Scholar Rock Holding (SRRK) Risk Analysis

We may seek Fast Track designation, Breakthrough Therapy designation or PRIME designation for certain of our product candidates. In May 2021, the FDA granted Fast Track designation for apitegromab for the treatment of SMA. The FDA has broad discretion whether or not to grant this designation, so even if we believe a particular product candidate is eligible for this designation, we cannot assure that the FDA would decide to grant it. Although the FDA has granted Fast Track designation for apitegromab in SMA, we may not experience a faster development process, review or approval compared to conventional FDA procedures. The FDA may withdraw Fast Track designation if it believes that the designation is no longer supported by data from our clinical development program. Designation as a breakthrough therapy is within the discretion of the FDA. Accordingly, even if we believe one of our product candidates meets the criteria for designation as a breakthrough therapy, the FDA may disagree and instead determine not to make such designation. In any event, the receipt of a Breakthrough Therapy designation for a product candidate may not result in a faster development process, review or approval compared to products considered for approval under conventional FDA procedures and does not assure ultimate approval by the FDA. In addition, even if one or more of our product candidates qualify as breakthrough therapies, the FDA may later decide that the products no longer meet the conditions for qualification and rescind the breakthrough designation. See the sections of this Annual Report entitled, "Business - Government Regulation - US Biological Product Development - Expedited Development and Review Programs." In March 2021, the EMA granted PRIME designation to apitegromab for the treatment of SMA. PRIME is a scheme provided by the EMA to enhance support for the development of medicines that target an unmet medical need. The receipt of PRIME designation for apitegromab for the treatment of SMA may not result in a faster development process, review or approval compared to products considered for approval under conventional regulatory agency procedures and does not assure ultimate approval by the EMA. See the section of this Annual Report entitled, "Business – Government Regulation – European Union Drug Development - European Union Expedited Review and Development."

Our commercial success will depend in large part on obtaining and maintaining patent, trademark and trade secret protection of our proprietary technologies and our product candidates, their respective components, formulations, combination therapies, methods used to manufacture them and methods of treatment, as well as successfully defending these patents against third-party challenges. Our ability to stop unauthorized third parties from making, using, selling, offering to sell or importing our product candidates is dependent upon the extent to which we have rights under valid and enforceable patents that cover these activities. If we are unable to secure and maintain patent protection for any product or technology we develop, or if the scope of the patent protection secured is not sufficiently broad, our competitors could develop and commercialize products and technology similar or identical to ours, and our ability to commercialize any product candidates we may develop may be adversely affected. The patenting process is expensive and time-consuming, and we may not be able to file and prosecute all necessary or desirable patent applications at a reasonable cost or in a timely manner. In addition, we may not pursue or obtain patent protection in all relevant markets. Unforeseen global events, and sanctions or actions relating to such events, could affect our ability to file, prosecute, maintain, and/or defend patents and applications in those markets. It is also possible that we will fail to identify patentable aspects of our research and development output before it is too late to obtain patent protection. Moreover, in some circumstances, we may not have the right to control the preparation, filing and prosecution of patent applications, or to maintain the patents, covering technology that we license from or license to third parties and are reliant on our licensors or licensees. The strength of patents in the biotechnology and pharmaceutical field involves complex legal and scientific questions and can be uncertain. The patent applications that we own or in-license may fail to result in issued patents with claims that cover our product candidates or uses thereof in the U.S. and/or in other foreign countries. Even if the patents do successfully issue, third parties may challenge the validity, enforceability or scope thereof, which may result in such patents being narrowed, invalidated or held unenforceable. For example, Russia issued a decree in March of 2022, stating that patent owners who reside in a country "unfriendly" to Russia are not entitled to compensation in the event of patent infringement. Furthermore, even if they are unchallenged, our patents and patent applications may not adequately protect our intellectual property and/or prevent others from designing around our claims. If the breadth or strength of protection provided by the patent applications we hold with respect to our product