Urogen Pharma (URGN) Risk Analysis

In the ordinary course of our business, we collect, receive, store, process, generate, use, transfer, disclose, make accessible, protect, secure, dispose of, transmit, and share (collectively, "process") Sensitive Information. Our data processing activities are subject to numerous data privacy and security obligations, such as domestic and foreign laws and regulations, guidance, industry standards, external and internal privacy and security policies, contractual requirements, and other obligations relating to privacy, data protection, and data security. In the United States, federal, state, and local governments have enacted numerous privacy, data protection, and data security laws, including data breach notification laws, personal data privacy laws, and consumer protection laws (e.g., Section 5 of the Federal Trade Commission Act), and other similar laws (e.g., wiretapping laws). For example, as further described above, HIPAA imposes specific requirements relating to the privacy, security, and transmission of individually identifiable health information. Additionally, numerous U.S. states have enacted comprehensive privacy laws that impose certain obligations on covered businesses, including providing specific disclosures in privacy notices and affording residents with certain rights concerning their personal data. As applicable, such rights may include the right to access, correct, or delete certain personal data, and to opt-out of certain data processing activities, such as targeted advertising, profiling, and automated decision-making. The exercise of these rights may impact our business and ability to provide our products and services. Certain states also impose stricter requirements for processing certain personal data, including sensitive types of personal data, such as conducting data privacy impact assessments. These state laws allow for statutory fines for noncompliance. For example, the California Consumer Privacy Act of 2018 ("CCPA") applies to personal data of consumers, business representatives, and employees who are California residents, and requires businesses to provide specific disclosures in privacy notices and honor requests of California residents to exercise certain privacy rights. The CCPA provides for fines and allows private litigants affected by certain data breaches to recover significant statutory damages. The CCPA and other comprehensive U.S. state privacy laws exempt some data processed in the context of clinical trials, but these developments may further complicate compliance efforts, and increase legal risk and compliance costs for us and the third parties with whom we work. Similar laws are being considered at the federal, state, and local levels and we expect more states to pass similar laws in the future. Furthermore, we are or may become subject to new laws governing the privacy of consumer health data. For example, Washington's My Health My Data Act ("MHMD") broadly defines consumer health data, places restrictions on processing consumer health data (including imposing stringent requirements for consents), provides consumers certain rights with respect to their health data, and creates a private right of action to allow individuals to sue for violations of the law. Other states are considering and may adopt similar laws. These laws demonstrate our vulnerability to the evolving regulatory environment related to personal data. As we expand our operations, these and similar laws may increase our compliance costs and potential liability. Outside the United States, an increasing number of laws, regulations, and industry standards apply to privacy, data protection, and data security. For example, the European Union's General Data Protection Regulation ("EU GDPR") and the United Kingdom's GDPR ("UK GDPR") impose strict requirements for processing personal data. Our upcoming clinical trial will include sites in the EU, which will increase our exposure to potential liability under the EU GDPR. For example, under the GDPR, companies may face temporary or definitive bans on data processing and other corrective actions; fines of up to 20 million Euros under the EU GDPR, 17.5 million pounds sterling under the UK GDPR or, in each case, 4% of annual global revenue, whichever is greater; or private litigation related to processing of personal data brought by classes of data subjects or consumer protection organizations authorized at law to represent their interests. We have expanded our business to include additional clinical trial operations in the European Union and eastern Europe, subjecting us to increased governmental regulation in such jurisdictions, such as the EU GDPR. Assisting our customers, partners, and vendors in complying with the EU GDPR or other foreign laws, or complying with such laws ourselves, has in the past and may in the future cause us to incur substantial operational costs or require us to change our business practices. Additionally, under various privacy laws and other obligations, we may be required to obtain certain consents to process personal data. Our inability or failure to do so could result in adverse consequences, including class action litigation and mass arbitration demands. Moreover, in the ordinary course of business, we transfer personal data from Europe and other jurisdictions to the United States or other countries. Europe and other jurisdictions have enacted laws requiring data to be localized or limiting the transfer of personal data to other countries. In particular, the European Economic Area ("EEA") and the United Kingdom ("UK") have significantly restricted the transfer of personal data to the United States and other countries whose privacy laws it generally believes are inadequate. Other jurisdictions may adopt or have already adopted similarly stringent data localization and cross-border data transfer laws. Although there are currently various mechanisms that may be used to transfer personal data from the EEA and UK to the United States in compliance with law, such as the EEA standard contractual clauses, the UK's International Data Transfer Agreement / Addendum, and the EU-U.S. Data Privacy Framework and the UK extension thereto (which allows for transfers to relevant U.S.