Myomo (MYO) Risk Analysis

We may be subject to adverse legislative or regulatory changes in tax laws that could negatively impact our financial condition. The rules dealing with U.S. federal, state and local income taxation are constantly under review by persons involved in the legislative process and by the U.S. Internal Revenue Service and the U.S. Treasury Department. Changes to tax laws (which changes may have retroactive application) could adversely affect our stockholders or us. In recent years, many such changes have been made and changes are likely to occur in the future. We cannot predict whether, when, in what form, or with what effective dates, tax laws, regulations and rulings may be enacted, promulgated or decided, which could result in an increase in our, or our stockholders’ tax liability or require changes in the manner in which we operate in order to minimize increases in our tax liability. Our ability to use net operating losses and research and development credits to offset future taxable income may be subject to certain limitations. As of December 31, 2025 and 2024, we had U.S. federal net operating loss (“NOL”) carryforwards of approximately $97.2 million and $79.1 million, respectively, and state net operating loss (“NOL”) carryforwards of approximately $76.5 million and $63.5 million available to offset future taxable income. The Federal NOLs incurred prior to 2018 of approximately $26.4 million, if not utilized, begin expiring in the year 2028. The Federal NOLs incurred after 2017 of approximately $70.8 million have an indefinite carryforward period. The state NOLs if not utilized begin to expire in 2026 through 2045. Additionally, the Company has U.S. federal and state research and development tax credits of $0.9 million and $0.3 million, respectively. These NOL and tax credit carryforwards could expire unused and be unavailable to offset future taxable income or tax liabilities, respectively. In addition, in general, under Sections 382 and 383 of the Internal Revenue Code of 1986, as amended (the “Code”), and corresponding provisions of state law, a corporation that undergoes an “ownership change” is subject to limitations on its ability to utilize its pre-change NOL carryforwards or tax credits, to offset future taxable income. For these purposes, an ownership change generally occurs where the aggregate stock ownership of one or more stockholders or groups of stockholders who owns at least 5% of a corporation’s stock increases its ownership by more than 50 percentage points over its lowest ownership percentage within a specified testing period. We have determined that such ownership changes have occurred in prior years. The result of these ownership changes is that we have a $64,000 annual limitation on our ability to utilize pre-ownership change NOLs and approximately $20.0 million of our federal NOLs and $48.0 million of our state NOLs will expire unutilized. There may have been an ownership change associated with our equity offerings in August 2023, January 2024 and December 2024. We may undergo an ownership change in connection with future changes in our stock ownership (many of which are outside of our control), whereby our ability to utilize NOLs or credits could be further 42limited by Sections 382 and 383 of the Code or under corresponding provisions of state law. Furthermore, our ability to utilize our NOLs or tax credits is conditioned upon our attaining profitability and generating U.S. federal and state taxable income. As described above under “Risk factors— Risks Associated with Our Business,” we have incurred net losses since our inception and anticipate that we will continue to incur losses for the foreseeable future; and therefore, we do not know whether or when we will generate the U.S. federal or state taxable income necessary to utilize our NOLs or tax credits that are subject to limitation by Sections 382 and 383 of the Code.

