Risk Factors Related to Other Government Regulations

We are subject to healthcare laws, regulation and enforcement. The failure to comply with these laws could harm our results, operations and/or financial condition.

Our current and future operations are and may become directly, or indirectly through our customers and third-party payors, subject to various U.S. federal and state, EU and EU Member State, Japanese, Chinese, UK, Canadian and Israeli healthcare laws, and healthcare laws of other jurisdictions in which we conduct our business. This includes, but is not limited to, the U.S. FDCA, the U.S. False Claims Act and EU Directive 2001/83/EC.

In particular, our sales, marketing and business arrangements are subject to healthcare fraud and abuse, anti-kickback and similar laws designed to prevent fraud, misconduct, improper inducements and other abusive practices. For example, EU Directive 2001/83/EC restricts the provision of gifts, pecuniary advantages or other benefits to persons qualified to prescribe or supply medicinal products, subject to limited exceptions. Compliance with these complex and evolving requirements requires significant resources and may constrain our commercial activities.

Any action against us for violation of these laws, even if we successfully defend against it, could cause us to incur significant legal expenses and divert our management’s attention from the operation of our business.

The shifting compliance environment and the need to maintain robust and expandable systems to comply with multiple jurisdictions with different compliance or reporting requirements increases the possibility that we or our collaborative partners may run afoul of one or more of these requirements. We continue to expand, enhance and refine our internal ethics and compliance function and program to ensure compliance with the different healthcare laws and regulations. As we continue to grow our headcount to support our business, we face increased compliance risk as we need to train and supervise additional personnel to comply with relevant healthcare laws and regulations. This involves substantial costs and, notwithstanding our investment, there can be no assurance that our policies and procedures will be followed at all times or will effectively detect and/or prevent all compliance violations by our employees, consultants, subcontractors, agents and partners.

It is possible that governmental authorities will conclude that our business practices do not comply with current or future statutes, regulations or case law involving applicable fraud and abuse or other healthcare laws and regulations. If our operations are found to be in violation of any of these laws or any other governmental regulations applicable to us, we may be subject to significant civil, criminal and administrative investigations, penalties, damages, fines, disgorgement, imprisonment, exclusion of drugs from government funded healthcare programs, such as Medicare and Medicaid in the U.S., additional reporting requirements and oversight, reputational harm and the curtailment or restructuring of our operations. Managing such investigations and defending against or appealing any such actions or penalties can be costly and time-consuming and may require significant financial and personnel resources. Therefore, even if we are successful in managing any such governmental investigations and/or defending against or appealing any such actions or penalties that may be brought against or imposed upon us, our business may be impaired. Efforts to ensure that our business arrangements with third parties comply with applicable healthcare laws and regulations also involve substantial costs, and because we do not fully control the operations or compliance practices of these third parties, we cannot assure you that they will comply with all applicable healthcare laws and regulatory requirements.

The scope, interpretation and enforcement of healthcare laws remain uncertain and subject to change, particularly in the current environment of healthcare reform. Federal and state authorities in the U.S. have increased scrutiny of interactions between healthcare companies and healthcare providers, as well as promotional practices, including direct-to-consumer prescription drug advertising and manufacturer-sponsored platforms that facilitate patient access to products. The FDA has also heightened its review of the data supporting advertising and promotional claims. Compliance with these evolving requirements, and responding to investigations or enforcement actions, may require significant time and resources and could divert management attention, result in penalties or otherwise adversely affect our business.

All aspects of our business, including preclinical research, clinical trials, marketing and commercialization, are highly regulated, and any delay by relevant regulatory authorities could jeopardize our development and approval process and/or result in suspensions of marketing authorizations, refusals to approve our products, or withdrawal of existing approvals.

Before we can commence clinical trials for a product candidate, we must complete extensive preclinical testing to support our IND or planned IND applications in the U.S. or Japan, or our clinical trial applications (CTAs) in the EU, or comparable applications in other jurisdictions. We cannot be sure that we will be able to submit INDs or CTAs or comparable applications for our development programs on the timelines we expect, if at all. We also cannot guarantee that submission of INDs or CTAs or comparable applications will result in the Relevant Regulatory Authorities or other regulatory authorities allowing clinical trials to begin.

