wholly owned subsidiaries with established offices in the European Union, parts of our business are subject to the European Union General Data Protection Regulation ("GDPR"), which went into effect in May 2018, and imposes strict requirements for processing the personal data of individuals within the European Economic Area. Companies that must comply with the GDPR face increased compliance obligations and risk, including more robust regulatory enforcement of data protection requirements and potential fines for noncompliance of up to €20 million or 4% of the annual global revenues of the noncompliant company, whichever is greater. Among other requirements, the GDPR regulates transfers of personal data subject to the GDPR to third countries that have not been found to provide adequate protection to such personal data, including the United States. Further, from January 1, 2021, companies that process the personal information of UK residents have to comply with the United Kingdom GDPR (the "UK GDPR"), which, together with the amended UK Data Protection Act 2018, retains the GDPR in UK national law. The UK GDPR mirrors the fines under the GDPR, i.e., fines up to the greater of €20 million (£17.5 million) or 4% of global turnover. Enforcement uncertainty and the costs associated with ensuring compliance may be onerous and adversely affect our business, operating results, prospects and financial condition. Although we work to comply with applicable laws, regulations and standards, contractual obligations and other legal obligations relating to data privacy, protection and security, these requirements are evolving and may be modified, interpreted and applied in an inconsistent manner from one jurisdiction to another, and may conflict with one another or other legal obligations with which Ginkgo must comply. Monitoring, preparing for and complying with these obligations requires us to devote significant resources (including, without limitation, financial and time-related resources). And as our operations and business grow, we may become subject to or affected by new or additional data protection laws and regulations and face increased scrutiny or attention from regulatory authorities. There is also increased public awareness of privacy issues in the wake of revelations about the data-collection activities of various government agencies and in the number of private privacy-related lawsuits filed against companies. Any failure or perceived failure by us or our employees, representatives, contractors, consultants, collaborators, or other third parties to comply with such requirements or adequately address privacy and security concerns, even if unfounded, could result in fines, legal claims, or proceedings, including regulatory investigations and actions, or liability for failure to comply with privacy and information security laws, which could disrupt our operations, damage our reputation, and expose us to claims from impacted individuals, any of which could have a material adverse effect on our business, financial condition, and results of operations.

We work with biological and chemical materials that could be hazardous to human, animal, or plant health and safety or the environment. Our operations produce hazardous and biological waste products, and we largely contract with third parties for the disposal of these products. Federal, state, and local laws and regulations govern the use, generation, manufacture, storage, handling, and disposal of these materials and wastes. Compliance with applicable laws and regulations is expensive, and current or future laws and regulations may restrict our operations. If we do not comply with applicable laws and regulations, we may be subject to fines and penalties. In addition, we cannot eliminate the risk of (a) accidental or intentional injury or (b) release, or contamination from these materials or wastes, which could expose us to liability. Furthermore, laws and regulations are complex, change frequently, and have tended to become more stringent. We cannot predict the impact of such changes and cannot be certain of our future compliance. Accordingly, in the event of release, contamination, or injury, we could be liable for the resulting harm or penalized with fines in an amount exceeding our resources and our operations could be suspended or otherwise adversely affected. These liabilities could also include regulatory actions, litigation, investigations, remediation obligations, damage to our reputation and brand, supplemental disclosure obligations, loss of customer, consumer, and partner confidence in the safety of our laboratory operations, impairment to our business, and corresponding fees, costs, expenses, loss of revenues, and other potential liabilities, as well as increased costs or loss of revenue or other harm to our business.

