Avidity Biosciences (RNA) Risk Factors

The development of biopharmaceutical product candidates is capital-intensive. We expect our expenses to increase in connection with our ongoing activities, particularly as we conduct our ongoing and planned clinical trials and preclinical studies for our development programs and seek regulatory approval for our current product candidates and any future product candidates we may develop. If we obtain regulatory approval for any of our product candidates, we also expect to incur significant commercialization expenses related to product manufacturing, marketing, sales and distribution. Because the outcome of any preclinical study or clinical trial is highly uncertain, we cannot reasonably estimate the actual amounts necessary to successfully complete the development and commercialization of our product candidates. Furthermore, we expect to incur additional costs associated with operating as a public company. Accordingly, we will need to obtain substantial additional funding in connection with our continuing operations. If we are unable to raise capital when needed or on attractive terms, we could be forced to delay, reduce or eliminate our research and development programs or any future commercialization efforts. We believe that our existing cash, cash equivalents and marketable securities will enable us to fund our operations for at least the next 12 months. In particular, we expect that these funds will allow us to complete our MARINA-OLE trial for AOC 1001 in DM1 and advance AOC 1044 for DMD, and AOC 1020 for FSHD in clinical development as well as to further advance our AOC platform in and beyond our muscle franchise. We have based these estimates on assumptions that may prove to be wrong, and we could exhaust our capital resources sooner than we currently expect. Our operating plans and other demands on our cash resources may change as a result of many factors currently unknown to us, and we may need to seek additional funds sooner than planned, through public or private equity or debt financings or other capital sources, including potentially additional collaborations, licenses and other similar arrangements. In addition, we may seek additional capital due to favorable market conditions or strategic considerations even if we believe we have sufficient funds for our current or future operating plans. For example, in November 2022, we entered into a sales agreement, or the 2022 Sales Agreement, with Cowen and Company, LLC, or the Sales Agent, under which we may, from time to time, sell shares of common stock having an aggregate offering price of up to $200.0 million through the Sales Agent. However, there can be no assurance that the Sales Agent will be successful in consummating future sales based on prevailing market conditions or in the quantities or at the prices that we deem appropriate. In addition, the 2022 Sales Agreement may be terminated by us or the Sales Agent at any time upon specified notice to the other party, or by the Sales Agent at any time in certain circumstances, including the occurrence of a material adverse change. Attempting to secure additional financing may divert our management from our day-to-day activities, which may adversely affect our ability to develop our product candidates. Our future capital requirements will depend on many factors, including, but not limited to: - the type, number, scope, progress, expansions, results, costs and timing of, discovery, preclinical studies and clinical trials of our product candidates which we are pursuing or may choose to pursue in the future;- the costs and timing of manufacturing for our product candidates and commercial manufacturing if any product candidate is approved;- the costs, timing and outcome of regulatory review of our product candidates;- the terms and timing of establishing and maintaining collaborations, licenses and other similar arrangements;- the costs of obtaining, maintaining and enforcing our patents and other intellectual property rights;- our efforts to enhance operational systems and hire additional personnel to satisfy our obligations as a public company, including enhanced internal controls over financial reporting;- the costs associated with hiring additional personnel and consultants as our preclinical and clinical activities increase;- the timing and amount of the milestone or other payments made to us under our current or future research and collaboration agreements;- the costs and timing of establishing or securing sales and marketing capabilities if any product candidate is approved;- our ability to achieve sufficient market acceptance, coverage and adequate reimbursement from third-party payors and adequate market share and revenue for any approved products;- the terms and timing of establishing and maintaining collaborations, licenses and other similar arrangements; and - costs associated with any products or technologies that we may in-license or acquire. Identifying potential product candidates and conducting preclinical studies and clinical trials is a time consuming, expensive and uncertain process that takes years to complete, and we may never generate the necessary data or results required to obtain regulatory approval and commercialize our product candidates. In addition, our product candidates, if approved, may not achieve commercial success. Our commercial revenues, if any, will be derived from sales of products that we do not expect to be commercially available for many years, if at all. Accordingly, we will need to continue to rely on additional financing to achieve our business objectives. Adequate additional financing may not be available to us on acceptable terms, or at all.

