Regeneron Pharmaceuticals Inc.: 10-K Risk Factor Changes

We and our collaborators and other third-party providers are required to maintain compliance with cGMPs, and are subject to inspections by the FDA or comparable agencies in other jurisdictions to confirm such compliance. Changes of suppliers or modifications of methods of manufacturing may require amending our application(s) to the FDA or such comparable foreign agencies and acceptance of the change by the FDA or such comparable foreign agencies prior to release of product(s). Because we produce multiple products and product candidates at our facilities in Rensselaer, New York and Limerick, Ireland, there are increased risks associated with cGMP compliance. Recently, the FDA issued CRLs to multiple companies (including us, as further discussed below) citing unresolved inspection findings at third-party manufacturers, which prevented the timely approval of such companies' marketing applications. Our inability, or the inability of our collaborators and third-party fill/finish or other service providers, to demonstrate ongoing cGMP compliance could require us to engage in lengthy and expensive remediation efforts, identify and onboard new service providers, withdraw or recall product, halt or interrupt clinical trials, and/or interrupt commercial supply of any marketed products, and could also delay or prevent our obtaining regulatory approval for our product candidates or new indications for our marketed products. Any delay, interruption, or other issue that arises in the manufacture, fill/finish, packaging, or storage of any drug product or product candidate as a result of a failure of our facilities or the facilities or operations of our collaborators or other third parties to pass any regulatory agency inspection or maintain cGMP compliance could significantly impair our ability to develop, obtain approval for, and successfully commercialize our products, which would substantially harm our business, prospects, operating results, and financial condition. Any finding of non-compliance could also increase our costs, cause us to delay the development of our product candidates, result in delay in our obtaining, or our not obtaining, regulatory approval of product candidates or new indications for our marketed products, and cause us to lose revenue from any marketed products, which could be seriously detrimental to our business, prospects, operating results, and financial condition. For example, in August 2024, the FDA issued a CRL concerning the Company's BLA for linvoseltamab in relapsed/refractory multiple myeloma due to findings from a pre-approval inspection at a third-party fill/finish provider for another company's product candidate. While the linvoseltamab BLA has recently been resubmitted to the FDA, this has resulted in a delay of any potential FDA approval of this product candidate. Refer to Part I, Item 1. "Business - Programs in Clinical Development - Additional Information - Clinical Development Programs" for more information. Significant noncompliance with the requirements discussed in this paragraph could also result in the imposition of monetary penalties or other civil or criminal sanctions and damage our reputation.

We and our collaborators and other third-party providers are required to maintain compliance with cGMPs, and are subject to inspections by the FDA or comparable agencies in other jurisdictions to confirm such compliance. Changes of suppliers or 57 57 57 Table of Contents Table of Contents modifications of methods of manufacturing may require amending our application(s) to the FDA or such comparable foreign agencies and acceptance of the change by the FDA or such comparable foreign agencies prior to release of product(s). Because we produce multiple products and product candidates at our facilities in Rensselaer, New York and Limerick, Ireland, there are increased risks associated with cGMP compliance. Our inability, or the inability of our collaborators and third-party fill/finish or other service providers, to demonstrate ongoing cGMP compliance could require us to engage in lengthy and expensive remediation efforts, withdraw or recall product, halt or interrupt clinical trials, and/or interrupt commercial supply of any marketed products, and could also delay or prevent our obtaining regulatory approval for our product candidates or new indications for our marketed products. Any delay, interruption, or other issue that arises in the manufacture, fill/finish, packaging, or storage of any drug product or product candidate as a result of a failure of our facilities or the facilities or operations of our collaborators or other third parties to pass any regulatory agency inspection or maintain cGMP compliance could significantly impair our ability to develop, obtain approval for, and successfully commercialize our products, which would substantially harm our business, prospects, operating results, and financial condition. Any finding of non-compliance could also increase our costs, cause us to delay the development of our product candidates, result in delay in our obtaining, or our not obtaining, regulatory approval of product candidates or new indications for our marketed products, and cause us to lose revenue from any marketed products, which could be seriously detrimental to our business, prospects, operating results, and financial condition. For example, in June 2023, the FDA issued a CRL concerning the Company's BLA for EYLEA HD for the treatment of wAMD, DME, and DR due to unresolved observations resulting from an inspection at a third-party fill/finish provider, the contract manufacturing organization Catalent, which resulted in a delay of the FDA approval of EYLEA HD by nearly two months. Significant noncompliance with the requirements discussed in this paragraph could also result in the imposition of monetary penalties or other civil or criminal sanctions and damage our reputation.

