Risk Factors Related to Other Government Regulations

We are subject to healthcare laws, regulation and enforcement. The failure to comply with these laws could harm our results, operations and/or financial condition.

Our current and future operations are and may become directly, or indirectly through our customers and third-party payors, subject to various U.S. federal and state, EU, Japanese, Chinese, UK, Canadian and Israeli healthcare laws, and healthcare laws of other jurisdictions in which we conduct our business. This includes, but is not limited to, the U.S. FDCA, the U.S. False Claims Act and EU Directive 2001/83/EC. EU Directive 2001/83/EC provides that where medicinal products are being promoted to persons qualified to prescribe or supply them, no gifts, pecuniary advantages or benefits of any kind may be supplied, offered or promised to such persons, except under certain circumstances. This provision was also transposed into the Human Medicines Regulations 2012 in the UK.

Healthcare providers, physicians and others play a primary role in the recommendation and prescription of any products for which we obtain marketing approval. Healthcare laws also impact our arrangements with healthcare professionals who participate in our clinical research programs, healthcare professionals and others who recommend, purchase, or provide our approved products, and other parties through which we market, sell and distribute our products for which we obtain marketing approval.

Therefore, the healthcare laws we are subject to may impact, among other things, our proposed sales, marketing and education programs and constrain our business and financial arrangements with third-party payors. For example, the provision of benefits or advantages to physicians to induce or encourage the prescription, recommendation, endorsement, purchase, supply, order or use of medical products is generally not permitted in countries that form part of the EU, or the UK. Some EU Member States have enacted laws explicitly prohibiting the provision of these types of benefits and advantages to induce or reward improper performance generally, and the UK has enacted similar restrictions. Infringement of these laws can result in substantial fines and imprisonment, as well as associated reputational harm. Any action against us for violation of these laws, even if we successfully defend against it, could cause us to incur significant legal expenses and divert our management’s attention from the operation of our business.

The shifting compliance environment and the need to maintain robust and expandable systems to comply with multiple jurisdictions with different compliance or reporting requirements increases the possibility that we or our collaborative partners may run afoul of one or more of these requirements. We continue to expand, enhance and refine our internal ethics and compliance function and program to ensure compliance with the different healthcare laws and regulations. As we continue to grow our headcount to support our business, we face increased compliance risk as we need to train and supervise additional personnel to comply with relevant healthcare laws and regulations. This involves substantial costs and, notwithstanding our investment, there can be no assurance that our policies and procedures will be followed at all times or will effectively detect and/or prevent all compliance violations by our employees, consultants, subcontractors, agents and partners.

It is possible that governmental authorities will conclude that our business practices do not comply with current or future statutes, regulations or case law involving applicable fraud and abuse or other healthcare laws and regulations. If our operations are found to be in violation of any of these laws or any other governmental regulations applicable to us, we may be subject to significant civil, criminal and administrative investigations, penalties, damages, fines, disgorgement, imprisonment, exclusion of drugs from government funded healthcare programs, such as Medicare and Medicaid in the U.S., additional reporting requirements and oversight, reputational harm and the curtailment or restructuring of our operations. Managing such investigations and defending against or appealing any such actions or penalties can be costly and time-consuming and may require significant financial and personnel resources. Therefore, even if we are successful in managing any such governmental investigations and/or defending against or appealing any such actions or penalties that may be brought against or imposed upon us, our business may be impaired. Efforts to ensure that our business arrangements with third parties comply with applicable healthcare laws and regulations also involve substantial costs.

The scope and enforcement of each of these laws is uncertain and subject to rapid change in the current environment of healthcare reform. In the U.S., federal and state enforcement bodies have recently increased their scrutiny of interactions between healthcare companies and healthcare providers, which has led to a number of investigations, prosecutions, convictions and settlements in the healthcare industry. Ensuring business arrangements comply with applicable healthcare laws, as well as responding to possible investigations by government authorities, can be time and resource consuming and can divert a company’s attention from the business.

All aspects of our business, including preclinical research, clinical trials, marketing and commercialization, are highly regulated, and any delay by relevant regulatory authorities could jeopardize our development and approval process and/or result in suspensions of marketing authorizations, refusals to approve our products, or withdrawal of existing approvals.

