We and our third-party contractors must comply with environmental, health and safety
laws and regulations. A failure to comply with these laws and regulations could expose us to significant costs or liabilities.
We
and our third-party contractors are subject to numerous environmental, health and safety laws and regulations, including those governing laboratory procedures and the use, generation, manufacture, distribution, storage, handling, treatment,
remediation and disposal of biohazardous materials and wastes and genetically modified organisms. Hazardous chemicals, including potentially infectious biological substances and genetically modified organisms, are involved in certain aspects of our
business, and we cannot eliminate the risk of injury or contamination from the use, generation, manufacture, distribution, storage, handling, treatment or disposal of hazardous materials and wastes. In the event of contamination or injury, or
failure to comply with environmental, health and safety laws and regulations, we could be held liable for any resulting damages, fines and penalties associated with such liability could exceed our assets and resources.
Although we maintain workers compensation insurance as prescribed by Texas and German laws to cover us for costs and expenses we may
incur due to injuries to our employees resulting from the use of biological or hazardous materials or wastes, this insurance may not provide adequate coverage against potential liabilities. We do not maintain insurance for environmental liability or
toxic tort claims that may be asserted against us in connection with our storage or disposal of biological, hazardous or radioactive materials.
Environmental, health and safety laws and regulations are becoming increasingly more stringent. We may incur substantial costs in order to
comply with current or future environmental, health and safety laws and regulations. These current or future laws and regulations may impair our research, development or production efforts. Our failure to comply with these laws and regulations also
may result in substantial fines, penalties or other sanctions.
Our internal computer systems, or those of our partners, third-party
CROs or other contractors or consultants, may fail or suffer security incidents, which could result in a material disruption of our product development programs and significant monetary losses.
Despite the implementation of security measures, our internal computer systems and those of our current or future partners, third-party CROs
and other contractors and consultants have been subject to attacks by, and may be vulnerable to damage from, various methods, including cybersecurity attacks, breaches, intentional or accidental mistakes or errors, or other technological failures
which can include, among other things, computer viruses, malicious codes, employee theft or misuse, unauthorized copying of our website or its content, unauthorized access attempts including third parties gaining access to systems using stolen or
inferred credentials, denial-of-service attacks, phishing attempts, service disruptions, natural disasters, fire, terrorism, war and telecommunication and electrical
failures. As the cyber-threat landscape evolves, these attacks are growing in frequency, sophistication and intensity, and are becoming increasingly difficult to detect. Such attacks could include the use of keystroke loggers or other harmful and
virulent malware, including ransomware or other denials of service, and can be deployed through malicious websites, the use of social engineering and/or other means. We may not be able to anticipate all types of security threats, and we may not be
able to implement preventive measures effective against all such security threats. Further, as the current COVID-19 pandemic continues to result in a significant number of people working from home, these
cybersecurity risks may be heightened by an increased attack surface across our business. We cannot guarantee that our efforts, or the efforts of those upon whom we rely and partner with, will be successful in preventing any such information
security incidents.
If a failure, accident or security breach were to occur and cause interruptions in our, our partners or our
CROs operations, it could result in a misappropriation of confidential information, including personally identifiable information and our intellectual property or financial information, a material disruption of our programs and/or significant
monetary losses. For example, the loss of XPRESIDENT raw data, the XPRESIDENT database or other data for our product candidates could result in delays in our regulatory approval efforts and significantly increase our costs to recover or reproduce
the data. In addition, because of our approach
52