We are substantially dependent on the success of EYLEA and, since its August 2023 FDA approval, EYLEA HD. EYLEA net product sales have historically represented a substantial portion of our revenues, and we expect that there will continue to be a concentration of our net sales from the net product sales of EYLEA HD and EYLEA. For the years ended December 31, 2024 and 2023, our aggregate EYLEA HD and EYLEA net product sales in the United States represented 42% and 45% of our total revenues, respectively. For the year ended December 31, 2024, EYLEA HD U.S. net product sales represented 20% of our aggregate EYLEA HD and EYLEA U.S. net product sales. If we are successful in commercializing EYLEA HD, we expect that our dependence on EYLEA HD will grow relative to our historical dependence on EYLEA. If we experience difficulty with the commercialization of EYLEA HD or EYLEA in the United States or if Bayer experiences any difficulty with the 36 36 36 Table of Contents Table of Contents commercialization of EYLEA HD or EYLEA outside the United States, if EYLEA net product sales experience a sustained decline in or outside the United States without an offset from EYLEA HD net product sales, or if we and Bayer are unable to maintain or obtain marketing approvals of these products (as applicable), we may experience a reduction in revenue and may not be able to stay profitable at the levels we previously achieved or at all, and our business, prospects, operating results, and financial condition may be materially harmed. Commercialization of EYLEA and EYLEA HD in the United States and elsewhere is subject to significant competition (as described further below under "The commercial success of our products and product candidates is subject to significant competition"), which we expect to continue to increase in the future. For the year ended December 31, 2024, EYLEA U.S. net product sales declined by 17% compared to the same period in 2023. Following the expiration of the U.S. regulatory exclusivity period for EYLEA (i.e., the period during which no biosimilar product can be approved by the FDA) in May 2024, several biosimilar versions of EYLEA have been approved by the FDA, and one such product has launched in the United States. EYLEA and/or EYLEA HD net product sales recorded by us are likely to be negatively impacted by biosimilar competition in the United States, which may have a material adverse impact on our results of operations. In addition, we expect that competition for EYLEA outside the United States will increase in the future when biosimilar versions of EYLEA (including those already approved but not yet launched) are brought to market in additional countries, which may negatively impact the amount of collaboration revenue we earn from Bayer. While we anticipate several important 2025 milestones relevant to further commercialization of EYLEA HD as shown in the table under Part I, Item 1. "Business - Programs in Clinical Development," there can be no assurance that any such milestones will be achieved or, if achieved, that they will enable us and Bayer to accelerate the ongoing launch and further commercialization of EYLEA HD. The degree to which EYLEA HD net product sales may offset further potential decrease in EYLEA net product sales, resulting from the factors discussed above or otherwise, is uncertain. We also are substantially dependent on our share of profits from the commercialization of Dupixent under our Antibody Collaboration with Sanofi. For the years ended December 31, 2024 and 2023, Sanofi collaboration revenue (most of which is attributable to our share of profits from the commercialization of Dupixent) represented 32% and 29% of our total revenues, respectively. If we or Sanofi were to experience any difficulty with the commercialization of Dupixent or if we or Sanofi are unable to maintain current marketing approvals of Dupixent, we may experience a reduction in revenue and our business, prospects, operating results, and financial condition may be materially harmed.

