GeneDx Holdings Corp. (WGS) Business

Item 1. Business

Unless otherwise stated in this Annual Report or the context otherwise requires, references to:

•“GeneDx Holdings” refer to GeneDx Holdings Corp., a Delaware corporation;

•“Legacy GeneDx” refer to GeneDx, LLC, a Delaware limited liability company, which we acquired on April 29, 2022 (the “Acquisition”);

•“Legacy Sema4” refer to Sema4 OpCo Inc., a Delaware corporation, which consummated the business combination with CM Life Sciences, Inc. (“CMLS”) on July 22, 2021 (the “Business Combination”);

•“Fabric Genomics” refer to Fabric Genomics, Inc., a Delaware corporation, which we acquired on May 5, 2025 (the “Merger”); and

•“we,” “us” and “our,” the “Company” and “GeneDx” refer, as the context requires, to GeneDx Holdings and its consolidated subsidiaries.

The Company’s Class A common stock and public warrants are listed on the Nasdaq Global Select Market under the symbols “WGS” and “WGSWW,” respectively.

Purpose

At GeneDx, our mission is to empower everyone to live their healthiest life through genomics. GeneDx combines clinical expertise, advanced technology, and the proprietary GeneDx Infinity™ dataset to power the ExomeDx™ and GenomeDx™ tests – ranked #1 by expert geneticists and granted FDA Breakthrough Device Designation – enabling clinicians to deliver precise, fast, and actionable diagnoses. GeneDx InfinityTM also fuels discovery for biopharma while supporting the network that we believe will drive the future of precision genetic medicine. We believe that what is best for patients must be embedded in every aspect of our work, and in support of these beliefs, we value equitability, simplicity, and transparency.

Overview

GeneDx was founded in 2000 by scientists from the National Institutes of Health whose mission was to make genetic testing accessible for patients with rare diseases. The company quickly became a leader in genomics, creating the foundation for how to provide genomic information at scale and pioneering exome and genome sequencing for rare and ultra-rare genetic pediatric disorders. 25 years later, we have amassed one of the world’s largest rare disease datasets, GeneDx InfinityTM, and remain a leader in genomics.

We believe exome and genome testing will become the standard for diagnosing genetic disease, with the potential to transform healthcare from reactive to proactive. We believe that we are positioned to usher in the next era of precision medicine by offering genetic diagnoses at the earliest moments, creating a patient-centric network to drive improved outcomes, and fueling discovery with the most powerful genomic intelligence.

Industry Background

Targeted genetic tests and panel testing still represent a meaningful portion of diagnostic tests ordered today. However, as healthcare increasingly moves toward genetics-informed and preventive care, the limitations of panel-based testing have become more pronounced, and exome and genome sequencing are moving closer to standard of care. Panels restrict analysis to a predefined set of genes based on an initial clinical hypothesis, which can result in inconclusive findings and delayed diagnoses—particularly for patients with overlapping, atypical, or evolving symptoms. This hypothesis-based approach is increasingly misaligned with the complexity of genetic disease and increasing access to high-quality exome and genome sequencing.

We believe that an affordable, scalable, and clinically actionable genome sequence will be a central element in the future of medicine. Historically, cost was one of the greatest barriers to broad adoption, but sequencing costs continue to decline with advancements in sequencing technology, competition, and scale. The more significant challenge today lies in transforming a genome’s vast volume of data into insights that are timely, accurate, and actionable in routine clinical care. This requires the ability to rapidly interpret genomic data at scale and continuously improve interpretation based on new data and outcomes. Accurate and scalable interpretation depends on robust, well-curated gene–disease knowledge, continuously updated with real-world evidence, and supported by large, diverse datasets that reduce uncertainty and improve diagnostic yield. As datasets grow and interpretation improves, genomics increasingly enables earlier diagnoses, fewer uncertain results, and more informed clinical decision-making from the earliest moments.