Before we can commence clinical trials for a product candidate, we must complete extensive preclinical testing to support our IND or planned IND applications in the U.S. or Japan, or our clinical trial applications (CTAs) in the UK or in the EU, or comparable applications in other jurisdictions. We cannot be sure that we will be able to submit INDs or CTAs or comparable applications for our development programs on the timelines we expect, if at all. We also cannot guarantee that submission of INDs or CTAs or comparable applications will result in the Relevant Regulatory Authorities or other regulatory authorities allowing clinical trials to begin.

Clinical trials must be conducted in accordance with Relevant Regulatory Authorities’ and other comparable regulatory authorities’ legal requirements and regulations and are subject to oversight by these governmental agencies as well as IRBs and ethics committees. In addition, clinical trials must be conducted in compliance with GCPs and clinical supplies of our products and product candidates must be produced under cGMPs and other regulations. We could encounter delays if a clinical trial is suspended or terminated, by us, by the IRB or ethics committee, by the data review committee or data safety monitoring board for such clinical trial, or by the Relevant Regulatory Authorities or other comparable regulatory authorities. Such authorities may impose a suspension or termination due to a number of factors, including failure to conduct the clinical trial in accordance with regulatory requirements or our clinical protocols, inspection of the clinical trial operations or clinical trial site by the Relevant Regulatory Authorities or other comparable regulatory authorities resulting in the imposition of a clinical hold, unforeseen safety issues or adverse side effects, including those relating to the class to which our products and product candidates belong, failure to demonstrate a benefit from using the product or product candidate, changes in governmental regulations or administrative actions, or lack of adequate funding to continue the clinical trial.

If we experience delays in the completion of, or termination of, any clinical trial of our products or product candidates, the costs of our clinical programs may increase, the commercial prospects of our products and product candidates may be harmed, and our ability to generate product revenues from any of these products and product candidates may be delayed. Significant clinical trial delays could also allow our competitors to bring products to market before we do, or shorten any periods during which we have the exclusive right to commercialize our products and product candidates.

Moreover, we must obtain separate regulatory approvals in each jurisdiction where we want to market, and approval by one regulatory authority does not ensure approval by any other regulatory authority. As approval procedures can vary among countries and may change over time, this can require additional clinical testing, and the time required to obtain approval may differ. We can provide no assurances that such approval will be obtained on the timeline that we expect or at all. In addition, we anticipate submitting applications for approval of VYVGART in new indications, but can provide no assurances that such applications will be accepted or that we will receive approval on our anticipated timeline, or at all.

If VYVGART or any new formulations of VYVGART are not approved in one or more jurisdictions including beyond the countries where VYVGART is approved, or if such approvals are significantly delayed, it could have a material adverse effect on our business. It is possible that none of our other existing product candidates or any product candidates we may seek to develop in the future will ever obtain regulatory approval in any other jurisdiction for any indication.

Even if approval is obtained, the Relevant Regulatory Authorities or other comparable regulatory authorities may approve the product for fewer or more limited indications or patient sub-segments than requested and/or with a label that does not include the labeling claims necessary or desirable for the successful commercialization of that product. Further, the Relevant Regulatory Authorities or other comparable regulatory authorities may impose extensive and ongoing unique regulatory requirements, such as granting approval contingent on the performance of costly post-marketing clinical trials, including Phase 4 clinical trials, and surveillance to monitor the safety and efficacy of the product.

The costs of compliance with all Relevant Regulatory Authorities’ and other applicable authorities’ regulations, requirements or guidelines could be substantial, and failure to comply could result in sanctions, including fines, injunctions, civil penalties, denial of applications for marketing authorization of our products, delays, suspension or withdrawal of approvals, license revocation, seizures or recalls of products, operating restrictions and criminal prosecutions, any of which could significantly increase our and/or our collaborative partners’ costs or delay or prevent the development and commercialization of our product candidates. At this time, we cannot guarantee or know the exact nature, precise timing and detailed costs of the efforts that will be necessary to complete the remainder of the development of our research programs and product candidates.

We are subject to privacy laws, regulation and potential enforcement. The failure to comply with these laws could harm our results, operations and/or financial conditions.