-based organizations who self-certify compliance and participate in the Framework), these mechanisms are subject to legal challenges, and there is no assurance that we can satisfy or rely on these measures to lawfully transfer personal data to the United States. If there is no lawful manner for us to transfer personal data from other jurisdictions to the United States, or if the requirements for a legally-compliant transfer are too onerous, we could face significant adverse consequences, including the interruption or degradation of our operations, the need to relocate part of or all of our business or data processing activities to other jurisdictions (such as Europe) at significant expense, increased exposure to regulatory actions, substantial fines and penalties, the inability to transfer data and work with partners, vendors and other third parties, and injunctions against our processing or transferring of personal data necessary to operate our business. Inability to import personal data from Europe to the United States may limit our ability to conduct clinical trial activities in Europe, limit our ability to collaborate with contract research organizations, service providers, contractors and other entities subject to European data protection laws, adversely impact our operations, product development and ability to provide our products, and require us to increase our data processing capabilities in Europe at significant expense. Additionally, companies that transfer personal data out of the EEA and UK to other jurisdictions, particularly to the United States, are subject to increased scrutiny from regulators, individual litigants, and activist groups. Some European regulators have ordered certain companies to suspend or permanently cease certain transfers out of Europe for allegedly violating the GDPR's cross-border data transfer limitations. Additionally, the U.S. Department of Justice issued a rule entitled Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons, which places additional restrictions on certain data transactions involving countries of concern (e.g., China, Russia, Iran) and covered persons (i.e., individuals and entities who are designated as such by the U.S. Attorney General or are considered "foreign persons" and majority owned by, organized under the laws of, primarily resident in, or a contractor of a covered person or country of concern, as applicable) that may impact certain business activities such as vendor engagements, sale or sharing of data, employment of certain individuals, and investor agreements. Violations of the rule could lead to significant civil and criminal fines and penalties. The rule applies regardless of whether data is anonymized, key-coded, pseudonymized, de-identified or encrypted, which presents particular challenges for companies like ours and may impact our ability to transfer data in connection with certain transactions or agreements. Our employees and personnel use AI technologies to perform their work, and the disclosure and use of personal data in generative AI technologies is subject to various privacy laws and other privacy obligations. Governments have passed and are likely to pass additional laws regulating AI  technologies. Our use of this technology could result in additional compliance costs, regulatory investigations and actions, and lawsuits. If we are unable to use AI, it could make our business less efficient and result in competitive disadvantages. We are also bound by contractual obligations related to data privacy and security, and our efforts to comply with such obligations may not be successful. For example, certain privacy laws, such as the GDPR and the CCPA, require our customers to impose specific contractual restrictions on their service providers. Additionally, we are or may become subject to industry standards related to data privacy or security adopted by industry groups. We publish privacy policies, marketing materials, whitepapers, and other statements such as statements related to security or compliance with certain certifications or self-regulatory principles, concerning data privacy and security. Regulators in the United States are increasingly scrutinizing these statements, and if these policies, materials or statements are found to be deficient, lacking in transparency, deceptive, unfair, misleading, or misrepresentative of our practices, we may be subject to investigation, enforcement actions by regulators or other adverse consequences. Obligations related to data privacy and security (and individuals' data privacy expectations) are quickly changing, becoming increasingly stringent, and creating uncertainty. Additionally, these obligations may be subject to differing applications and interpretations, which may be inconsistent or conflict among jurisdictions. Preparing for and complying with these obligations requires us to devote significant resources, which may necessitate changes to our services, information technologies, systems, and practices and to those of any third parties that process personal data on our behalf. In addition, these obligations may require us to change our business model. Our business model materially depends on our ability to process personal data, so we are particularly exposed to the risks associated with the rapidly changing legal landscape. For example, we may be at heightened risk of regulatory scrutiny due to collection of key-coded clinical trial participant information, and any changes in the regulatory framework could require us to fundamentally change our business model. We may at times fail (or be perceived to have failed) in our efforts to comply with our data privacy and security obligations. Moreover, despite our efforts, our personnel or third parties with whom we work may fail to comply with such obligations, which could negatively impact our business operations. If we or the third parties with whom we work fail, or are perceived to have failed, to address or comply with applicable data privacy and security obligations, we could face significant consequences, including but not limited to: government enforcement actions (e.g., investigations, fines, penalties, audits, inspections, and similar); litigation (including class-action claims) and mass arbitration demands; additional reporting requirements and/or oversight; bans or restrictions on processing personal data; orders to destroy or not use personal data; and imprisonment of company officials. In particular, plaintiffs have become increasingly active in bringing privacy-related claims against companies, including class claims and mass arbitration demands. Some of these claims allow for the recovery of statutory damages on a per-violation basis, and, if viable, carry the potential for monumental statutory damages, depending on the volume of data and the number of violations. Any of these events could have a material adverse effect on our reputation, business, or financial condition, including but not limited to: loss of customers; interruptions or stoppages in our business operations (including clinical trials); inability to process personal data or to operate in certain jurisdictions; limited ability to develop or commercialize our products; expenditure of time and resources to defend any claim or inquiry; adverse publicity; and substantial changes to our business model or operations.