4

Table of Contents

In recent years, the genetic diagnostics industry has seen increasing momentum from several converging forces: growing clinician familiarity with genomics, expanding newborn and pediatric screening programs, improving reimbursement pathways for comprehensive testing, and the integration of artificial intelligence and automation into variant interpretation and reporting. Together, these trends are helping shift genomics from a specialized diagnostic tool toward a foundational layer of modern healthcare, supporting precise diagnoses, guiding personalized care plans, and accelerating therapeutic discovery.

The Genome Future

The genome is composed of 3 billion “letters”, or base pairs, of DNA. The exome is a portion of the genome that encodes proteins, which are involved in many different types of cellular functions. Changes in DNA can change the way proteins are formed or utilized by the cell, potentially causing disease. When patients present with complex issues, a genetic diagnosis may be available, but a traditional genetic panel test may be too narrow to identify the cause. Exome and genome sequencing can find different genetic alterations, or variants, that more targeted tests miss and are especially useful when the timing is critical to directing or altering medical management.

With 25 years of operation, GeneDx has a proven track record of expertise in genetic testing, particularly exome and genome testing. We launched the industry’s first commercially available Next Generation Sequencing panels in 2008 and pioneered exome sequencing in 2012. We have worked tirelessly to develop:

•One of the largest rare disease datasets in the world, GeneDx InfinityTM;

•A laboratory operation that delivers accuracy, speed, and cost efficiency;

•Proprietary bioinformatics, AI, and variant interpretation pipelines;

•High-quality standard exome and genome products as well as rapid and ultraRapid genomes; and

•Genomic newborn screening protocols using a whole genome backbone.

We regularly enrich our products with new genomic technologies, including medium and long-read sequencing, and adding multimodal analysis beyond DNA to enhance our ability to serve more patients with speed, accuracy, and scale over time. These R&D programs generate data that compounds upon our library of over 1,100 peer-reviewed publications, further exemplifying our position at the forefront of genomic innovation.

The scalable exome and whole genome interpretation that we deliver at speed does not require a long, complex, and expensive step-wise testing approach and may make most other genetic tests obsolete. Additionally, exome and genome testing provide a streamlined test selection and ordering process for non-genetics clinicians who are increasing the utilization of genetic testing for their patients. We believe that we are positioned to continue leading the industry into the genome future.

GeneDx InfinityTM

Over our 25-year history, we have amassed one of the largest rare disease datasets in the world, if not the largest. GeneDx InfinityTM is powered by data from over 2.5 million tests – including over 1 million exomes and genomes – and supplemented with more than 8 million phenotypic datapoints and billions of datapoints from longitudinal patient data, clinical data, claims data, and more. 60% of the exomes and genomes in GeneDx InfinityTM represent relative samples from trio testing, where biological relative samples are used as comparators to improve diagnostic quality. Importantly, the genomic data in GeneDx InfinityTM is incredibly diverse, with more than 50% of exomes and genomes representing individuals of non-European descent.

Each patient enriches the data density of GeneDx InfinityTM, improving our ability to offer fast, actionable, and accurate diagnoses to the next patients. This flywheel effect further differentiates our interpretation capabilities across diverse populations. This flywheel is also accelerating – in 2025 alone, we added 30% more rare disease exomes and genomes into GeneDx InfinityTM than in the previous 24 years combined.

Our team of more than 100 MDs and PhDs and 150 genetic counselors transform GeneDx InfinityTM into clear, trusted answers that clinicians can act on with confidence. We are also applying AI tools – like our machine learning powered gene ranker, Multiscore – on top of GeneDx InfinityTM to harness the power of our data, scale our platform and increase speed and turnaround time.

The structured gene-disease knowledge curated by our team of experts is being enhanced through cutting edge tools to deliver even greater speed, scale, and operational efficiency. Implemented with a human in the loop, our advanced interpretation methods incorporate automation, bioinformatics, and cloud-based machine learning, enabling efficient discovery of genetic differences at previously undetectable levels. As the number of new patients we test grows, so does our database, and the new data increases the potential for greater insights. As we capture more genomic and phenotypic data, we hope to fuel a positive feedback cycle of discovery that continuously delivers more value for patients, providers and healthcare partners.

