Risk Factors — selected (top 10 of ~35 the final S-1 will need)
1. We have a history of net losses and may not achieve profitability.
We have incurred net losses in every period since inception, including net losses of $XX million in fiscal 2024 and $XX million in the year-to-date period. Our accumulated deficit was $XX million as of [date]. We expect to continue to incur losses for the foreseeable future as we invest in product development, sales and marketing, and expansion of our customer base. If we cannot achieve and sustain profitability, our financial condition and the value of our common stock will be adversely affected.
2. The market for AI-enabled healthcare software is new and evolving.
We operate in a category that has only emerged in the last [N] years. Customer adoption of AI for clinical and operational workflows depends on factors outside our control, including regulatory clarity (FDA AI/ML guidance, ONC certification), provider trust in AI outputs, and the willingness of payers to reimburse AI-assisted workflows. If these markets develop more slowly than we expect, or if AI tools are not adopted at the scale we anticipate, our growth will be materially harmed.
3. Regulatory enforcement against AI medical devices is uncertain.
The FDA has issued multiple guidance documents covering AI/ML-enabled medical device software. Our products may be classified as Software as a Medical Device (SaMD), which would subject us to premarket review, post-market surveillance, and Quality System Regulation requirements. State medical boards and the FTC may also assert jurisdiction over AI tools in clinical settings. Adverse classification, enforcement, or new rulemaking could materially impair our ability to sell our products.
4. Our customers are concentrated among large health systems.
Our top 10 customers represented X% of revenue in fiscal 2024. The loss of any one of these customers, or a material reduction in their purchases, would materially harm our results. Health systems also have long procurement cycles (12-24 months) and significant negotiating leverage, both of which may pressure our pricing and margins.
5. We process protected health information (PHI), subjecting us to HIPAA and state privacy laws.
As a Business Associate under HIPAA, we are subject to the Privacy Rule, Security Rule, and Breach Notification Rule. A material breach, OCR enforcement action, or class-action litigation under state laws (CCPA, BIPA, state breach notification statutes) could result in significant fines, customer attrition, remediation costs, and reputational harm. Our products incorporate large language models, which introduce novel risks of PHI disclosure through model outputs.
6. AI hallucination and clinical safety incidents could result in liability and reputation damage.
Our AI models occasionally produce outputs that are factually incorrect or clinically inappropriate. While our products include human-in-the-loop safeguards, a single clinical safety incident could result in malpractice litigation, FDA enforcement, customer attrition, and adverse media coverage. We carry product liability insurance, but coverage is limited and may not be available for AI-specific claims.
7. We rely on third-party AI model providers (OpenAI, Anthropic, Google) under contracts that may change.
Our products are built on foundation models licensed from third parties. Changes in pricing, model availability, terms of service, or content policies by any of these providers could materially impact our cost structure, product capabilities, or competitive position. Disputes or termination of these arrangements could require costly engineering work to switch providers and may temporarily degrade product quality.
8. Cybersecurity incidents could disrupt our operations and harm our reputation.
We handle confidential customer and patient data. A breach of our systems, ransomware attack, or supply-chain compromise could disrupt operations, trigger breach-notification obligations, result in litigation, and erode customer trust. We have implemented industry-standard controls (SOC 2 Type II, HITRUST), but no security program eliminates risk.
9. We depend on a small number of key personnel.
Our founders, [CEO name] and [CTO name], are critical to our strategy and operations. The loss of either, or of other key technical and commercial leaders, could materially harm our business. Our equity compensation programs are designed to retain key personnel, but retention is not guaranteed, and a public stock price decline could increase departure risk.
10. Public-company costs may strain our resources.
Following this offering, we will incur significant ongoing costs as a public company, including SEC compliance, audit fees, D&O insurance, investor relations, and Sarbanes-Oxley compliance (Section 404 once we exit emerging-growth-company status). These costs may divert management attention and harm our ability to operate efficiently.
(20 more risk factors — competition, IP, international operations, share-price volatility, dual-class structure, dilution from secondary issuances, etc. — to follow.)