candidates is threatened, it could dissuade companies from collaborating with us to develop, and threaten our ability to commercialize, our product candidates. Further, if we encounter delays in our clinical trials, the period of time during which we could market our product candidates under patent protection would be reduced. We cannot be certain that we are the first to invent the inventions covered by pending patent applications and, if we are not, we may be subject to priority disputes. We may be required to disclaim part or all of the term of certain patents or all of the term of certain patent applications. There may be prior art of which we are not aware that may affect the validity or enforceability of a patent claim. There also may be prior art of which we are aware, but which we do not believe affects the validity or enforceability of a claim, which may, nonetheless, ultimately be found to affect the validity or enforceability of a claim. No assurance can be given that if challenged, our patents would be declared by a court to be valid or enforceable or that even if found valid and enforceable, a competitor's technology or product would be found by a court to infringe our patents. We may analyze patents or patent applications of our competitors that we believe are relevant to our activities, and consider that we are free to operate in relation to our product candidates, but our competitors may achieve issued claims, including in patents we consider to be unrelated, which block our efforts or may potentially result in our product candidates or our activities infringing such claims. The possibility exists that others will develop products which have the same effect as our products on an independent basis which do not infringe our patents or other intellectual property rights, or will design around the claims of patents that we have had issued that cover our products. In addition, periodic maintenance fees on any issued patent are due to be paid to the U.S. Patent Office ("USPTO") and foreign patent agencies in several stages over the lifetime of the patent. The USPTO and various foreign governmental patent agencies require compliance with a number of procedural, documentary, fee payment and other provisions during the patent application process and following the issuance of a patent. While an inadvertent lapse can, in many cases, be cured by payment of a late fee or by other means in accordance with the applicable rules, there are situations in which noncompliance can result in abandonment or lapse of the patent or patent application, resulting in partial or complete loss of patent rights in the relevant jurisdiction. Noncompliance events that could result in abandonment or lapse of a patent or patent application include, but are not limited to, failure to respond to official actions within prescribed time limits, non-payment of fees and failure to properly legalize and submit formal documents. Moreover, complications due to public health crises such as global pandemics may result in inadvertent lapse due to, for example, unexpected closures of the USPTO or foreign patent offices, delays in delivery of notifications relating to deadlines, or failure to timely and/or properly obtain signatures on necessary documents. Additionally, due to the ongoing conflict in Ukraine, there remain uncertainties as to any potential impact on patent protection and/or enforcement in the region, including, for example, payments to the Russian Patent Office and other entities. In such an event, our competitors might be able to enter the market, which would have a material adverse effect on our business. The degree of future protection for our proprietary rights is uncertain because legal means afford only limited protection and may not adequately protect our rights or permit us to gain or keep our competitive advantage. For example: - it is possible that our pending patent applications will not result in issued patents;- we or our licensors, as the case may be, might not have been the first to file patent applications for these inventions;- the claims of our owned or in-licensed issued patents or patent applications, if and when issued, may not cover our product candidates;- it is possible that there are prior public disclosures that could invalidate our or our licensors' patents, as the case may be, or parts of our or their patents;- our owned or in-licensed issued patents may not provide us with any competitive advantages, may be narrowed in scope, or be held invalid or unenforceable as a result of legal challenges by third parties;- we or our licensors, as the case may be, may fail to meet our obligations to the U.S. government in regards to any in-licensed patents and patent applications funded by U.S. government grants, leading to the loss of patent rights;- the laws of foreign countries may not protect our or our licensors', as the case may be, proprietary rights to the same extent as the laws of the U.S.;- the inventors of our owned or in-licensed patents or patent applications may become involved with competitors, develop products or processes which design around our patents, or become hostile to us or the patents or patent applications on which they are named as inventors;- it is possible that our owned or in-licensed patents or patent applications omit individual(s) that should be