Our success depends in part on our ability to obtain and maintain protection for the intellectual property relating to or incorporated into our products. Our success depends in part on our ability to obtain and maintain protection for the intellectual property relating to or incorporated into our products. We seek to protect our intellectual property through a combination of patents, trademarks, confidentiality and assignment agreements with our employees and certain of our contractors and confidentiality agreements with certain of our consultants, scientific advisors and other vendors and contractors. In addition, we rely on trade secrets law to protect our proprietary software and product candidates or products in development. The patent position of myoelectric orthotic inventions can be highly uncertain and involves many new and evolving complex legal, factual and technical issues. Patent laws and interpretations of those laws are subject to change and any such changes may diminish the value of our patents or narrow the scope of protection. In addition, we may fail to apply for or be unable to obtain patents necessary to protect our technology or products or enforce our patents due to lack of information about the exact use of technology or processes by third parties. Also, we cannot be sure that any patents will be granted in a timely manner or at all with respect to any of our patent pending applications or that any patents that are granted will be adequate to protect our intellectual property for any significant period of time or at all. Litigation to establish or challenge the validity of patents, or to defend against or assert against others infringement, unauthorized use, enforceability or invalidity claims, can be lengthy and expensive and may result in our patents being invalidated or interpreted narrowly and our not being granted new patents related to our pending patent applications. For example, the validity of one of our patents in Europe is currently being challenged. Even if we prevail, litigation may be time-consuming and force us to incur significant costs, and any damages or other remedies awarded to us may not be valuable and management’s attention could be diverted from managing our business. In addition, U.S. patents and patent applications may be subject to interference proceedings, and U.S. patents may be subject to re-examination and review in the U.S. Patent and Trademark Office. Foreign patents may also be subject to opposition or comparable proceedings in the corresponding foreign patent offices. Any of these proceedings may be expensive and could result in the loss of a patent or denial of a patent application, or the loss or reduction in the scope of one or more of the claims of a patent or patent application. In addition, we seek to protect our trade secrets, know-how and confidential information that is not patentable by entering into confidentiality and assignment agreements with our employees and certain of our contractors and confidentiality agreements with certain of our consultants, scientific advisors and other vendors and contractors. However, we may fail to enter into the necessary agreements, and even if entered into, these agreements may be breached or otherwise fail to prevent disclosure, third-party infringement or misappropriation of our proprietary information, may be limited as to their term and may not provide an adequate remedy in the event of unauthorized disclosure or use of proprietary information. Enforcing a claim that a third-party illegally obtained and is using our trade secrets is expensive and time consuming, and the outcome is unpredictable. We have also taken precautions to initiate reasonable safeguards to protect our information technology systems. However, these measures may not be adequate to safeguard our proprietary information, which could lead to the loss or impairment thereof or to expensive litigation to defend our rights against competitors who may be better funded and have superior resources. In addition, unauthorized parties may attempt to copy or reverse engineer certain aspects of our products that we consider 35proprietary or our proprietary information may otherwise become known or may be independently developed by our competitors or other third parties. If other parties are able to use our proprietary technology or information, our ability to compete in the market could be harmed. Further, unauthorized use of our intellectual property may have occurred, or may occur in the future, without our knowledge. If we are unable to obtain or maintain adequate protection for intellectual property, or if any protection is reduced or eliminated, competitors may be able to use our technologies, resulting in harm to our competitive position.

Our internal computer systems, or those of our customers, collaborators or other contractors, third-party service providers and vendors may be subject to cyber-attacks, compromises or security incidents, which could result in a material disruption of our product development programs. Despite the implementation of security measures, our internal computer systems and infrastructures and those of our customers, collaborators, contractors, third-party service providers, vendors or other third parties are vulnerable to damage, compromise or interruption from computer viruses, unauthorized access, misuse, or other security compromises or breaches. Cyber-attacks are increasing in their frequency, sophistication and intensity, and have become increasingly difficult to detect and may be enhanced or facilitated by AI. Cyber-attacks could include the deployment of harmful malware, ransomware, denial-of-service attacks, wrongful conduct by employees, vendors, or other third parties, hostile foreign governments, industrial espionage, social engineering and business email compromises, and other means to affect service reliability and threaten or compromise the security, confidentiality, integrity and availability of systems and information. Cyber-attacks also could include phishing attempts or e-mail fraud to cause payments or information to be transmitted to an unintended