Standard BioTools (LAB) Risk Factors

We are subject to certain U.S. government regulations because we have licensed technologies that were developed with U.S. government grants. In accordance with these regulations, these licenses provide that products embodying the technologies are subject to domestic manufacturing requirements. If this domestic manufacturing requirement is not met, the government agency that funded the relevant grant is entitled to exercise specified rights, referred to as "march-in rights," which if exercised would allow the government agency to require the licensors or us to grant a non-exclusive, partially exclusive, or exclusive license in any field of use to a third party designated by such agency. All of our microfluidic systems revenue is dependent upon the availability of our IFCs, which incorporate technology developed with U.S. government grants. Our genomics instruments, including microfluidic systems and IFCs, are manufactured at our facility in Singapore. The federal regulations allow the funding government agency to grant, at the request of the licensors of such technology, a waiver of the domestic manufacturing requirement. Waivers may be requested prior to any government notification. We are not currently manufacturing instruments and IFCs in the United States that incorporate the relevant licensed technology. If our lack of compliance with any such provisions constituted a material breach of the license agreement, the license of the relevant patents could be terminated or we could be compelled to relocate our manufacturing of microfluidic systems and IFCs to the United States to avoid or cure a material breach of the license agreement. Any of the exercise of march-in rights, the termination of our license of the relevant patents or the relocation of our manufacturing of microfluidic systems and IFCs to the United States could materially adversely affect our business, operations and financial condition.