Privacy laws, regulation and potential enforcement are particularly relevant to our business as we collect, store and process patient data, including sensitive health data as well as human biological samples such as blood or tissue, in the context of our clinical development activities, post-marketing approval monitoring obligations, and associated activities. We also collaborate on a regular basis with third parties where we may seek to use data collected by third parties on our or their behalf, or we may seek to share data collected by us with such third parties to further our research or commercial initiatives.

The GDPR imposes a broad range of strict requirements on companies, including with respect to cross-border transfers of personal data and imposes substantial penalties in the event of non-compliance. We face uncertainty as to the exact interpretation of the requirements under the GDPR, and we may be unsuccessful in implementing all measures required by data protection authorities or courts in interpretation of the GDPR.

In addition, national laws of EU Member States may partially deviate from the GDPR and impose different obligations from country to country. Also, in the field of handling genetic data, the GDPR specifically allows EU Member States’ laws to impose additional and more specific requirements or restrictions, and European national laws have historically differed quite substantially in this field, leading to additional uncertainty. Apart from the GDPR, privacy laws continue to evolve and expand in Europe. For example, violations of the Directive 2002/58/EC of the European Parliament and of the Council of July 12, 2002 (as amended, the e-Privacy Directive) can result in administrative measures, including fines, or criminal sanctions. The EU is in the process of developing a new e-Privacy Regulation to replace the e-Privacy Directive, and the new e-Privacy Regulation may impose additional obligations and risk for our business.

Following its departure from the EU, the UK has maintained in force substantially equivalent provisions to the GDPR (UK GDPR). Similar concerns as those described above with respect to GDPR apply to our compliance with the UK GDPR and other UK data protection rules as well.

Beyond the EU and UK, privacy and data protection laws and regulations continue to develop and expand around the world, including in other jurisdictions in which we operate, such as the U.S., Japan, and Canada. Such laws and regulations impose increasing restrictions and obligations on the processing of personal data, including sensitive personal data such as genetic data. For example, in the U.S., the federal Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act, and state privacy laws, such as the California Consumer Privacy Act of 2018, as amended, and the Washington My Health My Data Act of 2023, impose obligations on covered businesses, including, but not limited to, providing specific disclosures in privacy notices and affording residents certain rights related to their personal data. Privacy laws continue expanding globally and may require us to modify our data collection or processing practices and to incur significant expenses associated with our compliance efforts.

We continue to evaluate and consider whether and how to incorporate artificial intelligence solutions into certain aspects of our business, which may pose significant risks, including to data privacy. The legal regulatory regime relating to artificial intelligence is uncertain and evolving, and compliance with existing and new laws and regulations governing artificial intelligence may give rise to significant costs, which could increase our operating expenses. Further, these compliance obligations may make it harder for us to conduct our business using artificial intelligence, require us to change our business practices, or prevent or limit our use of artificial intelligence, which could make our business less efficient or put us at a competitive disadvantage. Implementation of artificial intelligence into our business could pose certain risks to our patients or partners. For example, if we incorporate artificial intelligence into our business, our use of artificial intelligence may result in cybersecurity incidents that implicate the personal data of our patients or partners.

In addition, if we are investigated by a data protection authority, we may face fines and other penalties. Any such investigation or charges by data protection authorities could have a negative effect on our existing business and on our ability to attract and retain new clients or pharmaceutical partners. We may also experience hesitancy, reluctance, or refusal by clients or pharmaceutical partners to continue to use our products and solutions due to the potential risk exposure as a result of the current and future data protection obligations. Such clients or pharmaceutical partners may also view any alternative approaches to compliance as being too costly, too burdensome, too legally uncertain, or otherwise objectionable and therefore decide not to do business with us. Any of the foregoing could harm our business, prospects, financial condition and results of operations.

Failure to comply with anti-corruption laws and regulations, anti-money laundering laws and regulations, economic sanctions and/or export control regulations and other laws governing our operations could have an adverse impact on our business.

We are or may become subject to various laws and regulations regarding anti-corruption, anti-money laundering, economic sanctions, investment restrictions, anti-fraud and export control regulations issued by multiple jurisdictions. These include the UK Bribery Act 2010 and the U.S. Foreign Corrupt Practices Act of 1977, as amended, which prohibits, among other things, payments, offers, or promises made for the purpose of improperly influencing any act or decision of a foreign official. The nature of our business means that we engage in significant interactions with foreign officials. In the UK, from September 1, 2025, it will also be an offense under the Economic Crime and Corporate Transparency Act 2023 for a large organization to fail to prevent certain fraudulent activities by an associated person (such as an employee, agent, or subsidiary), unless it can demonstrate that it had reasonable prevention procedures in place to prevent the fraudulent activity.