We are substantially dependent on the success of our ophthalmology portfolio, which consists of EYLEA and, since its August 2023 FDA approval, EYLEA HD. EYLEA net product sales have historically represented a substantial portion of our revenues, and we expect that there will continue to be a concentration of our net sales from the net product sales of EYLEA HD and EYLEA. For the years ended December 31, 2023 and 2022, our aggregate EYLEA HD and EYLEA net product sales in the United States represented 45% and 51% of our total revenues, respectively. For the year ended December 31, 2023, aggregate EYLEA HD U.S. and EYLEA U.S. net product sales decreased by 6%, compared to the same period in 2022. If we are successful in commercializing EYLEA HD, we expect that our dependence on EYLEA HD will grow relative to our historical dependence on EYLEA. If we were to experience difficulty with the commercialization of EYLEA HD or EYLEA in the United States or if 40 40 40 Table of Contents Table of Contents Bayer were to experience any difficulty with the commercialization of EYLEA HD or EYLEA outside the United States, if EYLEA net product sales experience a sustained decline in or outside the United States without an offset from EYLEA HD net product sales, or if we and Bayer are unable to maintain or obtain marketing approvals of these products (as applicable), we may experience a reduction in revenue and may not be able to stay profitable at the levels we previously achieved or at all, and our business, prospects, operating results, and financial condition may be materially harmed. In the United States, the regulatory exclusivity period for EYLEA (i.e., the period during which no biosimilar product can be approved by the FDA) will expire after May 17, 2024. See "Risks Related to Intellectual Property and Market Exclusivity - Loss or limitation of patent rights, and regulatory pathways for biosimilar competition, could reduce the duration of market exclusivity for our products" below. As a result, we face the risk of lower EYLEA net product sales due to biosimilar competition following such expiration, which may have a material adverse impact on our results of operations. The degree to which EYLEA HD net product sales may offset any potential decrease in EYLEA net product sales, resulting from the factors discussed above or otherwise, is uncertain. In addition, we are substantially dependent on our share of profits from the commercialization of Dupixent under our Antibody Collaboration with Sanofi. If we or Sanofi were to experience any difficulty with the commercialization of Dupixent or if we or Sanofi are unable to maintain current marketing approvals of Dupixent, we may experience a reduction in revenue and our business, prospects, operating results, and financial condition may be materially harmed.

While we have made progress with establishing commercial capabilities in certain jurisdictions outside the United States in connection with our acquisition of the exclusive right to develop, commercialize, and manufacture Libtayo worldwide pursuant to the 2022 Amended and Restated Immuno-oncology License and Collaboration Agreement with Sanofi (the "A&R IO LCA") and the exercise of our option under the Antibody Collaboration to co-commercialize Dupixent in certain jurisdictions outside the United States, our commercial capabilities and experience with commercializing products outside the United States (as well as obtaining and/or maintaining regulatory approvals and securing pricing and reimbursement for our products outside the United States) are still somewhat limited. There may be other circumstances in which we need to establish further commercial capabilities outside the United States, including because we decide to commercialize a particular product independently; we are unable to find an appropriate collaborator; or an existing collaborator decides to opt out or breaches its obligations to us with respect to a particular product. In order to commercialize or co-commercialize any products outside the United States beyond what we have done so far, we must build or enhance our sales, marketing, distribution, regulatory, managerial, and other capabilities in the relevant markets or make arrangements with third parties to perform these services, any of which will likely be expensive and time consuming and could delay product launch or the co-commercialization of a product in one or more markets outside the United States. We cannot be certain that we will be able to successfully develop requisite commercial capabilities outside the United States within an acceptable time frame, without incurring substantial expenses, or at all. These and other difficulties relating to commercializing our products outside the United States may harm our business, prospects, operating results, and financial condition.

