Organovo Holdings (ONVO) Risk Factors

We are a clinical stage biotechnology company that is focused on developing FXR314 in inflammatory bowel disease ("IBD"), including ulcerative colitis ("UC"), based on demonstration of clinical promise in three-dimensional human tissues as well as strong preclinical data. Our current clinical focus is in advancing FXR314 in IBD, including UC and Crohn's disease. Our secondary focus is building high fidelity, 3D tissues that recapitulate key aspects of human disease. Our success will depend upon our ability to advance the development of FXR314, our ability to determine the appropriate clinical focus for FXR314, our ability to identify additional drug candidates to pursue and the viability of our platform technology and any disease models we develop. Our success will also depend on our ability to select an appropriate development strategy for FXR314 and any other drug candidates we may identify, including internal development or partnering or licensing arrangements with pharmaceutical companies. We may not be able to partner or license our drug candidates. We may never achieve profitability, or even if we achieve profitability, we may not be able to maintain or increase our profitability.

We are party to license agreements with University of Missouri and the Salk Institute for Biological Studies under which we were granted exclusive rights to patents and patent applications that are important to our business and to our ability to develop and commercialize our 3D tissue products fabricated using our NovoGen Bioprinters and our FXR314 agonist in gastrointestinal disease. Our rights to use these patents and patent applications and employ the inventions claimed in these licensed patents are subject to the continuation of and our compliance with the terms of our license agreements. If we were to breach the terms of these license agreements and the agreements were terminated as a result, our ability to continue to develop and commercialize our NovoGen Bioprinters, 3D tissue products and the FXR314 agonist and to operate our business could be adversely impacted.

In the U.S. and some foreign jurisdictions, there have been a number of adopted and proposed legislative and regulatory changes regarding the healthcare system that could prevent or delay regulatory approval of our drug candidates, restrict or regulate post-marketing activities and affect our ability to profitably sell any of our drug candidates for which we obtain regulatory approval. In the U.S., the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 ("MMA") changed the way Medicare covers and pays for pharmaceutical products. Cost reduction initiatives and other provisions of this legislation could limit the coverage and reimbursement rate that we receive for any of our approved products. While the MMA only applies to drug benefits for Medicare beneficiaries, private payors often follow Medicare coverage policy and payment limitations in setting their own reimbursement rates. Therefore, any reduction in reimbursement that results from the MMA may result in a similar reduction in payments from private payors. In addition, on August 16, 2022, President Biden signed into law the Inflation Reduction Act of 2022, which, among other things, includes policies that are designed to have a direct impact on drug prices and reduce drug spending by the federal government, which shall take effect in 2023. Under the Inflation Reduction Act of 2022, Congress authorized Medicare beginning in 2026 to negotiate lower prices for certain costly single-source drug and biologic products that do not have competing generics or biosimilars. This provision is limited in terms of the number of pharmaceuticals whose prices can be negotiated in any given year and it only applies to drug products that have been approved for at least 9 years and biologics that have been licensed for 13 years. Drugs and biologics that have been approved for a single rare disease or condition are categorically excluded from price negotiation. Further, the new legislation provides that if pharmaceutical companies raise prices in Medicare faster than the rate of inflation, they must pay rebates back to the government for the difference. The new law also caps Medicare out-of-pocket drug costs at an estimated $4,000 a year in 2024 and, thereafter beginning in 2025, at $2,000 a year. In March 2010, the Patient Protection and Affordable Care Act, as amended by the Health Care and Education Reconciliation Act of 2010 (collectively the "PPACA"), was enacted. The PPACA was intended to broaden access to health insurance, reduce or constrain the growth of healthcare spending, enhance remedies against healthcare fraud and abuse, add new transparency requirements for healthcare and health insurance industries, impose new taxes and fees on the health industry and impose additional health policy reforms. The PPACA increased manufacturers' rebate liability under the Medicaid Drug Rebate Program by increasing the minimum rebate amount for both branded and generic drugs and revised the definition of "average manufacturer price", which may also increase the amount of Medicaid drug rebates manufacturers are required to pay to