5

Table of Contents

Market Opportunity

Our primary growth engine in the short term will be expanding adoption of our market-leading exome and genome testing in the pediatric outpatient setting among geneticists, pediatric neurologists, other pediatric specialists, and general pediatricians. General pediatricians represents the largest opportunity. Additionally, we plan to continue to expand into the Neonatal Intensive Care Unit (“NICU”), supplement our prenatal exome testing with a genome product for that setting, and translate our leadership to international markets via our recently acquired Fabric Genomics platform. Longer-term, we remain optimistic about our leading position in genomic newborn screening (“gNBS”) and see the adult market as a future opportunity. Over time we expect more and more use cases and reimbursement pathways for exome and genome products to open up across a wide spectrum of pediatric and adult diseases, conditions and disorders.

As we plan for longer-term growth, we aim to bring whole genome newborn screening to the market and are engaged in three programs to build the body of evidence needed to make genomic newborn screening mainstream. Those programs include the GUARDIAN study, the BEACONS study, and the Sunshine Genetics Network. Additionally, we believe there is a large data partnership opportunity with biopharmaceutical (“biopharma”) companies and precision medicine leaders.

By unlocking the value of our diagnostics products, GeneDx InfinityTM, our network of relationships, and internal expertise, GeneDx is well positioned to lead in what we believe is a nearly $25 billion market opportunity in pediatric and rare disease and a nearly $20 billion market opportunity for adult disease and disorders. In tandem with these testing markets, we see potential upside as we put a growth strategy behind our data and biopharma partnerships business, expand internationally with Fabric Genomics, and unlock precision medicine opportunities.

Our Strategy

We believe that the span and depth of our experience and dataset allows us to return more positive findings and thus clinical utility, both immediately and over time through reanalysis, than other sources. Importantly, we believe that we return fewer uncertain findings compared to public datasets and competitors, which makes our analysis easier to interpret outside of the medical genetics community.

At the same time, we have improved quality and speed to delivery of exome and genome tests while significantly lowering sequencing costs since inception. Much of this decline was driven by reduced sequencing costs shared across the industry; however, we have reduced wet labor, processing, and interpretation costs through accumulating data and experience, and we expect a further decline in costs going forward.

Leveraging these capabilities, we aim to be the global market leader in the development and delivery of reliable, actionable, scalable exome and genome sequencing and interpretation and information services. Our strategy focuses on the following objectives:

•Expand the utilization of exome and genome sequencing as the first-tier test over most other genetically targeted tests by leveraging product enhancements and decades of earned trust amongst expert geneticists; and

•Expand the utilization of industry-leading exome and genome sequencing beyond geneticists, creating a new standard of care which enables faster diagnoses, reduces suffering, and helps healthcare systems save money. In the near term, our principal target markets will be general pediatrics, other pediatric specialists, the NICU, and late-stage prenatal testing. We expect those markets to expand over time as clinical utility and reimbursement evolve.

To achieve these objectives, we:

•Deploy our team of approximately 120 field-based sales representatives and medical science liaisons, and construct an industry-leading brand, product, marketing, communications and market access platform that leverages our expertise, rich data, and decades of earned trust across the genetics community.

•Partner with leaders across health systems, manufacturers, commercial and governmental payors and advocacy groups. We aim to collaborate on programs to establish definitive clinical and economic case for broad use of genomic-guided medicine. Such programs will focus on:

◦health economic data supporting rapid whole genome sequencing in the NICU;

◦diagnosis of disease and prevention of chronic conditions in adults; and

◦use of whole genome sequencing for broad newborn screening.

•Plan to open new markets and geographies and unlock the value of our dataset with independently scalable cloud-based interpretation and information service offerings. This will enable healthcare partners to incorporate genetics into clinical care by accessing our analysis and interpretation capabilities remotely while sequencing locally to reduce complexity, logistics cost and wait times, and align to local restrictions where applicable.

6

Table of Contents

•Plan to launch a new provider and patient experience with the eventual goal of providing lifelong access and portability of genomic information. At initial sequence, rapid results provide clinicians with simple, actionable, easy to understand results for non-geneticists and tailored resources for patients and caregivers. On an ongoing basis, reanalysis unlocks a renewable source of insight, replacing any future germline screening. We will sequence once, and analyze for life.