We have limited commercial capabilities outside the United States and have not yet fully established an organization for the sales, marketing, and distribution of marketed products outside the United States. We are in the process of establishing these capabilities outside the United States for Libtayo in connection with the 2022 amendment to the IO Collaboration whereby all rights to develop, commercialize, and manufacture Libtayo will be transferred exclusively to our Company, on a worldwide basis, over the course of a defined transition period. In addition to fully establishing these commercial capabilities by the end of the transition period, we will also need to obtain and/or maintain regulatory approvals and secure pricing and reimbursement for Libtayo in many jurisdictions outside the United States (including Europe and Japan). Further, following the exercise of our option under the Antibody Collaboration to co-commercialize Dupixent in certain jurisdictions outside the United States, we have established certain co-commercialization capabilities for Dupixent in some of these jurisdictions and are in the process of establishing these capabilities in others. There may be other circumstances in which we need to establish further commercial capabilities outside the United States, including because we decide to commercialize a particular product independently; we are unable to find an appropriate collaborator; or an existing collaborator decides to opt out or breaches its obligations to us with respect to a particular product. In order to commercialize or co-commercialize any products outside the United States beyond what we have done so far, we must build our sales, marketing, distribution, regulatory, managerial, and other capabilities in the relevant markets or make arrangements with third parties to perform these services, any of which will likely be expensive and time consuming and could delay product launch or the co-commercialization of a product in one or more markets outside the United States. We cannot be certain that we will be able to successfully develop commercial capabilities outside the United States (particularly as it relates to Libtayo, for which we plan to expand our global commercialization footprint as noted above) within an acceptable time frame, without incurring substantial expenses, or at all. These and other difficulties relating to commercializing our products outside the United States may harm our business, prospects, operating results, and financial condition.

Our ability to conduct our business is significantly dependent on the data that we collect, process, and share in discovering, developing, and commercializing drug products. These data are often considered personal data and are therefore regulated by privacy and data protection laws in and outside the United States, including health privacy laws, data breach notification laws, consumer protection laws, data localization laws, biometric privacy laws, and genetic privacy laws. Such laws may apply to our operations and/or those of our collaborators and business partners and may impose restrictions on our collection, use, and dissemination of individuals' health and other personal data, including data that we may receive throughout the clinical trial process, in the course of our research collaborations, from individuals who enroll in our patient assistance programs, from healthcare professionals that interact with us, or from our own employees. Laws and regulations in this area are constantly evolving and are often not interpreted consistently by regulatory authorities, institutional review boards/ethics committees, or clinical trial sites. In the United States, there are numerous federal and state laws and regulations governing data privacy of personal data and the collection, use, disclosure, and protection of health data, genetic data, consumer data, and children's data. At the federal level, most U.S. healthcare providers, including research institutions from which we or our collaborators obtain clinical trial data, are subject to privacy and security regulations promulgated under HIPAA. While Regeneron is not directly subject to HIPAA, other than potentially with respect to providing certain employee benefits, we could be subject to criminal penalties if we, our affiliates, or our agents knowingly receive protected health information in a manner that is not permitted under HIPAA. The FTC also sets expectations for taking appropriate steps to safeguard consumers' personal information and for providing a level of privacy or security commensurate to promises made to individuals. Failure to meet these FTC standards may constitute unfair or deceptive acts or practices in violation of Section 5 of the FTC Act. The FTC also has the power to enforce the Health Breach Notification Rule, which imposes notification obligations on companies for breaches of certain health information contained in personal health records. Enforcement by the FTC under the FTC Act and Health Breach Notification Rule can result in civil penalties or enforcement actions. In addition, at the state level, many state consumer privacy laws recently went into effect and many other consumer privacy laws are expected to go into effect in the near future. These laws include certain transparency and other requirements to protect personal data and grant residents with certain rights regarding their personal data. These laws and regulations are constantly evolving and may impose limitations on our business activities. Outside the United States, we have operations and conduct business in several countries and have been significantly expanding the scope of these activities in those and/or additional countries, as discussed above under "Risks associated with our operations outside the United States could adversely affect our business." We also conduct clinical trials in these and many other countries around the world. These activities subject us to additional data protection authority oversight and require us to comply