listed as inventor(s) or include individual(s) that should not be listed as inventor(s), which may cause these patents or patents issuing from these patent applications to be held invalid or unenforceable;- others may be able to make or use compounds or cells that are similar to the biological compositions of our product candidates but that are not covered by the claims of our patents;- others may independently develop similar or alternative technologies or duplicate any of our technologies;- it is possible that others may circumvent our owned or in-licensed patents;- the active biological ingredients in our current product candidates will eventually become commercially available in biosimilar drug products, and no patent protection may be available with regard to formulation or method of use;- we have engaged in scientific collaborations in the past, and will continue to do so in the future. Such collaborators may develop adjacent or competing products to ours that are outside the scope of our patents;- we may not develop additional proprietary technologies for which we can obtain patent protection;- it is possible that product candidates or diagnostic tests we develop may be covered by third parties' patents or other exclusive rights;- it is possible that there are unpublished applications or patent applications maintained in secrecy that may later issue with claims covering our products or technology similar to ours; and/or - the patents of others may have an adverse effect on our business. Our current patents covering our proprietary technologies and our product candidates are expected to expire beginning in 2034, without taking into account any possible patent term adjustments or extensions. Our earliest patents may expire before, or soon after, our first product achieves marketing approval in the U.S. or foreign jurisdictions. Upon the expiration of our current patents, we may lose the right to exclude others from practicing these inventions. The expiration of these patents could also have a material adverse effect on our business, results of operations, financial condition and prospects. We own pending patent applications covering our proprietary technologies or our product candidates that if issued as patents are expected to expire from 2034 through 2046, without taking into account any possible patent term adjustments or extensions. However, we cannot be assured that the USPTO or relevant foreign patent offices will grant any of these patent applications.

We have outsourced significant parts of our IT and business infrastructure to third-party providers, and we currently use these providers to perform business critical IT and business services for us. Despite the implementation of security measures, our computer systems, whether they are managed by us directly or by the third parties with whom we contract, and those of our existing and future CROs, and other contractors and consultants are vulnerable to damage from computer viruses and unauthorized access. While we have not experienced any such material system failure or security breach to date, if such an event were to occur and cause interruptions in our operations, it could result in a material disruption of our development programs and our business operations. Our increased reliance on personnel working from home may increase our cyber security risk, create data accessibility concerns, and make us more susceptible to workforce and communication disruptions, any of which could adversely impact our business operations or delay necessary interactions with local and federal regulators, ethics committees, manufacturing sites, research or clinical trial sites and other agencies and contractors. For example, the loss of preclinical or clinical data could result in delays in our regulatory approval efforts and significantly increase our costs to recover or reproduce the data. Likewise, we rely on third parties for the manufacture of apitegromab, SRK-181 and SRK-439 and to conduct preclinical studies and clinical trials, and similar events relating to their computer systems could also have a material adverse effect on our business. To the extent that any disruption or security breach were to result in a loss of, or damage to, our data or applications, or inappropriate disclosure of confidential or proprietary information, we could incur liability and the further development and commercialization of apitegromab, SRK-181, SRK-439 and future product candidates could be delayed. As a company that uses IT systems, our systems may be subject to cyber-attacks, incidents or compromises. Due to the nature of some of these attacks, there is a risk that they may remain undetected for a period of time. While we have invested in the protection of data and information technology, our efforts may not prevent service interruptions or security breaches (e.g., ransomware attacks and social engineering attacks (phishing)). Like other companies in our industry, we, and our third-party vendors, have experienced threats and cybersecurity incidents relating to our information technology systems and infrastructure. We maintain cyber liability insurance; however, this insurance may not be sufficient to cover the financial, legal, business, or reputational losses, including regulatory fines, that may result from an interruption or breach of our systems.