Any failure or perceived failure by us to comply with federal or state laws or regulations, our internal policies and procedures or our contracts governing our use and disclosures of personal information could result in negative publicity, government investigations and enforcement actions including significant penalties, claims by third parties, and damage to our reputation, any of which could have a material adverse effect on our operations, financial performance and business. Failure to comply with HIPAA, the HITECH Act, their implementing regulations and similar comparable state laws and regulations affecting the transmission, security and privacy of health information could result in significant penalties. Numerous federal, state and foreign laws and regulations, including HIPAA and the HITECH Act, govern the collection, dissemination, disclosure, security, use and confidentiality of individually identifiable health information health-related and other personal information. HIPAA and the HITECH Act require us to comply with standards for the use and disclosure of PHI within our company and with third-parties. The privacy, security and breach notification rules promulgated under HIPAA, as amended by the HITECH Act, Standards for Privacy of Individually Identifiable Health Information (Privacy Standards) and the Security Standards for the Protection of Electronic Protected Health Information (Security Standards) under HIPAA establish a set of basic national privacy and security standards for the protection of individually identifiable health information by Covered Entities and their Business Associates. HIPAA requires Covered Entities to develop and maintain policies and procedures with respect to individually identifiable health information that is used or disclosed, including the adoption of administrative, physical and technical safeguards to protect the privacy and security of such information. HIPAA also requires us to provide individuals with certain rights with respect to their PHI. Business Associates must have a written Business Associate contracts or other arrangements with a Covered Entity that establishes specifically what the Business Associate has been engaged to do and requires the Business Associate to comply with the requirements of HIPAA. Further, in the event of a breach of unsecured PHI we must notify each individual whose PHI is breached as well as federal regulators and in some cases, must publicize the breach in local or national media. HIPAA also includes standards for common healthcare electronic transactions and code sets, such as claims information, plan eligibility, payment information and the use of electronic signatures, and privacy and electronic security of individually identifiable health information. Covered Entities, such as certain healthcare providers, are required to conform to such transaction set standards, known as the Standards for Electronic Transactions, pursuant to HIPAA. Submission of electronic healthcare claims and payment transactions that do not comply with the HIPAA electronic data transmission standards could result in delayed or denied payments. In the conduct of our business, we process, maintain, and transmit sensitive data, including PHI. There can be no assurance that a breach of privacy or security will not occur. If there is a breach, we could be subject to various lawsuits, penalties and damages and may be required to incur costs to mitigate the impact of the breach on affected individuals. Penalties for failure to comply with HIPAA requirements are substantial and could include corrective action plans and/or the imposition of civil or criminal penalties. HIPAA also authorizes state attorneys general to file suit under HIPAA on behalf of state residents. Courts can award damages, costs and attorneys' fees related to violations of HIPAA in such cases. While HIPAA does not create a private right of action allowing individuals to sue us in civil court for HIPAA violations, its standards have been used as the basis for a duty of care claim in state civil suits such as those for negligence or recklessness in the misuse or breach of PHI. Additionally, certain states have adopted comparable privacy and security laws and regulations, some of which may apply more broadly or be more stringent than HIPAA. For example, the CCPA, which went into effect on January 1, 2020, gives California residents expanded rights to access and delete their personal information, opt out of certain personal information sharing, and receive detailed information about how their personal information is used. The CCPA provides for civil penalties for violations, as well as a private right of action for data breaches that is expected to increase data breach litigation. Further, the CPRA went into effect in California amending the CCPA and may increase our compliance costs and potential liability, imposes additional data protection obligations on covered businesses, including additional consumer rights processes, limitations on data uses, new audit requirements for higher risk data and adds opt outs for certain uses of sensitive data. It also created a new California data protection agency authorized to issue substantive regulations and could result in increased privacy and information security enforcement. In the event that we are subject to or affected by HIPAA, the CCPA, the CPRA or other domestic privacy and data protection laws (for example, the Colorado Privacy Act and other similar laws that recently went into effect in other states, such as Utah, Virginia, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, and Texas), any liability from failure to comply with the requirements of these laws could adversely affect our financial condition. In Europe, the GDPR went into effect in May 2018 and imposes strict requirements for processing the personal data of individuals within the EEA. Companies that must comply with the GDPR face increased compliance obligations and risk, including more robust regulatory enforcement of data protection requirements and potential fines for noncompliance of up to €20 million or 4% of the annual global revenues of the noncompliant company, whichever is greater. Among other requirements, the GDPR regulates transfers of personal data subject to the GDPR to third countries that have not been found to provide adequate protection to such personal data, including the United States, and the efficacy and longevity of current transfer mechanisms between the EU and the United States remains uncertain. For example, in 2016, the EU and United States agreed to a transfer framework for data transferred from the EU to the United States, called the Privacy Shield, but the Privacy Shield was invalidated in July 2020 by the Court of Justice of the EU. In July 2023, however, the European Commission adopted an adequacy decision for a new mechanism for transferring data from the EU to the United States – the EU-US Data Privacy Framework, which provides EU individuals with several new rights, including the right to obtain access to their data, or obtain correction or deletion of incorrect or unlawfully handled data. The adequacy decision followed the signing of an executive order introducing new binding safeguards addressing the reasons behind the Court of Justice of the EU's invalidation of the original Privacy Shield. The European Commission will continually review developments in the United States along with its adequacy decision. However, future actions of EU data protection authorities are difficult to predict. Relatedly, following the United Kingdom's withdrawal from the EU, the GDPR was implemented in the United Kingdom as the U.K. GDPR. which sits alongside the amended U.K. Data Protection Act 2018, which implements certain derogations in the EU GDPR into United Kingdom law. The U.K. GDPR mirrors the fines under the GDPR, i.e., fines up to the greater of €20 million (£17.5 million) or 4% of global turnover. In June of 2021, the European Commission issued a decision, which will sunset on June 27, 2025 without further action, that the United Kingdom ensures an adequate level of protection for personal data transferred under the EU GDPR from the EU to the United Kingdom. The U.K. Parliament is currently considering the Data Protection and Digital Information Bill to harmonize the 2018 Data Protection Act, U.K. GDPR, and the Privacy and Electronic Communications Regulations under one legislative framework. The regulatory framework governing the collection, storage, use and sharing of certain information, particularly financial and other personal information, is rapidly evolving and is likely to continue to be subject to uncertainty and varying interpretations. Additionally, increasing concerns about health information privacy have recently prompted the federal government to issue guidance taking a newly expansive view of the scope of the laws and regulations that they enforce. It is possible that these laws may be interpreted and applied in a manner that is inconsistent with our existing practices. Any failure or perceived failure by us, or any third parties with which we do business, to comply with our privacy policies, changing expectations, evolving laws, rules and regulations, industry standards or contractual obligations to which we or such third parties are or may become subject, may result in actions or other claims against us by governmental entities or private actors, the expenditure of substantial costs, time and other resources or the incurrence of significant fines, penalties or other liabilities. In addition, any such action, particularly to the extent we were found to be guilty of violations or otherwise liable for damages, would damage our reputation and adversely affect our business, financial condition and results of operations. Although we work to comply with applicable laws, regulations and standards, our contractual obligations and other legal obligations, these requirements are evolving and may be modified, interpreted and applied in an inconsistent manner from one jurisdiction to another and may conflict with one another or other legal obligations with which we must comply. Any failure or perceived failure by us or our employees, representatives, contractors, consultants, collaborators, or other third parties to comply with such requirements or adequately address privacy and security concerns, even if unfounded, could result in additional cost and liability to us, damage our reputation and adversely affect our business and results of operations.