•Plan to optimize our services to become a solutions provider of choice for biopharma companies. Such solutions will focus on value-added services such as:

◦Finding rare disease patients for clinical trial recruitment and/or delivery of targeted therapeutics.

◦Supporting research and development for targeted therapies with analytic reports leveraging clinicogenomics data across multiple therapeutic areas with an initial emphasis in rare disease.

◦Providing a therapeutic area agnostic platform to access data, patients and insights for real world evidence and data to support end-to-end drug discovery pipeline.

•Plan to leverage our position at the nexus of rare disease to create a network effect - uniting patients, researchers, biopharma, payers, policymakers, and health systems - and create solutions for some of the greatest challenges in the rare disease space and increase access to precision genetic medicine.

Research and Development

Our research and development activities include information technology, product development, customer experience, medical affairs, collaborations and research, including health economic and outcomes research (“HEOR”). These activities are principally focused on our efforts to develop and improve the software we use to analyze data, process genomic test orders, deliver reports, and improve customer experience.

We are also participating in certain collaborative studies aimed to provide evidence of the clinical and economic benefit for exome and whole genome sequencing. Two such studies currently underway include the SeqFirst study—in collaboration with Seattle Children’s Hospital and University of Washington—which is designed to demonstrate the broad utility of rapid whole genome sequencing for critically ill newborns and, the Genomic Uniform-Screening Against Rare Diseases In All Newborns (“GUARDIAN”) study—in collaboration with New York-Presbyterian, Columbia University, New York State Department of Health and Illumina, Inc.—which is designed to assess whole genome sequencing to screen newborns for more conditions than those currently included in standard newborn screening in the United States. The goals of these studies are to drive earlier diagnosis and treatment to improve the health of the newborns who participate in such studies, generate evidence to support the expansion of newborn screening through genomic sequencing, and characterize the prevalence and natural history of rare genetic conditions.

Competition

Our competitors include companies that offer molecular genetic testing and consulting services, including specialty and reference laboratories that offer traditional single- and multi-gene tests. In addition, there are a large number of new entrants into the market for genetic information ranging from informatics and analysis pipeline developers to focused, integrated providers of genetic tools and services for health and wellness, including Illumina, Inc., which is also one of our suppliers. In addition to the companies that currently offer traditional genetic testing services and research centers, other established and emerging healthcare, information technology and service companies may commercialize competitive products including informatics, analysis, integrated genetic tools and services for health and wellness. Principal competitors include companies such as Baylor Genetics, Tempus (via Ambry Genetics), Variantyx, and Rady Children’s Hospital as well as other commercial and academic labs.

Customers and Seasonality

We receive payment for our products and services from third-party payors, patients, business-to-business clients, and from other healthcare partners. Substantially all of our revenue for the year ended December 31, 2025 was derived from diagnostic test reports and we expect this trend to continue in the near-term. Over time we expect to achieve a mix of revenue from diagnostic tests, data and information solutions, newborn screening products and information and interpretation services.

Approximately 1.5% of our revenues today are derived from referral sources outside of the United States. We expect over time to increase rest of world revenue as knowledge and understanding of the benefits of exome and whole genome sequencing continue to expand.

We typically experience higher revenue in our fourth quarter and lower revenue in the first quarter due in part to seasonal demand of our tests from patients who have met their annual insurance deductible. However, changes in our product and payor mix might cause these seasonal patterns to be different than future patterns of our revenue or financial performance.

For information regarding our customer concentration in relation to certain of the Company’s third-party payors, see Note 2, “Summary of Significant Accounting Policies” in the notes to our consolidated financial statements.