Clinical trials must be conducted in accordance with applicable laws and regulations, Relevant Regulatory Authorities’ and other comparable regulatory authorities’ legal requirements and regulations and are subject to oversight by Relevant Regulatory Authorities and other comparable regulatory authorities as well as IRBs and ethics committees. In particular, clinical trials must be conducted in compliance with GCPs and clinical supplies of our products and product candidates must be produced under cGMPs and other regulations. We could encounter delays if a clinical trial is suspended or terminated, by us, by the IRB or ethics committee, by the data review committee or data safety monitoring board for such clinical trial, or by the Relevant Regulatory Authorities or other comparable regulatory authorities. Such authorities may impose a suspension or termination due to a number of factors, including failure to conduct the clinical trial in accordance with regulatory requirements or our clinical protocols, inspection of the clinical trial operations or clinical trial site by the Relevant Regulatory Authorities or other comparable regulatory authorities resulting in the imposition of a clinical hold, unforeseen safety issues or adverse side effects, including those relating to the class to which our products and product candidates belong, failure to demonstrate a benefit from using the product or product candidate, changes in governmental regulations or administrative actions, or lack of adequate funding to continue the clinical trial.

If we experience delays in the completion of, or termination of, any clinical trial of our products or product candidates, the costs of our clinical programs may increase, the commercial prospects of our products and product candidates may be harmed, and our ability to generate product revenues from any of these products and product candidates may be delayed. Significant clinical trial delays could also allow our competitors to bring products to market before we do, or shorten any periods during which we have the exclusive right to commercialize our products and product candidates.

Moreover, we must obtain separate regulatory approvals in each jurisdiction where we want to market, and approval by one regulatory authority does not ensure approval by any other regulatory authority. As approval procedures can vary among countries and may change over time, this can require additional clinical testing, and the time required to obtain approval may differ. We can provide no assurances that such approval will be obtained on the timeline that we expect or at all. In addition, we anticipate submitting applications for approval of VYVGART in new indications, but can provide no assurances that such applications will be accepted or that we will receive approval on our anticipated timeline, or at all.

If VYVGART or any new formulations of VYVGART are not approved in one or more jurisdictions including beyond the countries where VYVGART is approved, or if such approvals are significantly delayed, it could have a material adverse effect on our business. It is possible that none of our other existing product candidates or any product candidates we may seek to develop in the future will ever obtain regulatory approval in any other jurisdiction for any indication.

Even if approval is obtained, the Relevant Regulatory Authorities or other comparable regulatory authorities may approve the product for fewer or more limited indications or patient sub-segments than requested and/or with a label that does not include the labeling claims necessary or desirable for the successful commercialization of that product. Further, the Relevant Regulatory Authorities or other comparable regulatory authorities may impose extensive and ongoing unique regulatory requirements, such as granting approval contingent on the performance of costly post-marketing clinical trials, including Phase 4 clinical trials, and surveillance to monitor the safety and efficacy of the product.

The costs of compliance with all Relevant Regulatory Authorities’ and other applicable authorities’ regulations, requirements or guidelines could be substantial, and failure to comply could result in sanctions, including fines, injunctions, civil penalties, denial of applications for marketing authorization of our products, delays, suspension or withdrawal of approvals, license revocation, seizures or recalls of products, operating restrictions and criminal prosecutions, any of which could significantly increase our and/or our collaborative partners’ costs or delay or prevent the development and commercialization of our product candidates. At this time, we cannot guarantee or know the exact nature, precise timing and detailed costs of the efforts that will be necessary to complete the remainder of the development of our research programs and product candidates.

We are subject to privacy, cybersecurity and AI laws, regulation and potential enforcement. The failure to comply with these laws could harm our results, operations and/or financial conditions.

Privacy laws, regulations and related enforcement are particularly relevant to our business as we collect, store and process personal data and in particular data of vulnerable groups such as patients, and sensitive information including health data as well as human biological samples. We also collaborate with third parties where we may seek to use data collected by third parties on our or their behalf, or we may seek to share data collected by us with such third parties to further our research or commercial initiatives.