states. The legislation also expanded Medicaid drug rebates and created an alternative rebate formula for certain new formulations of certain existing products that is intended to increase the rebates due on those drugs. The Centers for Medicare & Medicaid Services ("CMS"), which administers the Medicaid Drug Rebate Program, also has proposed to expand Medicaid rebates to the utilization that occurs in the territories of the U.S., such as Puerto Rico and the Virgin Islands. Further, beginning in 2011, the PPACA imposed a significant annual fee on companies that manufacture or import branded prescription drug products and required manufacturers to provide a 50% discount off the negotiated price of prescriptions filled by beneficiaries in the Medicare Part D coverage gap, referred to as the "donut hole." Legislative and regulatory proposals have been introduced at both the state and federal level to expand post-approval requirements and restrict sales and promotional activities for pharmaceutical products. There have been public announcements by members of the U.S. Congress, regarding plans to repeal and replace the PPACA and Medicare. For example, on December 22, 2017, President Trump signed into law the Tax Cuts and Jobs Act of 2017, which, among other things, eliminated the individual mandate requiring most Americans (other than those who qualify for a hardship exemption) to carry a minimum level of health coverage, effective January 1, 2019. On December 14, 2018, a U.S. District Court Judge in the Northern District of Texas, or the Texas District Court Judge, ruled that the individual mandate is a critical and inseverable feature of the PPACA, and therefore, because it was repealed as part of the Tax Cuts and Jobs Act of 2017, the remaining provisions of the PPACA are invalid as well. On December 18, 2019, the U.S. Court of Appeals for the Fifth Circuit upheld the District Court's ruling with respect to the individual mandate but remanded the case to the District Court to consider whether other parts of the law can remain in effect. While the Texas District Court Judge has stated that the ruling will have no immediate effect, it is unclear how this decision, subsequent appeals, and other efforts to repeal and replace the PPACA will impact the law and our business. We are not sure whether additional legislative changes will be enacted, or whether the FDA regulations, guidance or interpretations will be changed, or what the impact of such changes on the marketing approvals of our drug candidates, if any, may be. In addition, increased scrutiny by the U.S. Congress of the FDA's approval process may significantly delay or prevent marketing approval, as well as subject us to more stringent product labeling and post-marketing approval testing and other requirements. Moreover, payment methodologies may be subject to changes in healthcare legislation and regulatory initiatives. For example, CMS may develop new payment and delivery models, such as bundled payment models. In addition, there has been heightened governmental scrutiny over the manner in which manufacturers set prices for their marketed products, which has resulted in several U.S. Congressional inquiries and proposed and enacted federal and state legislation designed to, among other things, bring more transparency to drug pricing, reduce the cost of prescription drugs under government payor programs, and review the relationship between pricing and manufacturer patient programs. The U.S. Department of Health and Human Services has started soliciting feedback on some of these measures and, at the same time, is implementing others under its existing authority. For example, in May 2019, CMS issued a final rule to allow Medicare Advantage Plans the option of using step therapy for Part B drugs beginning January 1, 2020. This final rule codified CMS's policy change that was effective January 1, 2019. While any proposed measures will require authorization through additional legislation to become effective, Congress has indicated that it will continue to seek new legislative and/or administrative measures to control drug costs. We expect that additional U.S. federal healthcare reform measures will be adopted in the future, any of which could limit the amounts that the U.S. federal government will pay for healthcare products and services, which could result in reduced demand for our drug candidates, if approved for commercialization. In Europe, the United Kingdom formally withdrew from the European Union on January 31, 2020, and entered into a transition period that ended on December 31, 2020. A significant portion of the regulatory framework in the United Kingdom is derived from the regulations of the European Union. We cannot predict what consequences the recent withdrawal of the United Kingdom from the European Union will have on the regulatory frameworks of the United Kingdom or the European Union, or on our future operations, if any, in these jurisdictions, and the United Kingdom is in the process of negotiating trade deals with other countries. Additionally, the United Kingdom's withdrawal from the European Union may increase the possibility that other countries may decide to leave the European Union again.