We maintain a large quantity of sensitive information, including confidential business and patient health information in connection with our preclinical studies, and are subject to laws and regulations governing the privacy and security of such information. The global data protection landscape is rapidly evolving, and we may be affected by or subject to new, amended or existing laws and regulations in the future, including as our operations continue to expand or if we operate in foreign jurisdictions. These laws and regulations may be subject to differing interpretations, which adds to the complexity of processing personal information. Guidance on implementation standards and compliance practices are often updated or otherwise revised and we cannot yet determine the impact of future laws, regulations, standards, or the perception of their requirements may have on our business. In the United States, there are numerous federal and state data privacy and security laws and regulations governing the collection, use, disclosure and protection of personal information, including federal and state health information privacy laws, security breach notification laws and consumer protection laws. Each of these laws is subject to varying interpretations and constantly evolving. By way of example, the regulations promulgated under HIPAA and the Health Information Technology for Economic and Clinical Health Act impose privacy and security requirements and breach reporting obligations with respect to individually identifiable health information upon "covered entities" (health plans, health care clearinghouses and certain health care providers), and their respective business associates, individuals or entities that create, receive, maintain or transmit protected health information in connection with providing a service for or on behalf of a covered entity. The HIPAA breach notification rule mandates the reporting of certain breaches of unsecured, protected health information to the U.S. Department of Health and Human Services, or HHS, affected individuals and if the breach is large enough, the media. Entities that are found to be in violation of HIPAA as the result of a breach of unsecured protected health information, a complaint about privacy practices or an audit by HHS, may be subject to significant civil, criminal and administrative fines and penalties and/or additional reporting and oversight obligations if required to enter into a resolution agreement and corrective action plan with HHS to settle allegations of HIPAA non-compliance. Even when HIPAA does not apply, according to the FTC failing to take appropriate steps to keep consumers' personal information secure may constitute unfair acts or practices in or affecting commerce in violation of Section 5(a) of the Federal Trade Commission Act. The FTC expects a company's data security measures to be reasonable and appropriate in light of the sensitivity and volume of consumer information it holds, the size and complexity of its business and the cost of available tools to improve security and reduce vulnerabilities. Individually identifiable health information is considered sensitive data that merits stronger safeguards. In addition, certain state laws govern the privacy and security of health-related and other personal information in certain circumstances, some of which are more stringent than HIPAA and many of which differ from each other in significant ways and may not have the same effect, thus complicating compliance efforts. By way of example, the CCPA, which went into effect on January 1, 2020, gives California residents expanded rights to access and delete their personal information, opt out of certain personal information sharing, and receive detailed information about how their personal information is used. The CCPA provides for civil penalties for violations, as well as a private right of action for data breaches that is expected to increase data breach litigation. The CCPA may increase our compliance costs and potential liability, and adversely affect our business. Further, the CPRA, which went into effect on January 1, 2023, significantly expands the rights granted to consumers under the CCPA and imposes additional data protection obligations on covered businesses, including additional consumer rights processes, limitations on data uses, new audit requirements for higher risk data, and opt outs for certain uses of sensitive data. It also created a new California data protection agency authorized to issue substantive regulations and could result in increased privacy and information security enforcement. Additional compliance investment and potential business process changes may be required. Similar laws have been passed in other states, and are continuing to be proposed at the state and federal level, reflecting a trend toward more stringent privacy legislation in the United States. In the event that we are subject to or affected by HIPAA, the CCPA, the CPRA or other domestic privacy and data protection laws, any liability from failure to comply with the requirements of these laws could adversely affect our financial condition. In Europe, the GDPR took effect in May 2018. The GDPR governs the collection, use, disclosure, transfer or other processing of personal data of individuals within the EEA or in the context of our activities within the EEA. In addition, some of the personal data we process in respect of clinical trial participants is special category or sensitive personal data under the GDPR, and subject to additional