with stringent local and regional data privacy laws. Such laws include the GDPR, which has a wide range of compliance obligations relating to the processing and protection of personal data. Violations of the GDPR carry significant financial penalties for noncompliance. The GDPR also confers a private right of action on data subjects and consumer associations to file complaints with data protection authorities, seek judicial remedies, and obtain compensation for damages resulting from violations of the GDPR. Many other jurisdictions outside the United States have adopted and continue to adopt varying privacy and data protection legislation, the continued emergence of which has increased the costs and complexity of compliance. If we or any of our collaborators fail to comply with applicable federal, state, local, or foreign regulatory requirements, we could be subject to a range of regulatory actions that could result in fines or other penalties or otherwise affect our or any such collaborators' ability to commercialize our products. Any threatened or actual government enforcement action could also generate adverse publicity and could result in additional regulatory oversight. 60 60 60 Table of Contents Table of Contents

Our ability to conduct our business is significantly dependent on the data that we collect, process, and share in discovering, developing, and commercializing drug products. These data are often considered personal data and are therefore regulated by data privacy laws in the United States and abroad. We have operations and conduct business in several countries outside the United States and plan to significantly expand the scope of these activities in those and/or additional countries, as discussed above under "Risks associated with our operations outside the United States could adversely affect our business." These activities subject us to additional data protection authority oversight and require us to comply with stringent local and regional data privacy laws, including the EU's General Data Protection Regulations ("GDPR"). The GDPR has a wide range of compliance obligations, including increased consent and transparency requirements and data subject rights. Violations of the GDPR carry significant financial penalties for noncompliance (including possible fines of up to 4% of global annual turnover for the preceding financial year or €20 million (whichever is higher)). In addition to the GDPR, certain EU Member States have issued or will be issuing their own implementation legislation. In June 2021, the EC introduced new standard contractual clauses required to be incorporated into certain new and existing agreements within prescribed timeframes in order to continue to lawfully transfer personal data outside the EU. Many of the countries that have comprehensive data privacy laws have modeled their requirements after the GDPR. Compliance with these requirements has been and is expected to continue to be costly and time consuming. We conduct clinical trials in many countries around the world, which have new or evolving data privacy laws that are often not interpreted consistently by regulatory authorities, institutional review boards/ethics committees, or clinical trial sites. This complexity has resulted in increased liability in the management of clinical trial data, as well as additional compliance, contractual, and due-diligence obligations that could lead to a delay in clinical trial site start-up. There also has been an increase of enforcement activities in various EU countries that require evidence of compliance with local data privacy requirements. While we continue to monitor these developments, there remains some uncertainty surrounding the legal and regulatory environment for these evolving privacy and data protection laws. Complying with varying jurisdictional requirements could increase the costs and complexity of compliance, including the risk of substantial financial penalties for insufficient notice and consent, failure to respond to data subject rights requests, lack of a legal basis for the transfer of personal information out of the EU or other countries with localization laws (i.e., laws mandating that personal data collected in a foreign country be processed and stored within that country), or improper processing of personal data. Failure by our collaborators to comply with the strict rules on the transfer of personal data into the U.S. could result in the imposition of criminal and administrative sanctions on such collaborators or impact the flow of personal data, which could adversely affect our business. Most U.S. health care providers, including research institutions from which we or our collaborators obtain clinical trial data, are subject to privacy and security regulations promulgated under HIPAA. For example, as part of our human genetics initiative, our wholly-owned subsidiary, Regeneron Genetics Center LLC, has entered into collaborations with many research institutions, which are subject to HIPAA. Regeneron is not a covered entity or business associate under HIPAA and thus is not subject to its requirements. However, we could be subject to criminal penalties if we, our affiliates, or our agents knowingly receive PHI in a manner that is not permitted under HIPAA. Consequently, depending on the facts and circumstances, we could face substantial criminal penalties if we knowingly receive PHI from a health care provider or research institution that has not satisfied HIPAA's requirements for its disclosure. There are instances where we collect and maintain personal data, which may include health information that is outside the scope of HIPAA but within the scope of state health privacy laws or similar state level privacy legislation. This information may be received throughout the clinical trial process, in the course of our research collaborations, directly from individuals who enroll in our patient assistance programs, and from our own employees in a pandemic response process (such as in connection with the COVID-19 