Keith Murphy, our Executive Chairman, is the Chief Executive Officer, Chairman and principal stockholder of Viscient, a private company that he founded in 2017 that is focused on drug discovery and development utilizing 3D tissue technology and multi-omics (genomics, transcriptomics, metabolomics). In addition, Adam Stern, Douglas Jay Cohen and David Gobel (through the Methuselah Foundation and the Methuselah Fund), members of our Board, have invested funds through a convertible promissory note in Viscient, but do not serve as an employee, officer or director of Viscient. Additional members of our Research and Development organization also work at Viscient, and we expect that additional employees or consultants of ours will also be employees of or consultants to Viscient. We use certain Viscient-owned facilities and equipment and allow Viscient to use certain of our facilities and equipment. During fiscal 2024, we provided services to Viscient, and we expect to continue to provide services to Viscient and enter into additional agreements with Viscient in the future. No services were provided to Viscient during the six months ended September 30, 2024. In addition, we license, as well as cross-license, certain intellectual property to and from Viscient and expect to continue to do so in the future. In particular, pursuant to an Asset Purchase and Non-Exclusive Patent License Agreement with Viscient, dated November 6, 2019, as amended, we have provided a paid up, worldwide, irrevocable, perpetual, non-exclusive license to Viscient under certain of our patents and know-how to (a) make, have made, use, sell, offer to sell, import and otherwise exploit the inventions and subject matter covered by certain patents regarding certain bioprinter devices and bioprinting methods, engineered liver tissues, engineered renal tissues, engineered intestinal tissue and engineered tissue for in vitro research use, (b) to use and internally repair the bioprinters, and (c) to make additional bioprinters for internal use only in connection with drug discovery and development research, target identification and validation, compound screening, preclinical safety, absorption, distribution, metabolism, excretion and toxicology (ADMET) studies, and in vitro research to complement clinical development of a therapeutic compound. Although we have entered, and expect to enter, into agreements and arrangements that we believe appropriately govern the ownership of intellectual property created by joint employees or consultants of Viscient and/or using our or Viscient's facilities or equipment, it is possible that we may disagree with Viscient as to the ownership of intellectual property created by shared employees or consultants, or using shared equipment or facilities. On December 28, 2020, we entered into an intercompany agreement with Viscient and Organovo, Inc., our wholly-owned subsidiary (the "Intercompany Agreement"). Pursuant to the Intercompany Agreement and subsequent statements of work entered into pursuant thereto, we agreed to provide Viscient certain services related to 3D bioprinting technology, which includes, but is not limited to, histology services, cell isolation, and proliferation of cells, and Viscient agreed to provide us certain services related to 3D bioprinting technology, including bioprinter training, bioprinting services, and qPCR assays, in each case on payment terms specified in the Intercompany Agreement and as may be further determined by the parties. In addition, Viscient and we each agreed to share certain facilities and equipment and, subject to further agreement, to each make certain employees available for specified projects to the other party at prices to be determined in good faith by the parties. Under the Intercompany Agreement, each party will retain its own prior intellectual property and will obtain new intellectual property rights within their respectively defined fields of use. Due to the interrelated nature of Viscient with us, conflicts of interest may arise with respect to transactions involving business dealings between us and Viscient, potential acquisitions of businesses or products, the development and ownership of technologies and products, the sale of products, markets and other matters in which our best interests and the best interests of our stockholders may conflict with the best interests of the stockholders of Viscient. In addition, we and Viscient may disagree regarding the interpretation of certain terms of the arrangements we previously entered into with Viscient or may enter into in the future. We cannot guarantee that any conflict of interest will be resolved in our favor, or that, with respect to our transactions with Viscient, we will negotiate terms that are as favorable to us as if such transactions were with another third-party. In addition, executives that provide services to us and Viscient may not dedicate all of their time to us and we may therefore compete with Viscient for the time commitments of our executive officers from time to time.