compliance obligations and to local law derogations. Among other things, the GDPR imposes requirements regarding the security of personal data and notification of data processing obligations to the competent national data processing authorities, changes the lawful bases on which personal data can be processed, expands the definition of personal data and requires changes to informed consent practices, as well as detailed notices for clinical trial subjects and investigators. In addition, the GDPR regulates the transfer of personal data subject to the GDPR to the United States and other jurisdictions that the European Commission does not recognize as having "adequate" data protection laws, and the efficacy and longevity of current transfer mechanisms between the EEA and the United States remains uncertain. Case law from the Court of Justice of the European Union, or CJEU, states that reliance on the standard contractual clauses - a standard form of contract approved by the European Commission as an adequate personal data transfer mechanism - alone may not necessarily be sufficient in all circumstances and that transfers must be assessed on a case-by-case basis. On October 7, 2022, President Biden signed an Executive Order on ‘Enhancing Safeguards for United States Intelligence Activities' which introduced new redress mechanisms and binding safeguards to address the concerns raised by the CJEU in relation to data transfers from the EEA to the United States and which formed the basis of the new EU-US Data Privacy Framework, or DPF, as released on December 13, 2022. The European Commission adopted its Adequacy Decision in relation to the DPF on July 10, 2023, rendering the DPF effective as a GDPR transfer mechanism to United States entities self-certified under the DPF. The DPF also introduced a new redress mechanism for EU citizens which addresses a key concern in the previous CJEU judgments and may mean transfers under standard contractual clauses are less likely to be challenged in the future. We currently rely on a Data Processing Agreement, the EU standard contractual clauses, and the UK Addendum to the EU standard contractual clauses, as applicable, to transfer personal data outside the EEA and the UK, including to the United States, with respect to both intragroup and third party transfers. The GDPR imposes substantial fines for breaches and violations (up to the greater of €20 million or 4% of our consolidated annual worldwide gross revenue). In addition to fines, a breach of the GDPR may result in regulatory investigations, reputational damage, orders to cease or change our data processing activities, enforcement notices, assessment notices (for a compulsory audit) and/or civil claims, including class actions. For example, in 2016, the EU and United States agreed to a transfer framework for data transferred from the EU to the United States, called the Privacy Shield, but the Privacy Shield was invalidated in July 2020 by the Court of Justice of the European Union. The GDPR also confers a private right of action on data subjects and consumer associations to lodge complaints with supervisory authorities, seek judicial remedies and obtain compensation for damages resulting from violations of the GDPR. Further, from January 1, 2021, companies must also comply with the United Kingdom GDPR and the amended UK Data Protection Act 2018, or, together, the UK GDPR. The UK GDPR retains the GDPR in UK national law. The UK GDPR mirrors the fines under the GDPR, for instance, fines up to the greater of €20 million (£17.5 million) or 4% of global turnover. On October 12, 2023, the UK Extension to the DPF came into effect (as approved by the UK Government), as a UK GDPR data transfer mechanism to United States entities self-certified under the UK Extension to the DPF. The relationship between the United Kingdom and the European Union in relation to certain aspects of data protection law remains unclear, and it is unclear how United Kingdom data protection laws and regulations will develop in the medium to longer term, and how data transfers to and from the United Kingdom will be regulated in the long term. On June 28, 2021, the EU Commission published its adequacy decision to designate the United Kingdom as adequate. This adequacy decision is expected to last until June 27, 2025, although the Commission will begin an assessment in late 2024 to decide whether to extend the adequacy decision for a further period up to a maximum of another four years. If the Commission does not extend the decision, the UK's adequacy decision will expire on June 27, 2025. We expect the existing legal complexity and uncertainty regarding international personal data transfers to continue. In particular, we expect the DPF Adequacy Decision to be challenged and international transfers to the United States and to other jurisdictions more generally to continue to be subject to enhanced scrutiny by regulators. These changes may lead to additional costs and increase our overall risk exposure and as a result, we may have to make certain operational changes. Compliance with these and any other applicable data privacy and security laws and regulations is a rigorous and time-intensive process, and we may be required to put in place additional mechanisms ensuring compliance with the new data protection rules within required time frames. If we fail to comply with any such laws or regulations, we may face significant fines and penalties that could adversely affect our business, financial condition and results of operations.