recipient. Further, attempts to disrupt or gain unauthorized access to our and our third-party vendors’ information systems from malicious third parties or insider threats may incorporate widely varying and frequently changing tactics, which may be enhanced or facilitated by AI. Like other companies in our industry, we, and our third-party vendors, have in the past experienced threats and security incidents related to our data and systems, and we may in the future experience other threats, compromises, breaches, or incidents. For example, in February 2026, a third-party service provider notified the Company of a ransomware attack affecting the service provider’s systems, which may have exposed data maintained on Company systems. At this time, the Company does not have sufficient information regarding the scope or impact of the incident to determine whether it is material to the Company. A cyber-attack or security compromise or incident could cause interruptions in our operations and could result in a material disruption of our business operations, damage to our reputation or a loss of revenues. In the ordinary course of our business, we collect and store confidential and/or proprietary information or other sensitive information, including, among other things, personal information about our employees and patients, intellectual property, and proprietary business information. Any cyber-attack or security compromise or incident that leads to unauthorized access, use, disclosure, loss, corruption or other compromise of confidential and/or proprietary information or other sensitive information could harm our reputation, cause us not to comply with federal and/or state breach notification laws and foreign law equivalents and otherwise subject us to liability under laws and regulations, including those that protect the privacy and security of personal information. In addition, we could be subject to risks caused by misappropriation, misuse, leakage, falsification or intentional or accidental release or loss of information maintained in the information technology systems, infrastructure, and networks of our company and our vendors, including personal information of our employees, and patients, and company and vendor confidential data. In addition, outside parties may attempt to penetrate our systems and infrastructure or those of our vendors or fraudulently induce our personnel or the personnel of our vendors to disclose sensitive information in order to gain access to our data and/or systems. If an incident or compromise of our information technology systems or infrastructure or those of our vendors occurs, the market perception of the effectiveness of our security measures could be harmed and our reputation and credibility could be damaged. We could be required to expend significant amounts of money and other resources to detect, mitigate and respond to these threats, compromises, or breaches and to repair or replace information technology systems infrastructure or networks and could suffer financial loss or the loss of valuable confidential and/or proprietary information. In addition, we could be subject to regulatory actions, inquiries, investigations, orders, penalties, fines, and/or claims made by individuals and groups in private litigation, including those involving privacy and security issues related to data collection and use practices and other data privacy and security laws and regulations, including claims for misuse or inappropriate disclosure of data, as well as unfair or deceptive practices. Although we develop and maintain systems and controls designed to prevent these events from occurring, and we have a process designed to identify and mitigate threats, the development and maintenance of these systems, controls and processes is costly and requires ongoing monitoring and updating as technologies change and efforts to overcome security measures become increasingly sophisticated. Moreover, despite our efforts, instances of unauthorized access to our computer systems have occurred in the past, though these events have not resulted in financial loss or disruption to our operations. The possibility of these events occurring in the future cannot be eliminated entirely. There can be no assurance that any measures we take will prevent or adequately address cyber-attacks or security compromises or incidents that could adversely affect our business. Our contracts may not contain limitations of liability, and even where they do, there can be no assurance that limitations of liability in our contracts are sufficient to protect us from liabilities, damages, or claims related to our privacy and data security obligations. Further, although we maintain cyber liability insurance, this insurance may not provide adequate coverage against potential liabilities related to any experienced cybersecurity incident or data breach. We, our collaborators and our service providers may be subject to a variety of privacy and data protection laws, regulations and contractual obligations, which may require us to incur substantial compliance costs, and any failure or perceived failure by us to comply with them could expose us to fines or other penalties and otherwise harm our business and operations. In the United States, several layers of federal and state data protection laws and regulations may apply to our business, including HIPAA, the Federal Trade Commission (“FTC”) Act and state consumer privacy and health data privacy laws. For example, the California Consumer Privacy Act (“CCPA”) is a comprehensive privacy law that creates new individual privacy rights for California consumers (as defined in the law) and places increased privacy and security obligations on entities handling personal data of consumers or households in California. The CCPA requires covered companies to provide certain disclosures to consumers about its data collection, use and sharing practices, and to provide affected California residents with ways to opt-out of certain sales or transfers of personal information. The CCPA went into effect on January 1, 2020 and the California State Attorney General became empowered to commence