If we further expand our operations outside of the U.S., we must dedicate additional resources to comply with numerous laws and regulations in each jurisdiction in which we plan to operate. The FCPA prohibits any U.S. individual or business from paying, offering, authorizing payment or offering of anything of value, directly or indirectly, to any foreign official, political party or candidate for the purpose of influencing any act or decision of the foreign entity in order to assist the individual or business in obtaining or retaining business. The FCPA also obligates companies whose securities are listed in the U.S. to comply with certain accounting provisions requiring the company to maintain books and records that accurately and fairly reflect all transactions of the corporation, including international subsidiaries, and to devise and maintain an adequate system of internal accounting controls for international operations. Compliance with the FCPA is expensive and difficult, particularly in countries in which corruption is a recognized problem. In addition, the FCPA presents particular challenges in the pharmaceutical industry, because, in many countries, hospitals are operated by the government, and doctors and other hospital employees are considered foreign officials. Certain payments to hospitals in connection with clinical trials and other work have been deemed to be improper payments to government officials and have led to FCPA enforcement actions. Various laws, regulations and executive orders also restrict the use and dissemination outside of the U.S., or the sharing with certain non-U.S. nationals, of information classified for national security purposes, as well as certain products and technical data relating to those products. If we expand our presence outside of the U.S., it will require us to dedicate additional resources to comply with these laws, and these laws may preclude us from developing, manufacturing, or selling certain products and product candidates outside of the U.S., which could limit our growth potential and increase our development costs. The failure to comply with laws governing international business practices may result in substantial civil and criminal penalties and suspension or debarment from government contracting. The SEC also may suspend or bar issuers from trading securities on U.S. exchanges for violations of the FCPA's accounting provisions.

The market price of our common stock may be volatile. The stock market in general, and Nasdaq and biopharmaceutical companies in particular, have experienced extreme price and volume fluctuations that have often been unrelated or disproportionate to the operating performance of these companies. In the past, companies that have experienced volatility in the market price of their stock have been subject to securities class action litigation. We may be the target of this type of litigation in the future. Securities litigation against us could result in substantial costs and divert our management's attention from other business concerns, which could seriously harm our business.

The ability of the FDA and foreign regulatory authorities to review and or approve new products can be affected by a variety of factors, including government budget and funding levels, staffing levels, and statutory, regulatory, and policy changes, the FDA's and foreign regulatory authorities' ability to hire and retain key personnel and accept the payment of user fees, and other events that may otherwise affect the FDA's ability to perform routine functions. Average review times at the FDA and foreign regulatory authorities have fluctuated in recent years as a result. Disruptions at the FDA and other agencies, including substantial leadership, personnel, and policy changes, may also slow the time necessary for new drugs to be reviewed and/or approved by necessary government agencies, which would adversely affect our business. In 2025, the U.S. government has, among other measures, issued executive orders and undertaken reductions in force that have adversely impacted FDA staffing and resources. Such changes could significantly impact the ability of the FDA to timely review and take action on our regulatory submissions, which could have a material adverse effect on our business. In addition, changes in the requirements and policies of the FDA and other regulatory agencies with jurisdiction over our products, including applicable pricing and reimbursement frameworks under federal healthcare programs, could affect the commercial viability of our products, create revenue uncertainty, and impact our ability to achieve profitability. Additionally, regulatory changes may introduce new challenges in obtaining FDA approval or navigating commercialization, and any delay in securing applicable regulatory approvals would adversely affect our business and prospects. These uncertainties could also present new challenges and/or opportunities as we navigate the resubmission of our BLA to the FDA and make other preparations for potential commercialization. Any delay in obtaining, or our inability to obtain, applicable regulatory approvals would delay or prevent commercialization of apitegromab and could materially adversely impact our business and prospects.