We and any of our third-party manufacturers or suppliers and current or potential future collaborators will use biological materials, potent chemical agents and may use hazardous materials, including chemicals and biological agents and compounds that could be dangerous to human health and safety of the environment. Our operations and the operations of our third-party manufacturers and suppliers also produce hazardous waste products. Federal, state and local laws and regulations govern the use, generation, manufacture, storage, handling and disposal of these materials and wastes. Compliance with applicable environmental laws and regulations may be expensive, and current or future environmental laws and regulations may impair our product development efforts. In addition, we cannot eliminate the risk of accidental injury or contamination from these materials or wastes. We do not carry specific biological or hazardous waste insurance coverage, and our property, casualty and general liability insurance policies specifically exclude coverage for damages and fines arising from biological or hazardous waste exposure or contamination. In the event of contamination or injury, we could be held liable for damages or be penalized with fines in an amount exceeding our resources, and our clinical trials or regulatory approvals could be suspended. Although we maintain workers' compensation insurance for certain costs and expenses we may incur due to injuries to our employees resulting from the use of hazardous materials or other work-related injuries, this insurance may not provide adequate coverage against potential liabilities. We do not maintain insurance for toxic tort claims that may be asserted against us in connection with our storage or disposal of biologic, hazardous or radioactive materials. In addition, we may incur substantial costs in order to comply with current or future environmental, health and safety laws and regulations, which have tended to become more stringent over time. These current or future laws and regulations may impair our research, development or production efforts. Failure to comply with these laws and regulations also may result in substantial fines, penalties or other sanctions or liabilities, which could materially adversely affect our business, financial condition, results of operations and prospects.

We have no internal sales, marketing or distribution capabilities, nor have we commercialized a product. If any of our product candidates ultimately receives regulatory approval, we must build a marketing and sales organization with technical expertise and supporting distribution capabilities to commercialize each such product in major markets, which will be expensive and time consuming, or collaborate with third parties that have direct sales forces and established distribution systems, either to augment our own sales force and distribution systems or in lieu of our own sales force and distribution systems. We have no prior experience as a company in the marketing, sale and distribution of biopharmaceutical products and there are significant risks involved in building and managing a sales organization, including our ability to hire, retain and incentivize qualified individuals, generate sufficient sales leads, provide adequate training to sales and marketing personnel and effectively manage a geographically dispersed sales and marketing team. Any failure or delay in the development of our internal sales, marketing and distribution capabilities would adversely impact the commercialization of these products. We may not be able to enter into collaborations or hire consultants or external service providers to assist us in sales, marketing and distribution functions on acceptable financial terms, or at all. In addition, our product revenues and our profitability, if any, may be lower if we rely on third parties for these functions than if we were to market, sell and distribute any products that we develop ourselves. We likely will have little control over such third parties, and any of them may fail to devote the necessary resources and attention to sell and market our products effectively. If we are not successful in commercializing our products, either on our own or through arrangements with one or more third parties, we may not be able to generate any future product revenue and we would incur significant additional losses.

Our future growth may depend, in part, on our ability to develop and commercialize our product candidates in foreign markets. We are not permitted to market or promote any of our product candidates before we receive regulatory approval from applicable regulatory authorities in foreign markets, and we may never receive such regulatory approvals for any of our product candidates. To obtain separate regulatory approval in many other countries we must comply with numerous and varying regulatory requirements regarding safety and efficacy and governing, among other things, clinical trials, commercial sales, pricing and distribution of our product candidates. If we obtain regulatory approval of our product candidates and ultimately commercialize our products in foreign markets, we would be subject to additional risks and uncertainties, including: - different regulatory requirements for approval of drugs in foreign countries;- reduced protection for intellectual property rights;- the existence of additional third-party patent rights of potential relevance to our business;- unexpected changes in tariffs, trade barriers and regulatory requirements;- economic weakness, including inflation, or political instability in particular foreign economies and markets;- compliance with tax, employment, immigration and labor laws for employees living or traveling abroad;- foreign currency fluctuations, which could result in increased operating expenses and reduced revenues, and other obligations incident to doing business in another country;- foreign reimbursement, pricing and insurance regimes;- workforce uncertainty in countries where labor unrest is common;- production shortages resulting from any events affecting raw material supply or manufacturing capabilities abroad; and - business interruptions resulting from geopolitical actions, including war and terrorism, or natural disasters including earthquakes, typhoons, floods and fires.