The application of our technologies to high-throughput genomics, single-cell genomics and, particularly, mass cytometry applications are in many cases emerging market opportunities. We believe these opportunities will take several years to develop or mature and we cannot be certain that these market opportunities will develop as we expect. The future growth of our markets and the success of our products depend on many factors beyond our control, including recognition and acceptance by the scientific community, and the growth, prevalence, and costs of competing methods of genetic and protein analysis. Additionally, our success depends on the ability of our sales organization to successfully sell our products into these new markets. If we are not able to successfully market and sell our products, or to achieve the revenue or margins we expect, our operating results may be harmed and we may not recover our product development and marketing expenditures. In addition, our product development and strategic plans may change, which could delay or impede our entry into these markets.

Our commercial success depends in part on our ability to protect our intellectual property and proprietary technologies. We rely on patent protection, where appropriate and available, as well as a combination of copyright, trade secret, and trademark laws, and nondisclosure, confidentiality, and other contractual restrictions to protect our proprietary technology. However, these legal means afford only limited protection and may not adequately protect our rights or permit us to gain or keep any competitive advantage. We apply for patents covering our products and technologies and uses thereof, as we deem appropriate. However, we may fail to apply for patents on important products and technologies in a timely fashion or at all. Our pending U.S. and foreign patent applications may not issue as patents or may not issue in a form that will be sufficient to protect our proprietary technology and gain or keep our competitive advantage. Any patents we have obtained or do obtain may be subject to re-examination, reissue, opposition, or other administrative proceeding, or may be challenged in litigation, and such challenges could result in a determination that the patent is invalid or unenforceable. In addition, competitors may be able to design alternative methods or devices that avoid infringement of our patents. Both the patent application process and the process of managing patent disputes can be time consuming and expensive. Furthermore, the laws of some foreign countries may not protect our intellectual property rights to the same extent as do the laws of the United States, and many companies have encountered significant problems in protecting and defending such rights in foreign jurisdictions. Proceedings to enforce our patent rights in foreign jurisdictions could result in substantial cost and divert our efforts and attention from other aspects of our business. Changes in either the patent laws or in interpretations of patent laws in the United States or other countries may diminish the value of our intellectual property. We cannot predict the breadth of claims that may be allowed or enforced in our patents or in third-party patents. For example: - we might not have been the first to make the inventions covered by each of our pending patent applications;- we might not have been the first to file patent applications for these inventions;- the patents of others may have an adverse effect on our business; and - others may independently develop similar or alternative products and technologies or duplicate any of our products and technologies. To the extent our intellectual property, including licensed intellectual property, offers inadequate protection, or is found to be invalid or unenforceable, our competitive position and our business could be adversely affected.

We manufacture our microfluidics analytical and preparatory instruments and IFCs for commercial sale at our facility in Singapore and our mass cytometry instruments, assays, and reagents for commercial sale at our facility in Canada. No other manufacturing facilities are currently available to us, particularly facilities of the size and scope of our Singapore and Canada operations. Our facilities and the equipment we use to manufacture our instruments, IFCs, assays, and reagents would be costly to replace and could require substantial lead times to repair or replace. Our facilities may be harmed or rendered inoperable by natural or man-made disasters, which may render it difficult or impossible for us to manufacture our products for some period of time. If any of our facilities become unavailable to us, we cannot provide assurances that we will be able to secure a new manufacturing facility on acceptable terms, if at all. The inability to manufacture our products, combined with our limited inventory of manufactured supplies, may result in the loss of customers or harm our reputation, and we may be unable to reestablish relationships with those customers in the future. Although we possess insurance for damage to our property and the disruption of our business, this insurance may not be sufficient to cover all of our potential losses and may not continue to be available to us on acceptable terms, or at all. If our manufacturing capabilities are impaired, we may not be able to manufacture and ship our products in a timely manner, which would adversely impact our business.