We, our CROs, and any potential collaborators may be subject to strict and changing federal, state, and foreign data protection laws and regulations (i.e., laws and regulations that address privacy and data security) and policies and contractual obligations related to data privacy and security. In the U.S., numerous federal and state laws and regulations, including federal health information privacy laws, state data breach notification laws, state health information privacy laws, and federal and state consumer protection laws (e.g., Section 5 of the Federal Trade Commission Act), that govern the collection, use, disclosure and protection of health-related and other personal information could apply to our operations or the operations of our CROs and collaborators. In addition, we may obtain health information from third parties (including research institutions from which we obtain clinical trial data) that are subject to privacy and security requirements under HIPAA, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009. Depending on the facts and circumstances, we could be subject to civil, criminal, and administrative penalties if we knowingly obtain, use, or disclose individually identifiable health information maintained by a HIPAA-covered entity in a manner that is not authorized or permitted by HIPAA. Compliance with U.S. and international data protection laws and regulations could require us to take on more onerous obligations in our contracts, restrict our ability to collect, use and disclose data, or in some cases, impact our ability to operate in certain jurisdictions. Failure to comply with these laws and regulations could result in government enforcement actions (which could include civil, criminal and administrative penalties), private litigation, and/or adverse publicity and could negatively affect our operating results and business. Moreover, clinical trial subjects, employees and other individuals about whom we or our potential collaborators obtain personal information, as well as the providers who share this information with us, may limit our ability to collect, use and disclose the information. Claims that we have violated individuals' privacy rights, failed to comply with data protection laws, or breached our contractual obligations, even if we are not found liable, could be expensive and time-consuming to defend and could result in adverse publicity that could harm our business. We have conducted clinical trials and are currently conducting ONYX, our long-term extension clinical trial of apitegromab and OPAL, our Phase 2 clinical trial of apitegromab in children under the age of two living with SMA, in the EEA and the UK, and may conduct future clinical trials in the EEA or the UK. We are therefore subject to European privacy laws, where we collect and use personal data including health related data, in connection with our clinical trials in the EAA, or the UK, including the EU General Data Protection Regulation (the "EU GDPR"), the UK General Data Protection Regulation (the "UK GDPR") (collectively referred to as the "GDPR"), as well as other national data protection legislation in force in the relevant EEA Member States and the UK (including the UK Data Protection Act of 2018), which govern the collection, use, storage, disclosure, transfer, or other processing of personal data (including health data processed in the context of clinical trials) regarding individuals in the EEA and UK. The GDPR imposes a broad range of strict requirements on companies that process personal data, including requirements relating to having legal bases and conditions for processing personal data and transferring such personal data outside the EEA or the UK, including to the U.S., providing details to those individuals regarding the processing of their personal information and, when relevant, data transfer agreement or other transfer mechanism in place for transfer of personal data from Europe to the US, keeping personal information secure, having data processing agreements with third parties who process personal information, responding to individuals' requests to exercise their rights in respect of their personal information, where required reporting security breaches involving personal data to the competent national data protection authority and affected individuals, where required, appointing data protection officers, where required conducting data protection impact assessments for high risk processing, and record-keeping. The GDPR imposes penalties in the event of non-compliance, including fines of up to 20.0 million Euros (17.5 million GBP for the UK) or up to 4% of our total worldwide annual turnover for more serious offenses. The GDPR also confers a private right of action on data subjects and consumer associations to lodge complaints with supervisory authorities, seek judicial remedies, and obtain compensation for damages resulting from violations of the GDPR. The GDPR also imposes strict rules on the transfers of personal data outside of the EEA or the UK to third countries, such as the US in certain circumstances, unless a derogation exists or a valid GDPR transfer mechanism (for example, the European Commission approved standard contractual clauses ("SCCs") and the UK International Data Transfer Agreement/Addendum ("UK IDTA")). Where relying on the SCCs or UK IDTA for data transfers, we may also be required to carry out transfer impact assessments to assess whether the recipient is subject to local laws which allow public authority access to personal data. The complexity and the additional contractual burden increases our overall risk