Jelmyto, Zusduri and any of our product candidates that receive regulatory approval will be subject to continual regulatory review by the FDA and/or foreign regulatory authorities. Additionally, Jelmyto, Zusduri and any of our product candidates that receive regulatory approval will be subject to extensive and ongoing regulatory requirements, including labeling and other restrictions and market withdrawal and we may be subject to penalties if we fail to comply with regulatory requirements or experience unanticipated problems with our products. The FDA approvals of Jelmyto and Zusduri are, and any regulatory approvals that we receive for our product candidates may be, subject to limitations on the approved indications for which the product may be marketed or to the conditions of approval. In addition, any regulatory approvals that we receive for our current or future product candidates may contain requirements for potentially costly post-marketing testing, including Phase 4 clinical trials, and surveillance to monitor the safety and efficacy of the product. In addition, the manufacturing processes, labeling, packaging, distribution, adverse event reporting, storage, advertising, promotion and recordkeeping for Jelmyto and Zusduri are, and any of our product candidates that receive regulatory approval will be, subject to extensive and ongoing regulatory requirements. These requirements include submissions of safety and other post-marketing information and reports, registration, as well as continued compliance with cGMP and GCP for any clinical trials that we conduct post-approval. Later discovery of previously unknown problems with our products or product candidates, including adverse events of unanticipated severity or frequency, or problems with our third-party manufacturers' processes, or failure to comply with regulatory requirements, may result in, among other things: - restrictions on the marketing or manufacturing of the product, withdrawal of the product from the market, or voluntary or mandatory product recalls;         - fines, warning letters or holds on clinical trials;         - refusal by the FDA to approve pending applications or supplements to approved applications submitted by us, or suspension or revocation of product license approvals; and         - product seizure or detention, or refusal to permit the import or export of products; and injunctions or the imposition of civil or criminal penalties. Our ongoing regulatory requirements may also change from time to time, potentially harming or making costlier our commercialization efforts. We cannot predict the likelihood, nature or extent of government regulation that may arise from future legislation or administrative action, either in the United States or other countries. If we are slow or unable to adapt to changes in existing requirements or the adoption of new requirements or policies, or if we are not able to maintain regulatory compliance, we may lose any marketing approval that we may have obtained, and we may not achieve or sustain profitability, which would adversely affect our business.

