Changes in tax laws or regulations that are applied adversely to us or our customers may materially harm our business.
New tax laws, statutes, rules, regulations, or ordinances could be enacted at any time. Further, existing tax laws, statutes, rules, regulations, or ordinances could be interpreted differently, changed, repealed, or modified at any time. Any such enactment, interpretation, change, repeal, or modification could adversely affect us, possibly with retroactive effect. For example, the IRA enacted a 15% minimum tax on the adjusted financial statement income of certain large U.S. corporations for taxable years beginning after December 31, 2022, as well as a 1% excise tax on stock repurchases made by public corporations after December 31, 2022. Further, the Tax Cuts and Jobs Act of 2017, or the Tax Act, enacted many significant changes in U.S. federal tax laws, some of which were further modified by the Coronavirus Aid, Relief, and Economic Security Act, or the CARES Act, and may be modified in the future by the current or a future presidential administration. Among other changes, the Tax Act amended the Code to require that certain research and experimental expenditures be capitalized and amortized over five years if incurred in the United States or fifteen years if incurred in foreign jurisdictions for taxable years beginning after December 31, 2021. If the capitalization and amortization requirement is not deferred, repealed, or otherwise modified, it may increase our cash taxes and effective tax rate. In addition, it is uncertain if and to what extent various states will conform to the IRA, the Tax Act, the CARES Act, or any future U.S. federal tax laws. Changes in corporate tax rates, the realization of net deferred tax assets relating to our operations, the taxation of foreign earnings, and the deductibility of expenses could have a material impact on the value of our deferred tax assets, result in significant one-time charges, and increase our future U.S. tax expenses.
Our business and operations would suffer in the event of system failures, cyberattacks or a deficiency in our or our CMOs’, CROs’, manufacturers’, contractors’, consultants’ or collaborators’ cybersecurity.
In the ordinary course of our business, we and third parties with whom we conduct business, including third-party CMOs, CROs, manufacturers, contractors (including sites performing our clinical trials), consultants, and collaborators, collect and store sensitive data, including intellectual property, clinical trial data, proprietary and confidential business information, and personal data and personal information of our clinical trial subjects, employees, and others. The secure maintenance, transmission, and other processing of this information is critical to our operations.
Despite the implementation of security measures, our internal systems, as well as those of third parties on which we rely, are vulnerable to damage from, among other things, computer viruses, ransomware and other forms of malware, unauthorized access, natural disasters, terrorism, war, telecommunication and electrical failures, system malfunctions, cyberattacks or cyber-intrusions, email attachment compromise, denial of service attacks, phishing attacks, and unauthorized or otherwise improper acts or omissions by persons inside our organization, or persons with access to systems inside our organization. Any such event could lead to the prevention of access to, loss, destruction, alteration, disclosure, or dissemination of, or damage or unauthorized access to or other processing of, our data (including trade secrets or other confidential information, intellectual property, proprietary business information and personal data) or other data that is processed or maintained on our behalf, and cause disruptions to our operations, which could lead to a material disruption of our product candidate development programs. For example, the loss, corruption or unavailability of preclinical study or clinical trial data from completed, ongoing or planned trials could result in delays in our regulatory approval efforts and significantly increase our costs to recover or reproduce the data.
More generally, despite the implementation of security measures in an effort to protect our systems and data, we cannot ensure that our information technology and infrastructure or any of our relevant policies or measures will prevent breakdowns or disruptions of, or breaches or incidents impacting, our systems or those of third parties on which we rely, or other cybersecurity incidents that lead to loss, destruction, unavailability, or unauthorized alteration, dissemination or other processing of, or damage or unauthorized access to, our data, including personal data, our other assets, or other data processed or maintained on our behalf, that could delay clinical development of our product candidates and have a material adverse effect upon our reputation, business, operations or financial condition. To our knowledge, we have not experienced any security breach to date that has had a material impact on our business or operations, but we and the third parties with whom we conduct business have faced, and we anticipate continuing to face, cybersecurity risks, including risks of security breaches and incidents. Risks of security breaches and incidents and other types of system disruptions, particularly through cyberattacks or cyber intrusions, including by hackers, foreign governments, cyber terrorists, and associated actors, have increased generally as the number, intensity, and sophistication of attempted attacks and intrusions from around the world have increased. Geopolitical conflicts and tensions may also increase such risks.