exposure. There may be further divergence on international transfer safeguards in the future, including with regard to administrative burdens. Any inability to transfer personal data from the UK and EEA to the US (and other third countries) in compliance with data protection laws may adversely affect our operations and our business and financial position. The UK data protection regime is independent from but currently still aligned with the EEA's data protection regime. However, going forward, there will be increasing scope for divergence in application, interpretation and enforcement of the data protection law as between the UK and EEA. Although the UK is regarded as a third country under the EU GDPR, the European Commission has issued a decision recognizing the UK as providing adequate protection under the EU GDPR and, therefore, transfers of personal data originating in the EEA to the UK remain unrestricted. Similarly, the UK government has confirmed that personal data transfers from the UK to the EEA remain free flowing. However, the UK Data (Use and Access) Act 2025 now in force, may further differentiate the UK's data protection regimes and could potentially impact the UK's adequacy decision granted by the European Commission. The respective provisions and enforcement of the EU GDPR and UK GDPR may continue to diverge, creating additional regulatory challenges and uncertainty. This evolving regulatory landscape could increase legal risk, complexity and cost to our handling of personal data, and may require us to adapt our privacy and data security compliance programs to account for increasing legal and regulatory divergence between the UK and the EEA. Further, EU Member States have adopted implementing national laws to implement the EU GDPR which may partially deviate from the EU GDPR and the competent authorities in the EU Member States may interpret EU GDPR obligations slightly differently from country to country, so that we do not expect to operate in a uniform legal landscape in the EU. Also, as it relates to processing and transfer of genetic data, the EU GDPR specifically allows national laws to impose additional and more specific requirements or restrictions, and European laws have historically differed quite substantially in this field, leading to additional uncertainty. The GDPR increases our responsibility and liability in relation to personal data that we process where such processing is subject to the GDPR. While we've taken steps to comply with the GDPR, including as implemented by individual countries, we face uncertainty as to the exact interpretation of these requirements and we may be unsuccessful in implementing all measures required by data protection authorities or courts in interpretation of the law. Compliance with the GDPR is a rigorous and time-intensive process that may increase our cost of doing business or require us to change our business practices, and despite those efforts, there is a risk that we may be subject to fines and penalties, litigation, and reputational harm in connection with our European activities. In addition, in the United States, many states in which we operate have laws that protect the privacy and security of sensitive and personal information. Certain state laws may be more stringent or broader in scope, or offer greater individual rights, with respect to sensitive and personal information than federal, international or other state laws, and such laws may differ from each other, which may complicate compliance efforts. Where state laws are more protective than HIPAA, we must comply with the state laws we are subject to, in addition to HIPAA. In certain cases, it may be necessary to modify our planned operations and procedures to comply with these more stringent state laws. Further, in some cases where we process sensitive and personal information of individuals from numerous states, we may find it necessary to comply with the most stringent state laws applicable to any of the information. For example, the CCPA creates comprehensive individual privacy rights for California consumers (as defined in the law) and places increased privacy and security obligations on entities handling personal data of consumers or households. While there are currently exceptions for protected health information that is subject to HIPAA and clinical trial regulations, as currently written, the CCPA, as amended by the California Privacy Rights Act, and other enacted or proposed comprehensive state consumer privacy legislation may impact our business activities. Furthermore, certain states have passed or are considering laws that are specifically focused upon health privacy, such as Washington's My Health My Data Act. The My Health My Data Act imposes new state restrictions and requirements on the processing and sale of consumer health data and creates a private right of action, which further increases the relevant compliance risk. Connecticut and Nevada have also passed similar laws regulating consumer health data. The effects of state and federal privacy laws are potentially significant and may require us to modify our data processing practices and policies and to incur substantial costs and potential liability in an effort to comply with such legislation. We continue to monitor the impact that the state consumer privacy and protection laws, like the CCPA and the My Health My Data Act, may have on our business activities. See the section in this Annual Report entitled "Business – Government Regulation – European General Data Protection Regulation" and "Business – Government Regulation – Other Healthcare and Privacy Laws."