The Drug Price Competition and Patent Term Restoration Act of 1984 (the "Hatch-Waxman Act"), added 505(b)(2) to the FDCA. 505(b)(2) permits the filing of an NDA where at least some of the information required for approval comes from studies that were not conducted by or for the applicant, and for which the applicant has not received a right of reference, which could expedite the development program for certain of our product candidates by potentially decreasing the amount of nonclinical and clinical data that we would need to generate in order to obtain FDA approval. However, while we believe that our product candidates are reformulations of existing drugs and, therefore, will not be treated as NCEs, the submission of an NDA under the 505(b)(2) pathway does not preclude the FDA from determining that the product candidate that is the subject of such submission is an NCE and therefore not eligible for review under such regulatory pathway. Our product candidates may not receive the requisite approvals for commercialization, or we may need to conduct additional nonclinical experiments and clinical trials, provide additional data and information, and meet additional standards for regulatory approval. If this were to occur, the time and financial resources required to obtain FDA approval for these product candidates, and complications and risks associated with these product candidates, would likely increase significantly. In addition, notwithstanding the approval of a number of products by the FDA under 505(b)(2) certain competitors and others have objected to the FDA's interpretation of 505(b)(2). If the FDA's interpretation of 505(b)(2) is successfully challenged, the FDA may be required to change its 505(b)(2) policies and practices, which could delay or even prevent the FDA from approving any NDA that we submit under 505(b)(2). In addition, the pharmaceutical industry is highly competitive, and 505(b)(2) NDAs are subject to special requirements designed to protect the patent rights of sponsors of previously approved drugs that are referenced in a 505(b)(2) NDA. These requirements may give rise to patent litigation and mandatory delays in approval of our potential future NDAs for up to 30 months depending on the outcome of any litigation. It is not uncommon for a manufacturer of an approved product to file a citizen petition with the FDA seeking to delay approval of, or impose additional approval requirements for, pending competing products. If successful, such petitions can significantly delay, or even prevent, the approval of the new product. However, even if the FDA ultimately denies such a petition, the FDA may substantially delay approval while it considers and responds to the petition. In addition, even if we are able to utilize the 505(b)(2) regulatory pathway for our product candidates, there is no guarantee this would ultimately lead to faster product development or earlier approval. Moreover, even if these product candidates are approved under the 505(b)(2) pathway, as the case may be, the approval may be subject to limitations on the indicated uses for which the products may be marketed or to other conditions of approval or may contain requirements for costly post-marketing testing and surveillance to monitor the safety or efficacy of the products. In addition, there have been a number of recent regulatory and legislative initiatives designed to encourage generic competition for pharmaceutical products, including expedited review procedures for generic manufacturers and incentives designed to spur generic competition of branded drugs. In particular, the FDA and the FTC have been focused on brand companies' denial of drug supply to potential generic competitors for testing. In December 2019, the CREATES Act was enacted, which provides a legislatively defined private right of action under which generic companies can bring suit against companies who refuse access to product for the bioequivalence testing needed to support approval of a generic product. We cannot currently predict the specific outcome or impact on our business of such regulatory and legislative initiatives, litigation or investigation. However, it is our policy, which is in compliance with the CREATES Act, to evaluate requests for samples of our approved product, and to provide samples in response to bona fide requests from qualified third parties, including generic manufacturers, subject to specified conditions. We have provided samples of Jelmyto to certain generic manufacturers.