7

Table of Contents

Raw Materials and Suppliers

We rely on a limited number of suppliers, including Illumina, Inc., Life Technologies Corporation, Twist Biosciences Corporation, Path-Tec LLC and Agilent Technologies. for certain laboratory reagents, as well as sequencers and other equipment and materials, which we use in our laboratory operations. Our operations could be interrupted if we encounter delays or difficulties in securing reagents, sequencers or other equipment or materials, and if we cannot obtain an acceptable substitute. Any such interruption could significantly affect our business, financial condition, results of operations and reputation. We believe that there are only a few other manufacturers outside of those listed above that are currently capable of supplying and servicing the equipment necessary for our operations, including sequencers and various associated reagents and enzymes. The use of equipment or materials provided by these replacement suppliers would require us to alter our operations. Transitioning to a new supplier would be time consuming and expensive, may result in interruptions in operations, could affect the performance specifications of our laboratory operations or could require that we revalidate our tests. We cannot be certain that we will be able to secure alternative equipment, reagents and other materials, or bring such equipment, reagents and materials online and revalidate them without experiencing interruptions in our workflow. If we encounter delays or difficulties in securing, reconfiguring or revalidating equipment and materials, our business and reputation could be adversely affected.

Intellectual Property

We rely on a combination of intellectual property rights, including trade secrets, copyrights, trademarks, customary contractual protections to protect our core technology and intellectual property.

Patents

The fields of genomic and health information analysis present limited opportunities for patent protection, based on current legal precedents. Our patent protection strategy has focused on seeking protection for certain of our non-gene specific technology and our specific biomarkers. In this regard, we have one issued U.S. design patent, fourteen pending U.S. non-provisional utility patent applications, four pending U.S. provisional patent applications, and three pending international PCT patent applications. The issued U.S. design patent relates to a display screen with a graphical user interface. The utility patent applications include an international PCT patent application and a U.S. patent application related to performing phenotypic fit analysis, an international PCT patent application and two U.S. patent applications related to analyzing genetic variations and phenotypes, a U.S. patent application related to modeling inference of mutation impact, two U.S. patent applications related to generating a cancer determination from electronic health records using a cancer determination analysis system, a U.S. patent application related to providing a homologous recombination DNA repair deficiency score for a cancer patient, a U.S. patent application related to therapeutic treatment for subjects having certain polymorphic markers associated with specific human leukocyte antigen alleles, two U.S. patent applications relating to analyzing phenotype-causing genomic variants, two U.S. patent applications relating to prioritizing phenotype-causing genomic variants in combination with biomedical ontologies, two U.S. patent applications relating to prioritizing phenotype-causing genomic variants in combination with clinical information, and an international PCT patent application relating to analyzing long biological sequence data. If patents are issued from the currently pending applications, the earliest patents will begin expiring in the early 2030s, subject to potential extensions of the patent term that will be calculated based on the length of the patent examination process. The claim scope of any potentially issued patents stemming from the present applications may be narrower than included in the initial filings due to any amendments that may arise throughout their prosecution.

We do not presently have any patents directed to the sequences of specific genes or variants of such genes, nor do we currently rely on any in-licensed gene patent rights of any third party. We may, in time, seek additional patent protection to protect technology that is not gene-specific and that provides us with a potential competitive advantage as we focus on making comprehensive genetic information less expensive and more broadly available to our customers.

Trade Secrets

We rely on trade secrets, including unpatented know-how, technology and other proprietary information, to maintain and develop our competitive position. We have a trade secrecy program to prevent disclosure of our trade secrets to others, except under stringent conditions of confidentiality when disclosure is critical to our business. We protect trade secrets and know-how by establishing confidentiality agreements and invention assignment agreements with our employees, consultants, scientific advisors, contractors, and collaborators. These agreements also provide that all inventions resulting from work performed for us or relating to our business and conceived or completed during the period of employment or assignment, as applicable, will be our exclusive property. In addition, we take other appropriate precautions, such as physical and technological security measures, to guard against misappropriation of our proprietary information by third parties.

8

Table of Contents

Our valuable trade secrets relate to proprietary bioinformatic tools such as:

•custom data processing methods and analytical pipelines for NGS, aCGH, MLPA, Sanger, and other genomic data, optimized and validated to the highest performance standards;

•a novel detection method to uncover notoriously difficult to detect sequence variants called mobile element insertions and partial-exon deletions; and

•custom variant analysis platforms built from the ground up for exome and genome-scale data interpretation.