We are exposed to the risk of employee fraud or other illegal activity by our employees, independent contractors, consultants, commercial partners and vendors. Misconduct by these parties could include intentional, reckless and/or negligent conduct that fails to comply with the laws and regulations of the FDA, EU Member States, EMA, MHRA and other similar foreign regulatory bodies; provide true, complete and accurate information to the FDA, EMA and other similar foreign regulatory bodies; comply with manufacturing standards we have established; comply with healthcare fraud and abuse laws in the U.S. and similar foreign fraudulent misconduct laws; or report financial information or data accurately or to disclose unauthorized activities to us. If we receive FDA approval, EC approval or approval from other foreign regulatory bodies of apitegromab and begin commercializing that product in the U.S. or in such other jurisdictions, our potential exposure under such laws will increase significantly, and our costs associated with compliance with such laws are also likely to increase. These laws may impact, among other things, our current activities with principal investigators and research patients, as well as proposed and future sales, marketing and education programs. We have adopted a code of business conduct and ethics, but it is not always possible to identify and deter misconduct by our employees, independent contractors, consultants, commercial partners and vendors, and the precautions we take to detect and prevent this activity may not be effective in controlling unknown or unmanaged risks or losses or in protecting us from governmental investigations or other actions or lawsuits stemming from a failure to comply with these laws or regulations. If any actions are instituted against us and we are not successful in defending ourselves or asserting our rights, those actions could result in the imposition of civil, criminal and administrative penalties, damages, monetary fines, individual imprisonment, disgorgement, possible exclusion from participation in government healthcare programs, additional reporting obligations and oversight if we become subject to a corporate integrity agreement or other agreement to resolve allegations of non-compliance with these laws, contractual damages, reputational harm, diminished profits and future earnings and the curtailment of our operations, any of which could adversely affect our ability to operate our business, financial condition and results of operations.

We have limited experience manufacturing our product candidates on a commercial scale. We rely on a limited number of third-party contract manufacturers to manufacture all of our clinical trial product supplies and, if approved, all of our commercial product supplies, including all of our drug substance, fill-finish, labeling, and packaging. We do not own our own manufacturing facilities for producing any clinical trial or commercial product supplies. Our supply chain also depends on a limited number of suppliers for critical raw materials and components (including container closure systems), and any disruption, quality issue, or shortage could delay manufacturing or regulatory approvals. There can be no assurance that our preclinical, clinical development, and, if approved, commercial product supplies will not be limited or interrupted due to impacts to our third-party contract manufacturers. For example, we rely on a single source supplier for the drug substance and fill-finish manufacture of apitegromab, SRK-181 and SRK-439. We are advancing activities at a second US-based fill-finish facility to strengthen supply continuity and support future commercial demand of apitegromab. Any replacement of our current drug substance contract manufacturer or fill-finish contract manufacturer would require significant resources, lead time and expertise because there may be a limited number of qualified replacements. In addition, our ability to procure sufficient supplies for the development of apitegromab, SRK-181, SRK-439 or future product candidates could be impacted by factors outside of our control such as current macroeconomic and geopolitical events, the changing rates of inflation and interest rates and tariff policies. We have no direct control over our contract manufacturers' ability to maintain adequate quality control, quality assurance and qualified personnel. Furthermore, all of our third-party contract manufacturers supply and/or manufacture materials or products for other companies, which exposes our third-party contract manufacturers to regulatory risks for the production of such materials and products. As a result, failure to satisfy the regulatory requirements for the production of those materials and products may affect the regulatory clearance of our contract manufacturers' facilities generally. For example, in September 2025, we received a CRL from the FDA citing observations identified during an FDA inspection of a third-party fill-finish facility. This facility was issued a Form 483 by the FDA in July 2025 and the inspection classification of this facility is OAI. The observations were related to the facility and were not specific to apitegromab. In November 2025, we completed an in-person Type A meeting with the FDA that included participation of representatives from the third-party fill-finish facility. Also in November 2025, the third-party fill-finish facility received a warning letter from the FDA and continues