enforcement actions against violators as of July 1, 2020. Further, as of January 1, 2023, the California Privacy Rights Act, created additional obligations with respect to processing and storing personal information. Similar consumer privacy laws have passed or come into force in numerous U.S. states. Like the CCPA, these laws grant consumers rights in relation to their personal information and impose new obligations on regulated businesses, including, in some instances, broader data security requirements. In addition, federal and state legislators and regulators have signaled their intention to further regulate health and other sensitive information, and new and strengthened requirements relating to this information could impact our business. At the state level, some states have passed or proposed laws to specifically regulate health information. For example, Washington’s My Health My Data Act, which went into effect in March 2024, requires regulated entities to obtain consent to collect health information, grants consumers certain rights, including to request deletion, and provides for robust enforcement mechanisms, including enforcement by the Washington state attorney-general and a private right of action for consumer claims. At the federal level, the FTC has used its authority over “unfair or deceptive acts or practices” to impose stringent requirements on the collection and disclosure of sensitive categories of personal information, including health information. Moreover, the FTC’s expanded interpretation of a “breach” under its Health Breach Notification Rule could impose new disclosure obligations that would apply in the event of a qualifying breach. European data collection is governed by restrictive regulations governing the use, processing, and cross-border transfer of personal information. The collection and use of personal data, including personal health data in the European Economic Area (“EEA”) and the UK is governed by the provisions of the EU General Data Protection Regulation (“EU GDPR”) (with regards to the EEA) and the UK General Data Protection Regulation (“UK GDPR”) (with regards to the UK), as well as applicable data protection laws in effect in the member states of the EEA and in the UK (including the UK Data Protection Act 2018). In this Annual Report on Form 10-K, “GDPR” refers to both the EU GDPR and the UK GDPR, unless specified otherwise. The GDPR applies to the processing of personal data by any company established in the EEA/UK and to companies established outside the EEA/UK to the extent they process personal data in connection with the offering of goods or services to data subjects in the EEA/UK or the monitoring of the behavior of data subjects in the EEA/UK. The GDPR imposes a broad range of strict requirements on companies subject to the GDPR, such as including requirements relating to having legal bases or conditions for processing personal data relating to identifiable individuals and transferring such information outside the EEA/UK, including to the United States., providing details to those individuals regarding the processing of their personal data, implementing safeguards to keep personal data secure, having data processing agreements with third parties who process personal data, providing information to individuals regarding data processing activities, responding to individuals’ requests to exercise their rights in respect of their personal data, where required obtaining consent of the individuals to whom the personal data relates, reporting security and privacy breaches involving personal data to the competent national data protection authority and affected individuals, appointing data protection officers, conducting data protection impact assessments, and record-keeping. In the event of any non-compliance with the GDPR and any supplemental EEA Member State or UK national data protection laws, we could be subject to warning letters, mandatory audits, orders to cease/change the use of data, and financial penalties, including fines of up to €20,000,000 (£17.5 million for the UK GDPR) or 4% of total annual global revenue, whichever is greater. The GDPR also confers a private right of action on data subjects and consumer associations to lodge complaints with supervisory authorities, seek judicial remedies, and obtain compensation for damages resulting from violations of the GDPR. The GDPR imposes strict rules on the transfer of personal data outside of the EEA or the UK to countries that do not ensure an adequate level of protection, like the United States in certain circumstances unless adequate safeguards (such as the European Commission approved standard contractual clauses (“SCCs”) or the UK International Data Transfer Agreement/Addendum, (“UK IDTA”) and transfer impact assessments carried out when relying on the SCCs and UK IDTA. The international transfer obligations under the EU data protection laws will require significant effort and cost and may result in us needing to make strategic considerations around where EEA and UK personal data is transferred and which service providers we can utilize for the processing of EEA and UK personal data. Any inability to transfer personal data from the EEA and UK to the United States in compliance with data protection laws may impede our ability to conduct trials and may adversely affect our business and financial position. Although the UK is regarded as a third country under the EU GDPR, the European Commission (“EC”) issued a decision recognizing the UK as providing adequate protection under the EU GDPR and, therefore, transfers of personal data originating in the EEA to the UK remain unrestricted. In December 2025, the European Commission adopted a decision to extend the validity of the UK adequacy decision for six years until December 2031, determining that the UK continues to offer a level of data protection that is “essentially equivalent” to the EU standards. This follows the UK’s adoption of the Data (Use and Access) Act 2025 (the “DUAA”) on June 19, 2025. Like the EU GDPR, the UK GDPR restricts personal data transfers outside the UK to countries not regarded by the UK as providing