Jelmyto is indicated for adult patients with low-grade UTUC and Zusduri is indicated for adult patients with recurrent low-grade intermediate risk NMIBC. We are currently developing UGN-103, UGN-104 and UGN-501 for the treatment of various forms of urothelial cancer. The FDA and other applicable regulatory agencies will restrict our ability to market or advertise our products to the scope of the approved label for the applicable product and for no other indications, which could limit physician and patient adoption. We may attempt to develop and, if approved, promote and commercialize new treatment indications for our products in the future, but we cannot predict when or if we will receive the regulatory approvals required to do so. Failure to receive such approvals will prevent us from promoting or commercializing new treatment indications. In addition, we would be required to conduct additional clinical trials or studies to support approvals for additional indications, which would be time consuming and expensive, and may produce results that do not support regulatory approvals. If we do not obtain additional regulatory approvals, our ability to expand our business will be limited.

The commercial success of Jelmyto, Zusduri and any product candidates that receive regulatory approval will depend significantly on their broad adoption and use by physicians for approved indications, including, in the case of Jelmyto, for the treatment of adults with low-grade UTUC, and in the case of Zusduri, for the treatment of adults with recurrent low-grade intermediate risk NMIBC, and for other therapeutic indications that we may seek to pursue with any of our product candidates. Physicians treating low-grade UTUC and recurrent low-grade intermediate risk NMIBC have never had to consider treatments other than surgery. The degree and rate of physician and patient adoption of Jelmyto, Zusduri, or any of our product candidates, if approved, will depend on a number of factors, including: - the clinical indications for which the product is approved;   - the safety and efficacy data from the clinical trial(s) supporting the approved clinical indications;   - the approved labeling and packaging for our products, including the degree of product preparation and administration convenience and ease of use that is afforded to physicians by the approved labeling and product packaging;    - the prevalence and severity of adverse side effects and the level of benefit/risk observed in our clinical trials;   - sufficient patient satisfaction with the results and administration of our products and overall treatment experience, including relative convenience, ease of use and avoidance of, or reduction in, adverse side effects;   - the extent to which physicians recommend our products to patients;   - physicians' and patients' willingness to adopt new therapies in lieu of other products or treatments, including willingness to adopt Jelmyto and Zusduri as locally-administered drug replacements to current surgical standards of care;   - the cost of treatment, safety and efficacy of our products in relation to alternative treatments, including the recurrence rate of our treatments;   - the extent to which the costs of our products are covered and reimbursed by third-party payors, including the availability of a physician reimbursement code for our treatments, and patients' willingness to pay for our products;   - whether treatment with our products, including the treatment of low-grade UTUC with Jelmyto and the treatment of adult patients with recurrent low-grade intermediate risk NMIBC with Zusduri, will be deemed to be an elective procedure by third- party payors; if so, the cost of treatment would be borne by the patient and would be less likely to be broadly adopted;   - proper education of physicians or nurses for the skillful administration of our approved products, Jelmyto and Zusduri, and development of a broad experiential knowledge base of aggregated clinician feedback from which we can refine appropriate procedures for product administration, without which there could be a risk of adverse events;   - the effectiveness of our sales and marketing efforts, especially the success of any targeted marketing efforts directed toward physicians and clinics and any direct-to-consumer marketing efforts we may initiate; and   - third-party clinical practice guidelines. If Jelmyto, Zusduri or any of our product candidates that are approved for use fail to achieve the broad degree of physician adoption and market acceptance necessary for commercial success, our operating results and financial condition would be adversely affected.