The regulatory framework for the collection, use, safeguarding, sharing, transfer, and other processing of information worldwide is rapidly evolving and is likely to remain uncertain for the foreseeable future. Globally, virtually every jurisdiction in which we operate has established its own data security and privacy frameworks with which we must comply. For example, the collection, use, disclosure, transfer, or other processing of personal data regarding individuals in the European Union, including personal health data, is subject to the EU General Data Protection Regulation (the "GDPR"), which took effect across all member states of the European Economic Area (the "EEA") in May 2018. The GDPR is wide-ranging in scope and imposes numerous requirements on companies that process personal data, including requirements relating to processing health and other sensitive data, obtaining consent of the individuals to whom the personal data relates, providing information to individuals regarding data processing activities, implementing safeguards to protect the security and confidentiality of personal data, providing notification of data breaches, and taking certain measures when engaging third-party processors. The GDPR increases our obligations with respect to clinical trials conducted in the EEA by expanding the definition of personal data to include coded data and requiring changes to informed consent practices and more detailed notices for clinical trial subjects and investigators. In addition, the GDPR imposes strict rules on the transfer of personal data to countries outside the European Union, including the United States, and, as a result, increases the scrutiny that clinical trial sites located in the EEA should apply to transfers of personal data from such sites to countries that are considered to lack an adequate level of data protection, such as the United States. The GDPR also permits data protection authorities to require destruction of improperly gathered or used personal information and/or impose substantial fines for violations of the GDPR, which can be up to four percent of global revenues or 20 million Euros, whichever is greater, and it also confers a private right of action on data subjects and consumer associations to lodge complaints with supervisory authorities, seek judicial remedies, and obtain compensation for damages resulting from violations of the GDPR. In addition, the GDPR provides that European Union member states may make their own further laws and regulations limiting the processing of personal data, including genetic, biometric or health data. Further, Brexit has led to, and could continue to lead to legislative and regulatory changes, which may increase our compliance costs. As of January 1, 2021 and the expiry of transitional arrangements agreed to between the United Kingdom and the European Union, data processing in the United Kingdom is governed by a United Kingdom version of the GDPR (combining the GDPR and the Data Protection Act 2018), exposing us to two parallel regimes, each of which authorizes similar fines and other potentially divergent enforcement actions for certain violations. On June 28, 2021, the European Commission adopted an Adequacy Decision for the United Kingdom, allowing for the relatively free exchange of personal information between the European Union and the United Kingdom, however, the European Commission may suspend the Adequacy Decision if it considers that the United Kingdom no longer provides for an adequate level of data protection. A bill to amend the existing UK framework has been reintroduced (in a different form) by the new UK Government and was announced as a bill which will be introduced into Parliament at the King's Speech on July 17, 2024. At this time, there is no specific clarity on the provisions of the bill, or the extent to which it will amend the UK framework, beyond general descriptions on its intended purpose. Other jurisdictions outside the European Union are similarly introducing or enhancing privacy and data security laws, rules and regulations. Similar actions are either in place or under way in the United States. There are a broad variety of data protection laws that are applicable to our activities, and a wide range of enforcement agencies at both the state and federal levels that can review companies for privacy and data security concerns based on general consumer protection laws. The Federal Trade Commission and state Attorneys General all are aggressive in reviewing privacy and data security protections for consumers. New laws also are being considered at both the state and federal levels and several states have passed comprehensive privacy laws. For example, the California Consumer Privacy Act - which went into effect on January 1, 2020 - is creating similar risks and obligations as those created by the GDPR, though the California Consumer Privacy Act does exempt certain information collected as part of a clinical trial subject to the Federal Policy for the Protection of Human Subjects (the Common Rule). As of January 1, 2023, the California Consumer Privacy Act (as amended and expanded by the California Privacy Rights Act) is in full effect, with enforcement by California's dedicated privacy enforcement agency expected to start later in 2023. While California was first among the states in adopting comprehensive data privacy legislation similar to the GDPR, many other states are following suit. Similar laws passed in Virginia, Colorado, Connecticut, and Utah took effect in 2023. Additionally, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas and others have adopted privacy laws, which take effect from July 1, 2024 through 2026. Some state laws also minimize what data can be collected from consumers and how businesses may use and disclose it. These state privacy laws also require businesses to make disclosures to consumers about data collection, use and sharing practices. In addition, some of these laws (including the California Privacy Rights