adequate protection. The UK government has confirmed that personal data transfers from the UK to the EEA remain free flowing. The UK’s data protection regime is independent from but aligned to the EU’s data protection regime. However, following the UK’s exit (“Brexit”) from the European Union (“EU”), there will be increasing scope for divergence in application, interpretation and enforcement of the data protection laws between these territories. For example, the DUAA may have the effect of further altering the similarities between the UK and EEA data protection regimes, which may lead to additional compliance costs and could increase our overall risk. This lack of clarity on future UK laws and regulations and their interaction with EU laws and regulations could add legal risk, complexity and cost to our handling of European personal data and our privacy and data security compliance programs, and could require us to implement different compliance measures for the UK and the EEA. Compliance with the GDPR will be a rigorous and time-intensive process that may increase our cost of doing business or require us to change our business practices, and despite those efforts, there is a risk that we may be subject to fines and penalties, litigation, and reputational harm in connection with any European and UK-based activities. Issues relating to the use of artificial intelligence and machine learning could adversely affect our business and operating results. While AI and machine learning present opportunities for enhanced productivity and innovation, they also introduce cybersecurity, data privacy, IT, intellectual property, regulatory, legal, operational, competitive, reputational and other risks that could adversely impact our business and reputation. Specifically, risks related to bias, AI hallucinations, discrimination, harmful content, misinformation, fraud, scams, targeted attacks, surveillance, data leakage, inequality, environmental harms, and other harms may flow from our development, use, or deployment of AI technologies. Further, the use of certain AI technology can give rise to intellectual property risks, including compromises to proprietary intellectual property and intellectual property infringement. The evolving regulatory landscape surrounding AI also poses a risk, as new laws and regulations could impose additional compliance burdens, resulting in increased operational costs to comply with U.S. and non-U.S. laws concerning the use of AI. We expect to see increasing regulation related to AI use and ethics, which may also significantly increase the burden and cost of research, development and compliance in this area. For example, the EU’s Artificial Intelligence Act (“AI Act”) originally entered into force on August 1, 2024, and is expected to undergo amendments as introduced in the EU’s November 2025 Digital Omnibus. As enacted, the AI Act imposes significant obligations on providers and deployers of high-risk AI systems and encourages providers and deployers of AI systems to account for EU ethical principles in their development and use of these systems. Likewise, in the United States, the regulatory environment is complex and uncertain. Over the past year, states have advanced, and in some cases passed, dozens of laws focusing on AI governance and regulation, including on deployment of AI in healthcare settings. At the federal level, the Trump Administration has endorsed a federal moratorium on the enforcement of state AI laws, including through a December 11, 2025, executive order on “Ensuring a National Policy Framework for Artificial Intelligence.” So far, these efforts have not been successful at curtailing state action on AI regulation, contributing to a complicated legislative patchwork, which may be litigated in state and federal courts. Various federal and state regulators have also issued guidance and focused enforcement efforts on the use of AI in regulated sectors, such as healthcare. The FDA, for example, issued guidance on the use of AI in medical devices, requiring detailed risk management and review processes to obtain approvals. If we develop or use AI systems that are governed by these laws or regulations we will need to meet higher standards of data quality, transparency, and human oversight, as well as adhering to specific and potentially burdensome and costly ethical, accountability, and administrative requirements. We may also be subject to significant enforcement or litigation in the event of any perceived non-compliance. We are committed to implementing governance and control mechanisms to mitigate these risks, but there can be no assurance that such measures will adequately prevent or mitigate the adverse effects that the integration and use of AI may have on our business, financial condition, and results of operations. To the extent that AI is integrated into our products and services, the rapid evolution of AI may require the application of significant resources to design, develop, test and maintain our products and services to help ensure that AI is implemented in accordance with applicable law and regulation and in a socially responsible manner and to minimize any real or perceived unintended harmful impacts. Our vendors may in turn incorporate AI tools into their offerings, and the providers of these AI tools may not meet existing or rapidly evolving regulatory or industry standards, including with respect to privacy and data security. Further, bad actors around the world use increasingly sophisticated methods, including the use of AI, to engage in illegal activities involving the theft and misuse of personal information, confidential information and intellectual property. In addition, the use of generative AI models in our internal or third-party systems may create new attack surfaces or methods for adversaries, which could impact us and our vendors. The integration of AI systems, by us or by our vendors, may increase cybersecurity risk. Any of these effects could damage our reputation, result in the loss of valuable property and information, cause us to breach applicable laws and regulations, and adversely impact our business.