We are also subject to economic sanctions and export control rules and regulations imposed by multiple jurisdictions, including the U.S., UK, and EU. Any change in export or import regulations, economic sanctions regulations or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could decrease our ability to manufacture, import, export or sell our products internationally, which could adversely affect our business.

We have mechanisms in place to promote compliance with such rules and regulations. However, there can be no assurance that our policies and procedures will be followed at all times or will effectively detect and/or prevent violations of applicable compliance regimes by our employees, consultants, sub-contractors, agents and partners. In the event of non-compliance, we could be subject to substantial civil or criminal penalties, including economic sanctions against us, incarceration for responsible employees and managers, the possible loss of export or import privileges, reputational harm, and resulting loss of revenue and profits, which could have a material adverse impact on our business, financial conditions and operations.

Our performance tracked by our Environmental, Social and Governance metrics is subject to risks and the outcomes may not achieve the anticipated benefits or align with new regulations and stakeholders’ expectations.

There has been an increasing focus from stakeholders and regulators relating to environmental, social and governance (ESG) matters across all industries in recent years. The standards and stakeholder expectations continue to evolve and criteria to evaluate ESG practices may change rapidly. We are subject to evolving rules, including the European Union’s Corporate Sustainability Reporting Directive (CSRD). We may also be subject to other U.S. state specific legislation, such as California’s recently enacted climate disclosure laws, which will require in-scope companies to report on greenhouse gas emissions, climate-related financial risks, and the use of carbon offsets and emissions reduction claims relating to their cooperate operations or products. The future of the California climate disclosure law is uncertain, and two of three are subject to ongoing litigation. The CSRD increases the depth of required disclosures. The specific information required to be reported on is set out in the European Sustainability Reporting Standards (ESRS).

The Dutch government is in the process of implementing the CSRD into Dutch legislation. In 2025, we published our first CSRD report in alignment with the CSRD and the ESRS for the financial year 2024 and this year’s Annual Report is the first time we have reported a more extensive set of prescribed ESG data points. Performance tracked by our ESG metrics is also highly dependent on third-parties, such as our suppliers and CROs, that we do not control, which may adversely affect our reputation.

In response to new ESG initiatives and regulations we may voluntarily elect, or be required, to adopt strategies, policies, or procedures related to ESG matters. Such efforts could divert management’s attention from central operational matters and cause us to expend significant capital and human resources. Moreover, increasingly, different stakeholder groups have divergent views on ESG matters, which increases the risk that any action or lack thereof with respect to sustainability or ESG matters will be perceived negatively by at least some stakeholders and adversely impact our business and reputation. The current sociopolitical landscape has led to rapid and unpredictable shifts in public sentiment, which has resulted in dynamics that increase the risk of reputational damage, boycotts and shifts in consumer behavior that could adversely affect our business and reputation. Reports could also lead to the disclosure of information that may have a negative impact on our operations and reputation which may lead to additional exposure. Failure to accurately comply with any sustainability reporting obligations may result in enforcement actions, sanctions, fines and penalties, reputational harm or private litigation.

We may become exposed to liability and substantial expenses in connection with environmental compliance or remediation activities.

Our operations, including our research, development, testing and third-party manufacturing activities, are subject to numerous environmental, health and safety laws and regulations and for which we may become liable.

If we or one of our CMOs or third-party distributors, manufacturers, licensees or co-marketers fail to comply with such laws and regulations, such failure could result in substantial fines, penalties or other sanctions which could also bring significant reputational loss to our business.

We face a risk of environmental liability inherent in our current and historical activities, including liability relating to releases of our exposure to hazardous or biological materials. Furthermore, environmental, health and safety laws and regulations are becoming more stringent. Both us and our CMOs may be required to incur substantial expenses in connection with future environmental compliance or remediation activities, in which case, our production and development efforts may be interrupted or delayed, and our financial condition and results of operations may be materially adversely affected.