pandemic). Consumer protection laws impact the manner in which we develop and maintain processes to support our patient assistance programs, product marketing activities, and the sharing of employee and clinical data for internal and third-party commercial activities. Several U.S. states have proposed and passed consumer privacy laws, which were modeled after the CCPA and influenced by the GDPR. The CCPA is a consumer protection law that establishes requirements for data use and sharing transparency and provides California residents with personal data privacy rights regarding the use, disclosure, and retention of their personal data. Amendments to the CCPA have, among other things, imposed new obligations to provide notice where personal data will be de-identified. Failure to comply with the CCPA may result in, among other things, significant civil penalties and injunctive relief, or statutory or actual damages. In addition, California residents have the right to bring a private right of action in connection with data privacy incidents involving certain elements of personal data. These claims may result in significant liability and damages. These laws and regulations are constantly evolving and may impose limitations on our business activities. Several additional state consumer privacy laws went into effect in 2023 and many other consumer privacy laws are 63 63 63 Table of Contents Table of Contents expected to go into effect in the near future. Notably, these state laws provide more restrictions on the use of sensitive personal data, including health information. These states require robust consent and authorizations prior to any collection or use of this data, which may have a large impact on our ability to market to individuals in these jurisdictions based on their health conditions. At the federal level, Section 5 of the FTC Act is a consumer protection law that bars unfair and deceptive acts and practices and requires, among other things, companies to notify individuals that they will safeguard their personal data and that they will fulfil the commitments made in their privacy notices. The FTC has brought legal actions against organizations that have violated consumers' privacy rights or have misled them by failing to maintain appropriate security. For example, in 2023 the FTC issued several enforcement actions related to privacy in the healthcare space, under both Section 5 of the FTC Act and the Health Breach Notification Rule, involving companies allegedly using consumer health data for marketing purposes in violation of their own policies and assurances. Furthermore, health privacy laws, data breach notification laws, consumer protection laws, data localization laws, biometric privacy laws, and genetic privacy laws may apply directly to our operations and/or those of our collaborators and business partners and may impose restrictions on our collection, use, and dissemination of individuals' health and other personal data. Individuals about whom we or our collaborators obtain health or other personal data, as well as the providers and third parties who share this data with us, may have statutory or contractual limits that impact our ability to further use and disclose the data. Many of these laws differ from each other in significant ways and have different effects. Many of the state laws enable a state attorney general to bring actions and provide private rights of action to consumers as enforcement mechanisms. Compliance with these laws requires a flexible privacy framework as they are constantly evolving. Federal regulators, state attorneys general, and plaintiffs' attorneys have been active in this space. If we or any collaborators fail to comply with applicable federal, state, local, or foreign regulatory requirements, we could be subject to a range of regulatory actions that could affect our or any collaborators' ability to commercialize our products. Any threatened or actual government enforcement action could also generate adverse publicity and could result in additional regulatory oversight.

In April 2024, our board of directors authorized a share repurchase program to repurchase up to $3.0 billion of our Common Stock (of which $1.917 billion remained available as of December 31, 2024); and, in February 2025, authorized an additional $3.0 billion for share repurchases. In February 2025, our board of directors also initiated a quarterly cash dividend program and declared a first quarter 2025 cash dividend on our Common Stock and Class A Stock. Any future share repurchases, share repurchase program authorizations, or dividend declarations will depend upon, among other factors, our cash balances and potential future capital requirements, our results of operations and financial condition, the price of our Common Stock on the NASDAQ Global Select Market, and other factors that we may deem relevant. Our share repurchases and dividend payments may change from time to time, and we can provide no assurance that we will repurchase shares of our Common Stock at favorable prices, in particular amounts, or at all, or that we will maintain or increase our quarterly cash dividend payments or declare future cash dividends. A reduction in our share repurchases or reduction in, or elimination of, our quarterly cash dividend payments could have an adverse effect on our stock price.

In January 2023, our board of directors authorized a share repurchase program to repurchase up to $3.0 billion of our Common Stock (of which $1.531 billion remained available as of December 31, 2023). There can be no assurance of any future share repurchases or share repurchase program authorizations. Any share repurchases will depend upon, among other factors, our cash balances and potential future capital requirements, our results of operations and financial condition, the price of our Common Stock on the NASDAQ Global Select Market, and other factors that we may deem relevant. We can provide no assurance that we will repurchase shares of our Common Stock at favorable prices, if at all.