The industries in which we operate are highly competitive and subject to rapid technological change. The publishing of fees for the HCPCS billing codes for our products may attract competition. If our competitors are better able to develop and market products that are safer, more effective, less costly, easier to use, or are otherwise more attractive, we may be unable to compete effectively with other companies. Industrial and medical robotics is characterized by intense competition and rapid technological change, and we will face competition on the basis of product features, clinical outcomes, price, services and other factors. We are experiencing competition in the United States from companies such as Neurolutions and MicroTransponder, Inc., and in Germany from companies such as Vincent Systems and HKK Bionics. Publication of fees by CMS under our HCPCS billing codes L8701 and L8702 is also expected to attract competition in the United States. Competitors may include large medical device and other companies, some of which have significantly greater financial and marketing resources than we do, and firms that are more specialized than we are with respect to particular markets. Our competition may respond more quickly to new or emerging technologies, undertake more extensive marketing campaigns, and have greater financial, marketing and other resources than we do or may be more successful in attracting potential customers, employees and strategic partners. Our competitive position will depend on multiple complex factors, including our ability to maintain and grow market acceptance for our products, develop new products, implement production and marketing plans, secure regulatory clearances or approvals, if necessary, for products under development and protect our intellectual property. In some 23instances, competitors may also offer, or may attempt to develop, alternative therapies for disease states that may be delivered without a medical device. The development of new or improved products, processes or technologies by other companies may render our products or proposed products obsolete or less competitive. The entry into the market of manufacturers located in low-cost manufacturing locations may also create pricing pressure, particularly in developing markets. Our future success depends, among other things, upon our ability to compete effectively against current technology, as well as to respond effectively to technological advances, and upon our ability to successfully implement our marketing strategies and execute our research and development plans. We sell to O&P providers who are free to market products that compete with the MyoPro, and we rely on these providers to market and promote our products in accordance with their FDA listings, select appropriate patients and provide adequate follow-on care. Our reliance on our relationships with qualified O&P providers in the U.S., Germany and other international markets to market and sell our products is expected to increase. We believe that an increasing percentage of our sales will be generated through these channels in the future. However, none of these partners are required to sell or provide our products exclusively. If a key independent O&P provider were to cease to distribute our products, our sales could be adversely affected. In such a situation, we may need to seek alternative independent providers or increase our reliance on our direct billing channel, which may not prevent our sales from being adversely affected. Additionally, to the extent that we enter into contracts with O&P providers, the terms of the arrangements could cause our gross margin to be lower than if we directly marketed and sold our products. If these independent O&P providers do not comply with applicable coverage or billing requirements or do not provide adequate follow-on care, then our reputation may be harmed by patient dissatisfaction. This could also lead to product returns and adversely affect our financial condition. When issues with O&P providers have arisen in the past, we have supplied additional training and documentation and/or ended the business relationship.

We may enter into collaborations, licensing arrangements, joint ventures, strategic alliances or partnerships with third parties that may not result in the development of commercially viable products or the generation of significant future revenues. In the ordinary course of our business, in the future we may enter into collaborations, in-licensing arrangements, joint ventures, strategic alliances or partnerships to develop the MyoPro and to pursue new markets. We are selling the MyoPro in several European countries, as well as Australia. In January 2021, we announced that we had entered into a joint venture with Beijing Ryzur Medical Investment Co., Ltd. (“Ryzur Medical”), to manufacture and sell the products containing our technology in China, including Hong Kong, Taiwan and Macau. The company is named Jiangxi Myomo Medical Assistive Appliance Co., Ltd. (the “JV Company”). In December 2021, we entered into a technology license agreement and a trademark license agreement with the JV Company, under which we were entitled to receive a license fee of $2.7 million, which we received in 2023, and the JV Company committed to purchase a minimum of $10.75 million of MyoPro control units over the next ten years. In November 2025, we were notified that Ryzur Medical filed for bankruptcy in China and is in the process of being liquidated. As a result, the operations of the JV Company are now severely limited. Chinaleaf Capital, a minority investor in the JV Company, is currently leading the process of restructuring the JV Company and raising additional capital in order to re-start normal operations. According to the terms of the JV Contract, the sale of shares in the JV Company will not dilute our ownership. We cannot provide any assurance that we will accept any terms and conditions that new investors, if any, will require and we may exercise our right to terminate the joint venture in the future. This and any other of these relationships may require us to incur legal fees,as well as non-recurring and other charges, increase our near and long-term expenditures, or disrupt our management and business. In addition, proposing, negotiating and implementing collaborations, licensing arrangements, joint ventures, strategic alliances or partnerships may be a lengthy and complex process. We may not identify, secure, or complete any such transactions or arrangements in a timely manner, on a cost-effective basis, on acceptable terms or at all. We have limited institutional knowledge and experience with respect to these business development activities, and we may also not realize the anticipated benefits of any such transaction or arrangement. In particular, these collaborations may not result in the development of products that achieve commercial success or result in significant revenues and could be terminated prior to developing any products. Any delays in entering into new strategic partnership agreements related to our products could delay the development and commercialization of our products in certain geographies, which would harm our business prospects, financial condition and results of operations. If we pursue collaborations, additional licensing arrangements and joint ventures, strategic alliances or partnerships, we may not be able to consummate them, or we may not be in a position to exercise sole decision decision-making authority regarding the transaction or arrangement, which could create the potential risk of creating impasses on decisions, and our collaborators may have economic or business interests or goals that are, or that may become, inconsistent with our business interests or goals. It is possible that conflicts may arise with our collaborators. Our collaborators may act in their self-interest, which may be adverse to our best interest, and they may breach their obligations to us. Any such disputes could result in litigation or arbitration which would increase our expenses and divert the attention of management. Further, these transactions and arrangements are contractual in nature and may be terminated or dissolved under the terms of the applicable agreements.