We are exposed to the risk that our employees, agents, contractors, research partners, consultants or vendors may engage in fraudulent or other illegal activity or misconduct. Misconduct by these parties could include intentional, reckless and/or negligent conduct or disclosure of unauthorized activities to us that causes us to breach our contracts and/or violates applicable laws and regulations, including but not limited to laws: - applicable to the provision of health care services;- governing the storage and handling of controlled substances;- requiring the reporting of true, complete and accurate information to the FDA, USDA, and other government agencies;- specifying vendor qualification standards and recordkeeping requirements;- international, federal and state fraud and abuse laws and regulations;- protecting the privacy and security of personally identifiable information and requiring breach notification;- relating to anti-corruption, anti-bribery, and anti-money laundering; and - requiring the true, complete and accurate reporting of services, financial information, or data. Specifically, the health care industry and government contractors are subject to extensive laws and regulations intended to prevent fraud, kickbacks, self-dealing and other abusive practices. These laws and regulations may restrict or prohibit a wide range of pricing, discounting, marketing and promotion, sales commission, and other business arrangements. Additionally, activities that involve the improper use or misrepresentation of information obtained in the course of research or creating fraudulent data could result in breach of contract, regulatory sanctions, and serious harm to our reputation. It is not always possible to identify and deter misconduct by our employees and other third parties, and the precautions we take to detect and prevent this kind of activity may not be effective in controlling unknown or unmanaged risks or losses or in protecting us from governmental investigations, other actions, or lawsuits stemming from a failure to be in compliance with such laws or regulations. Additionally, we are subject to the risk that a person could allege such fraud or other misconduct, even if none occurred. If any such actions are instituted against us, and we are not successful in defending ourselves or asserting our rights, those actions could have a significant impact on our business, including the imposition of civil, criminal and administrative penalties, damages, monetary fines, possible exclusion from participation in Medicare, Medicaid and other federal health care programs, debarment under 21 U.S.C. § 335a or a comparable foreign law, contractual damages, reputational harm, diminished potential profits and future earnings, and curtailment of our operations, any of which could adversely affect our business, financial condition, results of operations or prospects.

Widespread inflationary pressures and other adverse macroeconomic pressures, such as tariffs, increased duties and taxes, international trade disputes, political instability, supply or raw material shortages, and labor disruptions, exist across global economies, resulting in disruptions or higher costs for disposable lab equipment, raw materials and synthetic biology materials and services, and significant increases in the future could adversely affect our results of operations. We have experienced shortages in some of our key equipment and supplies, including those required in our labs, as well as disruptions in services provided by third parties, and may do so in the future as a result of supply chain issues tied to global pandemics, conflicts, or otherwise. We may also experience price increases, quality issues and longer lead times due to unexpected material shortages, service disruptions, and other unanticipated events, which may adversely affect our supply of lab equipment, lab supplies, chemicals, reagents, supplies, and lab services. For some suppliers, we do not enter into long-term agreements and instead secure our materials and services on a purchase order basis. Our suppliers may reduce or cease their supply of materials or services to us at any time in the future. If the supply of materials or services is interrupted, our programs may be delayed. We depend on a limited number of suppliers for critical items, including lab consumables and equipment, for the development of our programs. Some of these suppliers are single-source suppliers. We do not currently have the infrastructure or capability internally to manufacture these items at the necessary scale or at all. Although we have a reserve of supplies and although alternative suppliers exist for some of these critical products, services, and equipment, our existing processes used in our Foundry have been designed based on the functions, limitations, features, and specifications of the products, services, and equipment that we currently utilize. While we work with a variety of domestic and international suppliers, our suppliers may not be obligated to supply products or services or our arrangements may be terminated with relatively short notice periods. Additionally, we do not have any control over the process or timing of the acquisition or manufacture of materials by our manufacturers and cannot ensure that they will deliver to us the items we order on time, or at all. In particular, we rely on Twist for custom DNA synthesis and Thermo Fisher Scientific Inc. and others for certain instruments and consumables. The price and availability of DNA, chemicals, reagents, equipment, consumables, and instruments have a material impact on our ability to provide Cell Engineering services. The loss of the products, services, and equipment provided by one or more of our suppliers could require us to change the design of our research, development, and manufacturing processes based on the functions, limitations, features, and specifications of the replacement items or seek out a new supplier to provide these items. Additionally, as we grow, our existing suppliers may not be able to meet our increasing demand, and we may need to find additional suppliers. We may not be able to secure suppliers who provide lab