We are dependent on the experience and industry knowledge of our officers and other key employees to execute our business plans. The combined company's success after the completion of the Merger will depend in part upon the ability of the combined company to retain certain key management personnel and employees of Standard BioTools and SomaLogic. As a result of the Merger, current and prospective employees may experience uncertainty about their roles following the completion of the transactions, which may have an adverse effect on our ability to attract or retain key management and other key personnel. In addition, no assurance can be given that the combined company will be able to attract or retain key management personnel and other key employees to the same extent that Standard BioTools and SomaLogic have previously been able to attract or retain their own employees.

We may not be able to market, sell, and distribute our products effectively enough to support our planned growth. We sell our products primarily through our own sales force and through distributors in certain territories. Our future sales will depend on a number of factors including our ability to execute with our existing team, the scope of our marketing efforts and development of our direct sales force, field application specialists and service engineer teams. Our products are technically complex and used for highly specialized applications. As a result, we believe it is necessary to continue to develop a direct sales force that includes people with specific scientific backgrounds and expertise, and a marketing group with technical sophistication. In the past year, we have experienced significant changes and increased turnover in our sales and marketing organizations, and we face considerable challenges in recruiting and training qualified replacements. Our future success will depend largely on our ability to recruit, retain, and motivate the skilled sales and marketing force necessary to support our business activities, and any failure to maintain competitive levels of compensation will negatively impact our ability to so. Because competition for such employees is intense, we can provide no assurance that we will be able to retain them on favorable or commercially reasonable terms, if at all. Failure to attract and retain our current personnel or to build an efficient and effective sales and marketing force would negatively impact sales of our products and reduce our revenue and profitability. In addition, we may continue to enlist one or more sales representatives and distributors to assist with sales, distribution, and customer support globally or in certain regions of the world. If we do seek to enter into such arrangements, we may not be successful in attracting desirable sales representatives and distributors, or we may not be able to enter into such arrangements on favorable terms. If our sales and marketing efforts, or those of any third-party sales representatives and distributors, are not successful, our technologies and products may not gain market acceptance, which would materially and adversely impact our business operations.

Our future growth may depend, in part, on our ability to develop and commercialize our testing products in foreign markets. We may not be permitted to market or promote any of our products before we receive regulatory approval from applicable regulatory authorities in foreign markets, and we may never receive such regulatory approvals for any of our testing products. To obtain separate regulatory approval in many other countries, we and our collaborators and service providers must comply with numerous and varying regulatory requirements regarding safety and efficacy and governing, among other things, clinical trials, commercial sales, pricing and distribution of our products. If we obtain regulatory approval of our products and ultimately commercialize them in foreign markets, we would be subject to additional risks and uncertainties, including any or all of the following: - different regulatory requirements for approval of laboratory instruments and IVDs in foreign countries;- reduced protection for intellectual property rights;- the existence of additional third-party patent rights of potential relevance to our business;- unexpected changes in tariffs, trade barriers and regulatory requirements;- economic weakness, including inflation, or political instability in particular foreign economies and markets;- compliance with tax, employment, immigration and labor laws for employees living or traveling abroad;- foreign currency fluctuations, which could result in increased operating expenses and reduced revenue and other obligations incident to doing business in another country;- foreign reimbursement, pricing and insurance regimes;- workforce uncertainty in countries where labor unrest is common;- production shortages resulting from any events affecting raw material supply or manufacturing capabilities abroad; and - business interruptions resulting from geopolitical actions, including war and terrorism such as the current conflict in Ukraine and the Middle East, or natural disasters which may be exacerbated due to climate change, including earthquakes, typhoons, floods and fires.