The GDPR imposes strict requirements, including access controls, impact assessment and safeguards on cross-border transfers of personal data and imposes substantial penalties in the event of non-compliance. We face uncertainty as to the exact interpretation of the requirements under the GDPR, and we may be unsuccessful in implementing all measures required by data protection authorities or courts. Any investigation by a data protection authority could result in fines and other penalties.

The data privacy landscape is complex and fragmented. In the EU, national laws may impose stricter obligations than the GDPR, particularly for sensitive genetic, ethnic origin or race data, while regulations like the Directive 2002/58/EC of the European Parliament and of the Council of July 12, 2002 (as amended, the e-Privacy Directive) add further compliance risks.

This trend expands globally, with evolving laws in countries such as the U.S., Japan, Canada and China. For example, China has passed a number of laws concerning data protection and the collection, use and transfer of personal data (including data considered to be relevant as Chinese human genetic resources), and restricting the transfer of this data outside of China. These evolving laws and regulations impose increasing restrictions on the processing of personal data, which may require us to modify our data collection or processing practices and to incur significant expenses associated with our compliance efforts.

Moreover, in the current digital and regulatory landscape, privacy obligations are increasingly interconnected with broader cybersecurity laws and requirements, reflecting the close link between the protection of personal data and the security of information systems. Failure to comply with applicable cybersecurity frameworks and directives, including Directive (EU) 2022/2555 on Network and Information Security (NIS2), could result in significant legal, regulatory, and operational risks. In addition, inadequate cybersecurity and non-compliance with data protection laws and regulations increases the risk of personal data breaches, potentially resulting in regulatory sanctions, civil claims, reputational damage and loss of trust.

Furthermore, our integration of AI solutions into certain of aspects our business, introduce a new layer of regulatory risk. Most significantly, Regulation (EU) 2024/1689 (AI Act) establishes the world’s first comprehensive legal framework for AI, impacting how we develop and deploy AI systems in the future. In particular, high-risk AI systems must comply with strict regulatory requirements to ensure safety, transparency, and fundamental rights protection. Non-compliance with the AI Act may result in significant penalties. As most provisions will take effect from August 2, 2026, we must continuously assess and adapt our compliance strategy to mitigate risks from this evolving legal landscape.

If we violate existing laws and regulations or fail to comply with changing laws and regulations, we might be subject to fines, penalties and other adverse consequences, which could have a material adverse effect on our reputation, business, results of operations, cash flows or financial condition.

Failure to comply with anti-corruption laws and regulations, anti-money laundering laws and regulations, economic or financial sanctions, trade embargoes and/or export control regulations and other laws governing our operations could have an adverse impact on our business, financial conditions and operations.

We are or may become subject to various laws and regulations regarding anti-corruption, anti-money laundering, economic or financial sanctions, trade embargoes, investment restrictions, anti-fraud, other comprehensive prohibitions against transaction activity pursuant to anti-terrorism laws or export control laws and regulations issued by multiple jurisdictions. These include the UK Bribery Act 2010 and the U.S. Foreign Corrupt Practices Act of 1977, in each case, as amended, as well as comparable laws and regulations in other countries in which we do business, including in the European Union and China, which prohibit, among other things, payments, offers, or promises made for the purpose of improperly influencing any act or decision of a foreign government official. In the UK, since September 1, 2025, it is an offense under the Economic Crime and Corporate Transparency Act 2023 for a large organization to fail to prevent certain fraudulent activities by an associated person (such as an employee, agent, or subsidiary), unless it can demonstrate that it had reasonable prevention procedures in place to prevent the fraudulent activity. The nature of our business means that we engage in significant interactions with foreign officials. Compliance with these laws and regulations in the U.S. and in foreign jurisdictions is complex, and may increase our cost of doing business internationally.

We are also subject to economic and financial sanctions, trade embargoes, other comprehensive prohibitions against transaction activity pursuant to anti-terrorism laws and export control rules and regulations, including those imposed, administered or enforced by the UN Security Council, the, U.S., the UK, and the EU. Any change in export or import regulations, economic or financial sanctions regulations, trade embargo regulations or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could decrease our ability to conduct our planned research and development activities and to manufacture, import, export or sell our products internationally, which could require us to expend additional resources to achieve our goals and adversely affect our business, financial conditions and operations.