Although we take steps to protect our proprietary information and trade secrets, including through contractual means with our employees and consultants, these steps may be circumvented, or third parties may independently develop substantially equivalent proprietary information and techniques or otherwise gain access to our trade secrets or disclose our technology. Accordingly, we may not be able to meaningfully protect our trade secrets.

Trademarks

We own or are applying for various trademarks, service marks, trade names, and product service names in the U.S and other commercially important markets. We intend to invest significant resources in the growth and protection of our reputation and trademarks. Our trademark portfolio is designed to protect the brands for our products and services, both current and in the pipeline.

Human Capital Management

We believe that human capital management, including attracting, retaining, and developing a high-quality workforce, is critical to our long-term success. We are committed to creating a workplace that supports the success of its people by investing in their personal development and career growth. Our team of nearly 1,300 individuals are champions of not only our organization, but our patients, providers and partners.

Our development, performance, and compensation programs are designed to attract and reward talented individuals from a broad range of backgrounds and experiences who possess the skills necessary to support our business objectives, assist in the achievement of their career goals, our strategic goals, and ultimately create long term value for our stockholders.

We offer competitive compensation to attract and retain high quality talent, supported by a comprehensive total rewards package. In addition to base compensation, our employees may be eligible for bonuses or sales incentives, and equity awards under our equity incentive plans. We also provide the opportunity to participate in our employee stock purchase plan and a 401(k) plan with employee matching opportunities. We offer equity for certain positions because we believe ownership in the company strengthens alignment and commitment to our long-term success. We provide programs including healthcare and insurance benefits, wellness, health savings and flexible spending accounts, paid time off, family and parental leave, flexible work schedules, fertility, adoption and surrogacy assistance, and employee assistance programs.

We operate in an industry in which competition for highly qualified personnel is significant. In addition to compensation and benefits, we focus on talent acquisition, retention and development. We periodically conduct employee engagement surveys and use the results to inform internal priorities and management goals, including actions responsive to employee feedback. Our employee evaluation is intended to support development, identify and develop high performers, and strengthen leadership and management capabilities as the organization grows. We believe that our engagement survey results reflect our commitment to fostering a thriving workplace culture, even amidst significant organizational growth.

Government Regulation

Our business and the services (both current and in the pipeline) we provide are subject to and impacted by extensive and frequently changing laws and regulations in the United States (at both the federal and state levels) and internationally. Failure to comply with the applicable laws and regulations can subject us to repayment of amounts previously paid to us, significant civil and criminal penalties, loss of licensure, certification, or accreditation, or exclusion from state and federal health care programs. The significant areas of regulation are summarized below:

Clinical Laboratory Improvement Amendments of 1988 and State Regulation

Our clinical laboratories must hold certain federal, state and local licenses, certifications and permits to conduct our business. Laboratories in the United States that perform testing on human specimens for the purpose of providing information for the diagnosis, prevention, or treatment of disease or impairment, or the assessment of health are subject to the Clinical Laboratory Improvement Amendments of 1988, as amended, and its implementing regulations (“CLIA”). CLIA requires such laboratories to be certified by the federal government and mandates compliance with various operational, personnel, facilities administration,

9

Table of Contents

inspections, quality control, quality assessment and proficiency testing requirements intended to ensure that testing services are accurate, reliable and timely. CLIA certification also is a prerequisite to be eligible to bill state and federal health care programs, as well as many commercial third-party payors, for laboratory testing services. Our laboratory located in Gaithersburg, Maryland is CLIA certified to perform high complexity tests. Laboratories performing high complexity testing are required to meet more stringent requirements than laboratories performing less complex tests. The regulatory and compliance standards applicable to the testing we perform may change over time, and any such changes could have a material effect on our business.

