ACADIA PHARMACEUTICALS INC

Moreover, recently there has been heightened governmental scrutiny over the manner in which manufacturers set prices for their commercial products. There have been several recent U.S. Congressional inquiries and proposed and enacted federal and state legislation designed to, among other things, bring more transparency to drug pricing, review the relationship between pricing and manufacturer patient programs, reduce the cost of drugs under Medicare, and reform government program reimbursement methodologies for drugs. The Trump administration’s budget proposal for fiscal year 2019 contains additional drug price control measures that could be enacted during the 2019 budget process or in other future legislation, including, for example, measures to permit Medicare Part D plans to negotiate the price of certain drugs under Medicare Part B, to allow some states to negotiate drug prices under Medicaid and to eliminate cost sharing for generic drugs for low-income patients. Additionally, the Trump administration released a “Blueprint” to lower drug prices and reduce out of pocket costs of drugs that contains additional proposals to increase manufacturer competition, increase the negotiating power of certain federal healthcare programs, incentivize manufacturers to lower the list price of their products and reduce the out of pocket costs of drug products paid by consumers. The U.S. Department of Health and Human Services, or HHS, has already started the process of soliciting feedback on some of these measures and, at the same, is immediately implementing others under its existing authority. For example, in September 2018, CMS announced that it will allow Medicare Advantage Plans the option to use step therapy for Part B drugs beginning January 1, 2019, in October 2018, CMS proposed a new rule that would require direct-to-consumer television advertisements of prescription drugs and biological products, for which payment is available through or under Medicare or Medicaid, to include in the advertisement the Wholesale Acquisition Cost, or list price, of that drug or biological product, and on January 31, 2019, the HHS Office of Inspector General proposed modifications to

federal Anti-Kickback Statute safe harbors which, among other things, may affect rebates paid by manufacturers to Medicare Part D plans, the purpose of which is to further reduce the cost of drug products to consumers. Although a number of these, and other proposed measures will require authorization through additional legislation to become effective, Congress and the Trump administration have each indicated that it will continue to seek new legislative and/or administrative measures to control drug costs. At the state level, legislatures have increasingly passed legislation and implemented regulations designed to control pharmaceutical and biological product pricing, including price or patient reimbursement constraints, discounts, restrictions on certain product access and marketing cost disclosure and transparency measures, and, in some cases, designed to encourage importation from other countries and bulk purchasing.

Additionally, California recently enacted legislation that has been dubbed the first “GDPR-like” law in the United States. Known as the California Consumer Privacy Act, or CCPA, it creates new individual privacy rights for consumers (as that word is broadly defined in the law) and places increased privacy and security obligations on entities handling personal data of consumers or households. When it goes into effect on January 1, 2020, the CCPA will require covered companies to provide new disclosures to California consumers, provide such consumers new ways to opt-out of certain sales of personal information, and allow for a new cause of action for data breaches. Legislators have stated that amendments will be proposed to the CCPA before it goes into effect, but it remains unclear what, if any, modifications will be made to this legislation or how it will be interpreted. As currently written, the CCPA will likely impact (possibly significantly) our business activities and exemplifies the vulnerability of our business to not only cyber threats but also the evolving regulatory environment related to personal data and protected health information.

While there are no approved medications for the treatment of Rett syndrome, trofinetide, if approved for Rett syndrome would compete with off label usage of generic prescription medications targeted at individual symptoms of Rett syndrome. These include antipsychotics including risperidone and aripiprazole; antidepressants sertraline and citalopram; and benzodiazepines clonazepam and diazepam. There are multiple academic institutions and six other pharmaceutical companies conducting clinical research in Rett syndrome. While other pharmaceutical companies are studying compounds for the associated symptoms of Rett syndrome (seizures – Ultragenyx, Anavex, GW Pharmaceuticals; respiratory issues – Newron, Neurolixis), these ongoing clinical trials have identified secondary outcomes assessing impact on overall disorder and some may launch in advance of trofinetide. Rett specific scales are being used in these trials including the RSBQ (Rett syndrome Behavioral Questionaire) which is being used in the trofinetide Phase 3 trial. Additionally AveXis/Novartis has a gene therapy program in Rett syndrome with a current projected FDA filing date of 2022.

We are dependent on information technology systems, infrastructure and data, which exposes us to data security risks.

We are dependent upon our own or third-party information technology systems, infrastructure and data, including mobile technologies, to operate our business. The multitude and complexity of our computer systems may make them vulnerable to service interruption or destruction, disruption of data integrity, malicious intrusion, or random attacks. Likewise, data privacy or security incidents or breaches by employees or others may pose a risk that sensitive data, including our intellectual property, trade secrets or personal information of our employees, patients, customers or other business partners may be exposed to unauthorized persons or to the public. Cyber-attacks are increasing in their frequency, sophistication and intensity. Cyber-attacks could include the deployment of harmful malware, denial-of-service, social engineering and other means to affect service reliability and threaten data confidentiality, integrity and availability. Our business partners face similar risks and any security breach of their systems could adversely affect our security posture. A security breach or privacy violation that leads to disclosure or modification of or prevents access to patient information, including personally identifiable information or protected health information, could harm our reputation, compel us to comply with federal and/or state breach notification laws and foreign law equivalents, subject us to mandatory corrective action, require us to verify the correctness of database contents and otherwise subject us to litigation or other liability under laws and regulations that protect personal data, any of which could disrupt our business and/or result in increased costs or loss of revenue. Moreover, the prevalent use of mobile devices that access confidential information increases the risk of data security breaches, which could lead to the loss of confidential information, trade secrets or other intellectual property. While we have invested, and continue to invest, in the protection of our data and information technology infrastructure, there can be no assurance that our efforts will prevent service interruptions, or identify breaches in our systems, that could adversely affect our business and operations and/or result in the loss of critical or sensitive information, which could result in financial, legal, business or reputational harm to us. In addition, our liability insurance may not be sufficient in type or amount to cover us against claims related to security breaches, cyber-attacks and other related breaches.