We have mechanisms in place to promote compliance with such rules and regulations. However, there can be no assurance that our policies and procedures will be followed at all times or will effectively detect and/or prevent violations of applicable compliance regimes by our employees, consultants, sub-contractors, agents and partners. In the event of non-compliance, we could be subject to substantial civil or criminal penalties, including sanctions against us, incarceration for responsible employees and managers, the possible loss of export or import privileges, debarment from participation in government contracting, reputational harm, and resulting loss of revenue and profits, which could have a material adverse impact on our business, financial conditions and operations.

Our performance tracked by our Environmental, Social and Governance metrics is subject to risks and the outcomes may not achieve the anticipated benefits or align with new regulations and stakeholders’ expectations.

There has been an increasing focus from stakeholders and regulators relating to environmental, social and governance (ESG) matters across all industries in recent years. The standards and stakeholder expectations continue to evolve, sometimes with contradictory expectations, and criteria to evaluate ESG practices may change rapidly. We are subject to evolving rules, including the European Union’s Corporate Sustainability Reporting Directive (CSRD) and ancillary European Union legislation. The SEC adopted rules in 2024 requiring enhanced climate-related disclosures, but after legal challenges, subsequently announced that it would end its defense of such climate disclosure rule. As a result, various U.S. states have enacted or proposed climate- and sustainability-related disclosure laws that may apply to companies doing business in those jurisdictions, such as California’s climate and carbon market disclosure laws, which would require in-scope companies to report on greenhouse gas emissions, climate-related financial risks, and the use of carbon offsets and emissions reduction claims relating to their operations or products. The future of the California climate disclosure laws is uncertain, as these laws are subject to ongoing litigation.

In response to new ESG initiatives and regulations we may voluntarily elect, or be required, to adopt strategies, policies, or procedures related to ESG matters. Such efforts could divert management’s attention from central operational matters and cause us to expend significant capital and human resources. Moreover, increasingly, different stakeholder groups and regulators have divergent views, particularly in the U.S., on ESG matters, which increases the risk that any action or lack thereof with respect to sustainability or ESG matters will be perceived negatively by at least some stakeholders and regulators and adversely impact our business and reputation. The current sociopolitical landscape has led to rapid and unpredictable shifts in public sentiment, which has resulted in dynamics that increase the risk of reputational damage, boycotts and shifts in consumer behavior that could adversely affect our business and reputation. Reports could also lead to the disclosure of information that may have a negative impact on our operations and reputation which may lead to additional exposure. In addition, any required disclosures and measurements of ESG metrics are highly dependent on third-parties, such as our suppliers and CROs, that we do not control. Failure to accurately comply with any sustainability reporting obligations may result in enforcement actions, sanctions, fines and penalties, reputational harm or private litigation.

We may become exposed to liability and substantial expenses in connection with environmental compliance or remediation activities.

Our operations, including our research, development and testing, and our third-party manufacturers’ and suppliers’ operations, are subject to numerous environmental, health and safety laws and regulations and for which we may become liable. These laws and regulations govern, among other things, the controlled use, handling, release and disposal of and the maintenance of a registry for, hazardous materials and biological materials, laboratory procedures and exposure to pathogens. We do not have control over our manufacturers’ or suppliers’ compliance with environmental, health and safety laws and regulations.

If we or one of our CMOs or third-party distributors, manufacturers, suppliers, licensees or co-marketers fail to comply with such laws and regulations, such failure could result in substantial liability, fines, penalties or other sanctions and incur substantial expenses, and could also face significant reputational loss.

We face a risk of environmental liability inherent in our current and historical activities, including liability relating to releases of our exposure to hazardous or biological materials. Furthermore, environmental, health and safety laws and regulations are becoming more stringent. Both us and our third-party manufacturers and suppliers may be required to incur substantial expenses in connection with future environmental compliance or remediation activities, in which case, our production and development efforts may be interrupted or delayed, and our financial condition and results of operations may be materially adversely affected.