We may receive a significant number of warranty claims or our MyoPro may require significant amounts of service after sale. Sales of MyoPro products generally include a three-year warranty for parts and labor, other than for normal wear and tear. As the number and complexity of the features and functionalities of our products increase, we may experience a higher level of warranty claims. If product returns or warranty claims are significant or exceed our expectations, we could incur unanticipated expenditures for parts and services, which could have a material adverse effect on our operating results. Defects in our products or the software that drives them could adversely affect the results of our operations. The design, manufacture and marketing of the MyoPro products involve certain inherent risks. Manufacturing or design defects, unanticipated use of the MyoPro, or inadequate disclosure of risks relating to the use of MyoPro products can lead to injury or other adverse events. In addition, because the manufacturing of our products is outsourced to Cogmedix, we may not always be aware of manufacturing defects that could occur and corrective or preventive actions implemented by Cogmedix may not be effective at resolving such defects. Such adverse events could lead to recalls or safety alerts relating to MyoPro products (either voluntary or required by the FDA or similar governmental authorities in other countries), and could result, in certain cases, in the removal of MyoPro products from the market. A recall could result in significant costs. To the extent any manufacturing defect occurs, our agreement with Cogmedix contains a limitation on Cogmedix’s liability, and therefore we could be required to incur the majority of related costs. A defect in connection with the fabrication of our products may result in significant costs in connection with lawsuits or refunds. Product defects or recalls could also result in negative publicity, damage to our reputation or, in some circumstances, delays in new product approvals. MyoPro users may not use MyoPro products in accordance with safety protocols and training, which could enhance the risk of injury. Any such occurrence could cause delay in market acceptance of MyoPro products, damage to our reputation, additional regulatory filings, product recalls, increased service and warranty costs, product liability claims and loss of revenue relating to such hardware or software defects. The medical device industry has historically been subject to extensive litigation over product liability claims. We have not been subject to such claims to date, but we may become subject to product liability claims alleging defects in the design, manufacture or labeling of our products in the future. A product liability claim, regardless of its merit or eventual outcome, could result in significant legal defense costs and high punitive damage payments. Although we maintain product liability insurance, the coverage is subject to deductibles and limitations, and may not be adequate to cover future claims. Additionally, we may be unable to maintain our existing product liability insurance in the future at satisfactory rates or in adequate amounts. While there is long-term clinical data supporting the safety of our existing MyoPro products, updates to our products inherently have uncertain safety risks as they enter the market. While clinical data have established the safety of MyoPro products, our products undergo periodic updates for various reasons, including performance and reliability improvements and cost reductions. For example, in April 2025, we announced the availability of MyoPro2x. Because MyoPro users generally do not have feeling in their upper extremities, they may not immediately notice adverse effects from updates to the MyoPro, which could exacerbate their impact. If MyoPro products are shown to present new risks or to be unsafe or cause such unforeseen effects in the future, our business and reputation could be harmed, including through field corrections, withdrawals, removals, mandatory product recalls, suspension or withdrawal of FDA registration, significant legal liability or harm to our business reputation.