The United States and some foreign jurisdictions are considering or have enacted a number of legislative and regulatory proposals to change the healthcare system in ways that could affect our ability to sell our products profitably. Among policy makers and payors in the United States and elsewhere, there is significant interest in promoting changes in healthcare systems with the stated goals of containing healthcare costs, improving quality or expanding access. In the United States, the pharmaceutical industry has been a particular focus of these efforts and has been significantly affected by major legislative initiatives. For example, in March 2010, the ACA was signed into law. There have been judicial and Congressional challenges, as well as certain aspects of the ACA. For example, on July 4, 2025, the One Big Beautiful Bill Act (the "OBBBA") was signed into law, which narrowed access to ACA marketplace exchange enrollment and declined to extend the ACA enhanced advanced premium tax credits that expired at the end of 2025, which, among other provisions in the law, are anticipated to reduce the number of Americans with health insurance. The OBBBA also is expected to reduce Medicaid spending and enrollment by implementing work requirements for some beneficiaries, capping state-directed payments, reducing federal funding, and limiting provider taxes used to fund the program. Congress is considering proposed legislation intended to further reduce healthcare costs with alternatives to replace the expired ACA subsidies. We expect that additional U.S. federal healthcare reform measures will be adopted in the future, any of which could limit the amounts that the U.S. federal government will pay for healthcare products and services, which could result in reduced demand for our product candidates or additional pricing pressures. In addition, other legislative changes have been proposed and adopted since the ACA was enacted. These changes include aggregate reductions to Medicare payments to providers of 2% per fiscal year, which began in 2013 and will remain in effect until 2032 unless additional Congressional action is taken. Additionally, there have been several recent U.S. presidential executive orders, Congressional inquiries and proposed and enacted legislation at the federal and state levels designed to, among other things, bring more transparency to drug pricing, review the relationship between pricing and manufacturer patient programs, reduce the cost of drugs under Medicare, and reform government program reimbursement methodologies for drugs. At the federal level, on November 15, 2021, the Infrastructure Investment and Jobs Act was signed into law. On January 1, 2023, manufacturers began to be required to pay quarterly refunds to the CMS for discarded amounts of certain single-dose container and single-use package drugs payable under part B of the Medicare program. Refunds are generally based on the discarded volume above 10% of the total allowed amount. However, in unique circumstances, CMS will increase the applicable threshold to 35%. At this time, CMS has determined that Jelmyto and Zusduri fit within this unique circumstance classification. We do not expect Zusduri to exceed the applicable 35% threshold. The current administration is pursuing policies to reduce regulations and expenditures across government agencies including at the U.S. Department of Health and Human Services ("HHS"), the FDA, CMS and related agencies. These actions, presently directed by executive orders or memoranda from the Office of Management and Budget, may propose policy changes that create additional uncertainty for our business. For example, the current administration has announced agreements with several pharmaceutical companies that require the drug manufacturers to offer, through a direct to consumer platform, U.S. patients and Medicaid programs prescription drug Most-Favored Nation pricing equal to or lower than those paid in other developed nations, with additional mandates for direct-to-patient discounts and repatriation of foreign revenues. Other recent actions, for example, include (1) directing agencies to reduce agency workforce and cut programs; (2) directing HHS and other agencies to lower prescription drug costs through a variety of initiatives, including by establishing Most-Favored-Nation pricing for pharmaceutical products and launching an online clearinghouse ("TrumpRx") for patients to purchase certain products from manufacturers on a cash pay basis; (3) imposing tariffs on imported pharmaceutical products; and (4) as part of the Make America Healthy Again ("MAHA") Commission's Strategy Report released in September 2025, working across government agencies to increase enforcement on direct-to-consumer pharmaceutical advertising. Additionally, the current administration recently called on Congress to enact "The Great Healthcare Plan," to codify and expand Most-Favored Nation pricing, lower government subsidies to private insurance companies, increase healthcare price transparency, expand pharmaceutical drugs available for over-the-counter purchase, and enact restrictions on pharmacy benefit manager ("PBM") payment methodologies, among other things. These actions and policies may significantly reduce U.S. drug prices, potentially impacting manufacturers' global pricing strategies and profitability, while increasing their operational costs and compliance risks. In June 2024, the U.S. Supreme Court's Loper Bright decision greatly reduced judicial deference to regulatory agencies, which could increase successful legal challenges to federal regulations affecting our operations. Congress may introduce and ultimately pass health care related legislation that could impact the drug approval process and make changes to the Medicare Drug Price Negotiation Program. At the state level, legislatures have increasingly passed legislation and implemented regulations designed to control pharmaceutical and biological product pricing, including price or patient reimbursement constraints, discounts, restrictions on certain product access and marketing cost disclosure and transparency measures, and, in some cases, designed to encourage importation from other countries and bulk purchasing. If healthcare policies or reforms intended to curb healthcare costs are adopted, or if we experience negative publicity with respect to the pricing of our products or the pricing of pharmaceutical drugs generally, the prices that we charge for any approved products may be limited, our commercial opportunity may be limited and/or our revenues from sales of our products may be negatively impacted. Although we cannot predict the full effect on our business of the implementation of existing legislation or the enactment of additional legislation pursuant to healthcare and other legislative reform, we believe that legislation or regulations that would reduce reimbursement for, or restrict coverage of, our products could adversely affect how much or under what circumstances healthcare providers will prescribe or administer our products. This could adversely affect our business by reducing our ability to generate revenues, raise capital, obtain additional licensees and market our products. In addition, we believe the increasing emphasis on managed care in the United States has and will continue to put pressure on the price and usage of pharmaceutical products, which may adversely impact product sales.

In order to market and sell our products in the European Union and other jurisdictions, we or our third-party collaborators must obtain separate marketing approvals and comply with numerous and varying regulatory requirements. The approval procedure varies among countries and can involve additional testing. The time required to obtain approval may differ substantially from that required to obtain FDA approval. Regulatory approval processes outside the United States generally include all of the risks associated with obtaining FDA approval. In addition, in many countries outside the United States, it is required that the product be approved for reimbursement before the product can be commercialized in that country. We may not obtain approvals from regulatory authorities outside the United States on a timely basis, if at all. Approval by the FDA does not ensure approval by regulatory authorities in other countries or jurisdictions, and approval by one regulatory authority outside the United States does not ensure approval by regulatory authorities in other countries or jurisdictions or by the FDA. We may not be able to submit for marketing approvals and may not receive the necessary approvals to commercialize our product candidates in any particular market. Even though Jelmyto is approved for marketing in Israel, there can be no assurance that it will achieve the broad degree of physician adoption and use, reimbursement and market acceptance necessary for commercial success.