As a condition of CLIA certification, our laboratory is subject to survey and inspection every two years to assess compliance with program standards, in addition to being subject to additional random inspections. The biennial survey is conducted by the Centers for Medicare & Medicaid Services (“CMS”), a CMS agent (typically a state agency), or a CMS-approved accreditation organization. Our Gaithersburg laboratory has been accredited by the College of American Pathologists (“CAP”), which means that our laboratory has been certified as following CAP guidelines in operating the laboratory and in performing tests that ensure the quality of our results. Because our laboratory is accredited by CAP, which is a CMS-approved accreditation organization, CMS does not perform these biennial surveys and inspections and relies on our CAP surveys and inspections. We may also be subject to additional unannounced inspections.

CLIA provides that a state may adopt laboratory regulations consistent with those under federal law, and a number of states have implemented their own (sometimes more stringent) laboratory regulatory requirements. CLIA does not preempt state laws that have established laboratory quality standards that are at least as stringent as the federal law requirements under CLIA. State laws may require that nonresident laboratories, or out-of-state laboratories, maintain a laboratory license to perform tests on samples from patients who reside in that state. As a condition of state licensure, these state laws may require that laboratory personnel meet certain qualifications, specify certain quality control procedures or facility requirements, or prescribe record maintenance requirements. We maintain state laboratory licenses for our Gaithersburg facility in Maryland and in New York, California, Pennsylvania and Rhode Island. In addition to having a laboratory license in New York, our laboratory is also required to obtain approval on a test-specific basis for the tests it runs as laboratory developed tests (“LDTs”) by the New York Department of Health before specific testing is performed on samples from New York. If any states currently have or adopt similar licensure requirements in the future, we may be required to modify, delay or stop our operations in those states.

If a laboratory is out of compliance with state laws or regulations governing licensed laboratories or with CLIA, penalties may include suspension, limitation or revocation of the license or CLIA certificate, assessment of civil monetary penalties or fines, civil injunctive suit or criminal penalties. Failure to comply with CLIA could also result in a directed plan of correction and state on-site monitoring. Loss of a laboratory’s CLIA certificate or state license may also result in the inability to receive payments from state and federal health care programs as well as private third-party payors. We believe that we are in material compliance with CLIA and all applicable licensing laws and regulations.

CLIA and state laws and regulations, operating together, sometimes limit the ability of laboratories to offer consumer-initiated testing (also known as “direct access testing”). CLIA certified laboratories are permitted to perform testing only upon the order of an “authorized person,” defined as an individual authorized under state law to order tests or receive test results, or both. Many states do not permit persons other than licensed healthcare providers to order tests. We currently do not offer direct access testing and our CLIA tests may only be ordered by authorized healthcare providers.

Diagnostic Products and FDA Oversight of Laboratory Developed Tests

FDA Oversight of Laboratory Developed Tests

We currently offer an LDT version of certain tests. Historically, the FDA has exercised a policy of enforcement discretion with respect to most LDTs, whereby the FDA did not actively enforce its medical device regulatory requirements for such tests. However, at various points in recent years, the FDA has indicated that it intends to end enforcement discretion for many tests offered as LDTs, and to require such tests to comply with certain FDA regulatory requirements. Agency officials have previously expressed significant concerns regarding performance disparities between some LDTs and in vitro diagnostics that have been reviewed, cleared, authorized or approved by the FDA.

On April 29, 2024, the FDA published a final rule on LDTs, in which the FDA outlined its plans to end enforcement discretion for many LDTs in five stages over a four-year period.

In response, multiple lawsuits were filed challenging the FDA’s authority to regulate LDTs as medical devices under the Federal Food, Drug, and Cosmetic Act (FDCA). On March 31, 2025, the U.S. District Court for the Eastern District of Texas struck down the 2024 final rule on the grounds that the FDA exceeded its authority under the FDCA. The FDA did not appeal the court’s ruling. As a result, clinical laboratories offering LDTs are not required to comply with any of the phases of the final rule.