Act), along with other standalone health privacy laws, subject health-related information to additional safeguards and disclosures and some specifically regulate consumer health data, such as the Washington My Health My Data Act, which became effective in 2023 and 2024. Additionally, a broad range of legislative measures also have been introduced at the federal level. Accordingly, failure to comply with federal and state laws (both those currently in effect and future legislation) regarding privacy and security of personal information could expose us to fines and penalties under such laws. There also is the threat of consumer class actions related to these laws and the overall protection of personal data. This is particularly true with respect to data security incidents, and sensitive personal information, including health and biometric data. Even if we are not determined to have violated these laws, government investigations into these issues typically require the expenditure of significant resources and generate negative publicity, which could harm our reputation and business. Given the breadth and depth of changes in data protection obligations, preparing for and complying with these requirements is rigorous and time intensive and requires significant resources and a review of our technologies, systems and practices, as well as those of any third-party collaborators, service providers, contractors or consultants that process or transfer personal data collected in the European Union. The GDPR, new state privacy laws and other changes in laws or regulations associated with the enhanced protection of certain types of sensitive data, such as healthcare data or other personal information from our clinical trials, could require us to change our business practices and put in place additional compliance mechanisms, may interrupt or delay our development, regulatory and commercialization activities and increase our cost of doing business, and could lead to government enforcement actions, private litigation and significant fines and penalties against us and could have a material adverse effect on our business, financial condition and results of operations.

Our future success will depend to a significant degree upon the continued contributions of our key personnel, especially our executive officers. We do not currently have long-term employment agreements with our executive officers or our other key personnel, and there is no guarantee that our executive officers or key personnel will remain employed with us. Moreover, we have not obtained key man life insurance that would provide us with proceeds in the event of the death, disability or incapacity of any of our executive officers or other key personnel. Further, the process of attracting and retaining suitable replacements for any executive officers and other key personnel we lose in the future would result in transition costs and would divert the attention of other members of our senior management from our existing operations. Additionally, such a loss could be negatively perceived in the capital markets. Finally, our Executive Chairman also provides services to Viscient Biosciences, Inc. ("Viscient"). Executives that provide services to us and Viscient do not dedicate all of their time to us, as disclosed in our filings, and we may therefore compete with Viscient for the time commitments of our Executive Chairman from time to time.

Our business, financial condition and share price could be adversely affected by general conditions in the global economy and in the global financial markets. As widely reported, in the past several years, global credit and financial markets have experienced volatility and disruptions, and especially in 2020, 2021 and 2022 due to the impacts of the COVID-19 pandemic, and, more recently, the ongoing conflict between Ukraine and Russia and the global impact of restrictions and sanctions imposed on Russia, including, for example, severely diminished liquidity and credit availability, declines in consumer confidence, declines in economic growth, increases in unemployment rates and uncertainty about economic stability. Moreover, the global impacts of the Israel-Hamas war are still unknown. There can be no assurances that further deterioration in credit and financial markets and confidence in economic conditions will not occur. For example, U.S. debt ceiling and budget deficit concerns have increased the possibility of additional credit-rating downgrades and economic slowdowns, or a recession in the United States. Although U.S. lawmakers passed legislation to raise the federal debt ceiling on multiple occasions, including a suspension of the federal debt ceiling in June 2023, ratings agencies have lowered or threatened to lower the long-term sovereign credit rating on the United States. The impact of this or any further downgrades to the U.S. government's sovereign credit rating or its perceived creditworthiness could adversely affect the U.S. and global financial markets and economic conditions. Absent further quantitative easing by the Federal Reserve, these developments could cause interest rates and borrowing costs to rise, which may negatively impact our results of operations or financial condition. Our general business strategy may be adversely affected by any such economic downturn, volatile business environment or continued unpredictable and unstable market conditions. If the current equity and credit markets deteriorate, it may make any necessary debt or equity financing more difficult, more costly and more dilutive. Failure to secure any necessary financing in a timely manner and on favorable terms could have a material adverse effect on our growth strategy, financial performance and share price and could require us to delay or abandon clinical development plans. Any of the foregoing could harm our business and we cannot anticipate all of the ways in which the current economic climate and financial market conditions could adversely impact our business.