The ability of the FDA to review and approve new products can be affected by a variety of factors, including government budget and funding levels, ability to hire and retain key personnel and accept payment of user fees, and statutory, regulatory, and policy changes. Average review times at the agency have fluctuated in recent years as a result. In addition, government funding of the SEC and other government agencies on which our operations may rely, including those that fund research and development activities is subject to the political process, which is inherently fluid and unpredictable. Disruptions at the FDA, including substantial leadership departures, personnel cuts, and policy changes, and other agencies may also slow the time necessary for new drugs to be reviewed and/or approved by necessary government agencies, which would adversely affect our business. For example, over the last several years, the U.S. government has shut down several times and certain regulatory agencies, such as the FDA and the SEC, have had to furlough critical FDA, SEC and other government employees and stop critical activities. In addition, there were significant staff reductions at the FDA and other federal agencies in 2025, which may impact the ability of the FDA to review and approve new products on targeted timelines or otherwise. If another prolonged government shutdown occurs or if the FDA experiences resource constraints, it could significantly impact the ability of the FDA to timely review and process our regulatory submissions, which could have a material adverse effect on our business. Further, future government shutdowns could impact our ability to access the public markets and obtain necessary capital in order to properly capitalize and continue our operations. There is substantial uncertainty as to whether and how the current administration will seek to modify or revise the requirements and policies of the FDA and other regulatory agencies with jurisdiction over our products and product candidates. This uncertainty could present new challenges as we navigate development and approval of our product candidates. Some of these efforts have manifested to date in the form of personnel cuts and measures that could impact the FDA's ability to hire and retain key personnel, which could result in delays or limitations on our ability to obtain guidance from the FDA on our product candidates in development and obtain the requisite regulatory approvals in the future. There remains general uncertainty regarding future activities. The current administration could issue or promulgate executive orders, regulations, policies or guidance that adversely affect us or create a more challenging or costly environment to pursue the development of new therapeutic products. Alternatively, state governments may attempt to address or react to changes at the federal level with changes to their own regulatory frameworks in a manner that is adverse to our operations. We may become negatively impacted by future governmental orders, regulations, policies or guidance, which could have a material adverse effect on our business.

The process of developing, obtaining regulatory approval for and commercializing our product candidates is long, complex, costly and uncertain, and delays or failure can occur at any stage. The research, testing, manufacturing, labeling, marketing, sale and distribution of drugs are subject to extensive and rigorous regulation by the FDA and foreign regulatory agencies, as applicable. These regulations are agency-specific and differ by jurisdiction. We are not permitted to market any product candidate in the United States until we receive approval of an NDA from the FDA, or in any foreign countries until we receive the requisite approval from the respective regulatory agencies in such countries. To gain approval of an NDA or other equivalent regulatory approval, we must provide the FDA or relevant foreign regulatory authority with nonclinical and clinical data that demonstrates the safety and efficacy of the product for the intended indication. Before we can submit an NDA to the FDA or comparable similar applications to foreign regulatory authorities, we must conduct Phase 3 clinical trials, or a pivotal/registration trial equivalent, for each product candidate. After submission of an NDA, the FDA may raise additional questions on any data contained in the application. These questions may come in the form of information requests or in the NDA 74-day letter as review issues. We must address these questions during the review, but we do not know whether our responses will be acceptable to the FDA. We cannot assure you that the FDA will not decide to require us to perform additional clinical trials, including potentially requiring us to perform an additional pivotal study with a control arm, before approving, or as a condition of approving, NDAs for our product candidates. Phase 3 clinical trials often produce unsatisfactory results even though prior clinical trials were successful. Moreover, the results of clinical trials may be unsatisfactory to the FDA or foreign regulatory authorities even if we believe those clinical trials to be successful. The FDA or applicable foreign regulatory agencies may suspend one or all of our clinical trials or require that we conduct additional clinical, nonclinical, manufacturing, validation or drug product quality studies and submit that data before considering or reconsidering any NDA or comparable foreign regulatory application that we may submit. Depending on the extent of these additional studies, approval of any applications that we submit may be significantly delayed or may cause the termination of such programs or may require us to expend more resources than we have available. If any of these outcomes occur, we may not receive regulatory approval for the corresponding product candidates, and our business would not be able to generate revenue from the sale of any such product candidates.

With respect to our current and future product candidates, even if we complete clinical testing and receive approval of any regulatory filing for our product candidates, the FDA or applicable foreign regulatory agency may grant approval contingent on the performance of additional costly post-approval clinical trials, risk mitigation requirements and surveillance requirements to monitor the safety or efficacy of the product, which could negatively impact us by reducing revenues or increasing expenses, and cause the approved product to not be commercially viable. Absence of long-term safety data may further limit the approved uses of our products, if any. The FDA or applicable foreign regulatory agency also may approve our product candidates for a more limited indication or a narrower patient population than we originally requested or may not approve the labeling that we believe is necessary or desirable for the successful commercialization of our product candidates. Furthermore, any such approved product will remain subject to extensive regulatory requirements, including requirements relating to manufacturing, labeling, packaging, adverse event reporting, storage, advertising, promotion, distribution and recordkeeping. If we fail to comply with the regulatory requirements of the FDA or other applicable foreign regulatory authorities, or previously unknown problems with any approved commercial products, manufacturers or manufacturing processes are discovered, we could be subject to administrative or judicially imposed sanctions or other setbacks, including the following: - suspension or imposition of restrictions on operations, including costly new manufacturing requirements;         - regulatory agency refusal to approve pending applications or supplements to applications;         - suspension of any ongoing clinical trials;         - suspension or withdrawal of marketing approval;         - an injunction or imposition of civil or criminal penalties or monetary fines;         - seizure or detention of products;         - bans or restrictions on imports and exports;         - issuance of warning letters or untitled letters;         - suspension or imposition of restrictions on operations, including costly new manufacturing requirements; or         - refusal of regulatory authorities to approve pending applications or supplements to applications. In addition, various aspects of our operations are subject to federal, state or local laws, rules and regulations, any of which may change from time to time. Costs arising out of any regulatory developments could be time-consuming and expensive and could divert management resources and attention and, consequently, could adversely affect our business, financial condition, cash flows and results of operations.