to work with the FDA to resolve the outstanding issues cited in the warning letter. The manufacturing process for a product candidate is subject to FDA and foreign regulatory authority review. Suppliers and manufacturers must meet applicable manufacturing requirements and undergo rigorous facility and process validation tests required by regulatory authorities in order to comply with regulatory standards, such as cGMP. In the event that any of our manufacturers fails to comply with such requirements or to perform its obligations to us in relation to quality, timing or otherwise, or if our supply of components or other materials becomes limited or interrupted for other reasons, we may be forced to internalize certain activities or rapidly onboard alternative third-party manufacturing capacity, for which we currently do not have the capabilities or resources, or enter into an agreement with another third-party, which we may not be able to do on reasonable terms, if at all. In some cases, the technical skills or technology required to manufacture our product candidates may be unique or proprietary to the original manufacturer and we may have difficulty transferring such skills or technology to another third-party and a feasible alternative may not exist. These factors would increase our reliance on the original manufacturer or require us to obtain a license from such manufacturer in order to have another third-party manufacture our product candidates. If we must change manufacturers for any reason, we may be required to qualify and validate a new manufacturer's facilities, processes and quality systems for compliance with applicable regulatory requirements, including cGMP. We may also need to conduct manufacturing comparability studies to demonstrate that any new manufacturing process produces product consistent with specifications previously submitted to the FDA or other regulatory authorities. These activities could result in delays and increased costs and could negatively affect our ability to develop and commercialize our product candidates in a timely manner or within budget. We expect to continue to rely on third-party manufacturers for commercial supplies of drug substance, drug product, fill-finish, and packaged and labeled product for apitegromab, if we receive regulatory approval. We do not have long-term supply agreements in place with many of our contract manufacturers, and each batch for our product candidates is individually contracted through a purchase order governed by master service and quality agreements. If any of these manufacturers are unwilling to or unable to supply adequate quantities of product on acceptable terms or timelines, or are unable to comply with cGMP or other applicable requirements, we may be required to qualify and onboard alternative suppliers, which could result in delays to clinical development, regulatory submissions or approvals, or commercialization. Failure to maintain compliance with cGMP can result in regulatory action against our third-party manufacturers, including FDA sanctions, which could disrupt our manufacturing and supply chain and lead to delays in our clinical development programs, regulatory submissions or approvals, or commercial supply, if approved. In addition, delays in securing or maintaining manufacturing capacity for drug substance, fill-finish, labeling and packaging, or failures by our contract manufacturers or suppliers to perform as required, could delay clinical trials, regulatory filings, or commercial launches, which could negatively affect our business.

If apitegromab receives marketing approval it may nonetheless fail to gain sufficient market acceptance by physicians, patients, third-party payors, and others in the medical community. There may be delays in getting apitegromab, if approved, on hospital or insurance formularies, or there may be limitations on coverage in the early stages of commercialization for newly approved drugs. If apitegromab is approved but fails to achieve market acceptance among hospitals, physicians, patients or health care payors, we will not be able to generate significant revenues and we may not become profitable, which would have a material adverse effect on our business, prospects, financial condition and results of operations. For example, doctors may deem it sufficient to treat patients with SMA with an SMN-targeted treatment such as nusinersen or risdiplam, and therefore will not be willing to utilize apitegromab in conjunction with such SMN-targeted treatment. The degree of market acceptance of apitegromab, if approved for commercial sale, will depend on a number of factors, including: - the efficacy and safety of apitegromab as demonstrated in clinical trials;- the indications for which apitegromab is approved;- efficacy and potential advantages compared to alternative treatments;- the ability to obtain sufficient third-party coverage and adequate reimbursement;- the amount, scope and nature of the clinical data (and other forms of data) available;- the ability to offer apitegromab, if approved, for sale at competitive prices;- the timing of market introduction of apitegromab as well as competitive products;- convenience and ease of administration compared to alternative treatments;- the willingness of the target patient population to try new therapies and of physicians to prescribe these therapies;- the strength of marketing and distribution support; and - the prevalence and severity of any side effects.