supplies at, or equipment and services to, the specification, quantity, and quality levels that we demand (or at all) or be able to negotiate acceptable fees and terms of services with any such suppliers. As described above, some lab equipment, lab consumables, and other services and materials that we purchase are purchased from single-source or preferred suppliers, which limits our negotiating leverage and our ability to rely on additional or alternative suppliers for these items. Our dependence on these single-source and preferred suppliers exposes us to certain risks, including the following: - our suppliers may cease or reduce production or deliveries, raise prices, or renegotiate terms;- we may be unable to locate a suitable replacement on acceptable terms or on a timely basis, if at all;- if there is a disruption to our single-source or preferred suppliers' operations, and if we are unable to enter into arrangements with alternative suppliers, we will have no other means of continuing the relevant research, development, or manufacturing operations until they restore the affected facilities or we or they procure alternative sources of supply;- delays caused by supply issues may harm our reputation, frustrate our customers, and cause them to turn to our competitors for future programs; and - our ability to progress the development of existing programs and the expansion of our capacity to begin future programs could be materially and adversely impacted if the single-source or preferred suppliers upon which we rely were to experience a significant business challenge, disruption, or failure due to issues such as financial difficulties or bankruptcy, issues relating to other customers such as regulatory or quality compliance issues, or other financial, legal, regulatory, or reputational issues. Moreover, to meet anticipated market demand, our suppliers may need to increase manufacturing capacity, which could involve significant challenges. This may require us and our suppliers to invest substantial additional funds and hire and retain the technical personnel who have the necessary experience. Neither we nor our suppliers may successfully complete any required increase to existing research, development, or manufacturing capacity in a timely manner, or at all. For the year ended December 31, 2024, our cost of lab equipment, lab supplies, and lab services accounted for a significant portion of our total R&D expenses. In the event of price increases by suppliers, whether as a result of inflationary pressures, tariffs or otherwise, we may attempt to pass the increased costs to our customers. However, we may not be able to raise the prices of our Cell Engineering services sufficiently to cover increased costs resulting from increases in the cost of our materials and services, or the interruption of a sufficient supply of materials or services. As a result, materials and services costs, including any price increase for our materials and services, may negatively impact our business, financial condition, and results of operations. Some of our suppliers and contract manufacturers are foreign entities. We may face disruptions due to the inability to obtain customs clearances in a timely manner or restrictions on shipping or international travel. As a result of ongoing global supply chain challenges resulting in very long lead times for certain products and equipment, we may order in larger volumes in order to secure the supplies we require for our future operations, which may negatively impact our financial conditions, especially if we are unable to use the supplies ordered.

We have derived, and may continue to derive, a significant portion of our revenue from a limited number of large customers. During the year ended December 31, 2024, three customers each represented more than 10% of our total revenue and cumulatively represented 49% of our total revenue. Due to the significant time required to acquire new customers, to plan and develop new programs for customers, and to satisfactorily execute on existing programs, the loss of any of these customers, or the loss of any other significant customer or a significant reduction in the amount of demand from a significant customer would adversely affect our revenue, results of operations, cash flows and reputation in the marketplace. There is always a risk that existing customers will not elect to do business with us in the future or will experience financial difficulties. If our customers experience financial difficulties or business reversals which reduce or eliminate the need for our services, they may be unable or unwilling to fulfill their contracts with us. There is also the risk that our customers will attempt to impose new or additional requirements on us that reduce the profitability of the services performed by us. Our customer concentration also increases the concentration of our accounts receivable and our exposure to payment defaults by key customers, which could expose us to substantial and potentially unrecoverable costs if we do not receive payment from key customers. Additionally, the loss of any significant customer could pose reputational harm to us and make it more challenging to acquire new customers. In addition, while our customer collaborations are typically multi-year, we generally do not require our customers to generate a minimum amount of annual demand and without such contracts, our customers are not obligated to use our services beyond the amounts they choose to incur. Our customers may choose to use fewer of our services depending on program progress, their own technological capabilities, market demand for their products and/or their own internal budget cycles. As a result, we cannot accurately predict our customers' decisions to reduce or cease utilizing our services. Even where we enter into long-term contracts with our customers, there is no guarantee that such agreements will be negotiated on terms that are commercially favorable to us in the long-term. In addition, existing customers may choose to perform some or all of the services they expect from us internally, with another third-party partner or by using capabilities from acquisitions of assets.