We currently dedicate certain resources to comply with numerous laws and regulations in each jurisdiction in which we operate outside of the United States. Our business activities in these foreign countries may be subject to the FCPA and similar anti-bribery or anti-corruption laws, regulations or rules of other countries in which we operate. The FCPA generally prohibits companies and their employees and third-party intermediaries from offering, promising, giving or authorizing the provision of anything of value, either directly or indirectly, to a non-U.S. government official in order to influence official action or otherwise obtain or retain business. The FCPA also requires public companies to make and keep books and records that accurately and fairly reflect the transactions of the corporation and to devise and maintain an adequate system of internal accounting controls. Our business is heavily regulated and therefore involves significant interaction with public officials, including officials of non-U.S. governments. Additionally, in many other countries, hospitals owned and operated by the government, and doctors and other hospital employees would be considered foreign officials under the FCPA. Recently the SEC and U.S. Department of Justice have increased their FCPA enforcement activities with respect to biotechnology and pharmaceutical companies. There is no certainty that all of our employees, agents or contractors, or those of our affiliates, will comply with all applicable laws and regulations, particularly given the high level of complexity of these laws. Violations of these laws and regulations could result in fines, criminal sanctions against us, our officers or our employees, disgorgement, and other sanctions and remedial measures, and prohibitions on the conduct of our business. Any such violations could include prohibitions on our ability to offer our products in one or more countries and could materially damage our reputation, our brand, our international activities and our ability to attract and retain employees and our business. In addition, our products and activities may be subject to U.S. and foreign export controls, trade sanctions and import laws and regulations. Governmental regulation of the import or export of our product, or our failure to obtain any required import or export authorization for our products, when applicable, could harm our international sales and adversely affect our revenue. Compliance with applicable regulatory requirements regarding the export of our products may create delays in the introduction of our products in international markets or, in some cases, prevent the export of our products to some countries altogether. Furthermore, U.S. export control laws and economic sanctions prohibit the shipment of certain products and services to countries, governments, and persons targeted by U.S. sanctions. If we fail to comply with export and import regulations and such economic sanctions, penalties could be imposed, including fines and/or denial of certain export privileges. Moreover, any new export or import restrictions, new legislation or shifting approaches in the enforcement or scope of existing regulations, or in the countries, persons, or product targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export our products to existing or potential customers with international operations. Any decreased use of our products or limitation on our ability to export or sell access to our products would likely significantly harm our business, financial condition, results of operations and prospects.

From time to time, legislation is drafted and introduced in Congress in the United States or by governments in foreign jurisdictions that could significantly change the statutory provisions governing the regulatory clearance or approval, manufacture, and marketing of regulated products or the reimbursement thereof. In addition, FDA or foreign regulatory agency regulations and guidance are often revised or reinterpreted by the FDA or the applicable foreign regulatory agency in ways that may significantly affect our business and our products. Any new regulations or revisions or reinterpretations of existing regulations may impose additional costs or lengthen review times of our product candidates or any future product candidates. We cannot determine what effect changes in regulations, statutes, legal interpretation or policies, when and if promulgated, enacted or adopted may have on our business in the future. Such changes could, among other things, require: - changes to manufacturing methods;         - recall, replacement, or discontinuance of one or more of our products; and         - additional recordkeeping. Each of these would likely entail substantial time and cost and could harm our business and our financial results. In addition, delays in receipt of or failure to receive regulatory clearances or approvals for any future products would harm our business, financial condition, and results of operations.