10

Table of Contents

Legislative proposals addressing the FDA’s oversight of LDTs have also been introduced in previous Congresses, and we expect that new legislative proposals will be introduced from time-to-time. For example, versions of the Verifying Accurate Leading-edge IVCT Development Act (the “VALID Act”) have been introduced in Congress several times in recent years, but the VALID Act has not been enacted. The VALID Act, as most recently proposed, would create a new category of medical products separate from medical devices called “in vitro clinical tests,” or IVCTs. As most recently proposed, the VALID Act would modify the FDCA and establish a risk-based approach to imposing requirements related to premarket review, quality systems, and labeling requirements on all IVCTs, including LDTs, but a grandfathering provision would create exemptions from certain requirements for certain LDTs (e.g., LDTs first offered for clinical use not later than May 6, 2024). The likelihood that Congress will pass such legislation is difficult to predict at this time.

If the FDA ultimately regulates certain LDTs, our tests may be subject to certain additional regulatory requirements. Complying with the FDA’s requirements can be expensive, time-consuming, and subject us to significant or unanticipated delays. Insofar as we may be required to obtain premarket clearance or approval to perform or continue performing an LDT, we cannot be sure that we will be able to obtain such authorization. Even if we obtain regulatory clearance or approval where required, such authorization may not be for the intended uses that we believe are commercially attractive or are critical to the commercial success of our tests. As a result, the application of the FDA’s oversight to our tests could materially and adversely affect our business, financial condition, and results of operations.

We will continue to monitor changes to all LDT regulatory policy so as to ensure compliance with the current regulatory scheme. The FDA in the course of enforcing the FDCA may subject a company to various sanctions for violating FDA regulations or provisions of the FDCA, including requiring recalls, issuing Warning Letters, seeking to impose civil money penalties, seizing devices that the agency believes are non-compliant, seeking to enjoin distribution of a specific device, seeking to revoke a clearance or approval, seeking disgorgement of profits and/or seeking to criminally prosecute a company and its officers and other responsible parties.

Additionally, certain of our diagnostic products in development may be subject to regulation by the FDA and similar international health authorities. For these products, we would have an obligation to comply with applicable premarket review requirements, and adhere to the FDA’s current Good Manufacturing Practices and diagnostic product regulations, including providing for an establishment and product listing with the FDA. Additionally, we would be subject to periodic FDA inspections, quality control procedures, and other detailed validation procedures. If the FDA finds deficiencies in the validation of our manufacturing and/or our quality control practices, it may impose restrictions on marketing specific products until corrected. Regulation by governmental authorities in the United States and other countries may be a significant factor in how we develop, test, produce and market our diagnostic test products.

In October 2025, we received Breakthrough Device Designation from the FDA for the analysis of DNA extracted from human blood specimens from pediatric or adult patients with unexplained constitutional or heritable disorders or syndromes, nonspecific or atypical clinical presentations, or for differential diagnoses including rapid neonatal testing in critical care, or postnatal detection of germline variants associated with causes of life-threatening diseases or genetic disorders in symptomatic patients (the “Breakthrough Device Designation Indications”) using our ExomeDxTM and GenomeDxTM tests. Breakthrough Device Designation provides certain benefits, including more interactive and timely communications with FDA staff, potential use of post-market data collection to facilitate expedited development and review, opportunities for more efficient and flexible clinical study design, and prioritized review of premarket submissions. However, there can be no guarantee that these benefits will materialize or significantly impact our development and regulatory authorization process. We may not experience a faster development process, review, or authorization compared to conventional FDA procedures. Breakthrough Device Designation does not alter the regulatory standards for marketing authorization or guarantee that we will ultimately obtain FDA authorization for the Breakthrough Device Designation Indications using our ExomeDxTM and GenomeDxTM tests. Furthermore, the FDA may rescind Breakthrough Device Designation if it believes that the designation is no longer supported by data from our clinical development program. As with all FDA marketing authorizations, we will need to continue to comply with applicable regulations and standards, which may change over time.

Corporate Practice of Medicine

Numerous states prohibit business organizations from practicing medicine or employing or engaging physicians to practice medicine, which prohibitions are generally referred to as the prohibition against the corporate practice of medicine. These laws are intended to prevent interference in the medical decision-making process by anyone who is not a licensed physician. For example, California law establishes that determining what diagnostic tests are appropriate for a particular condition and taking responsibility for the ultimate overall care of the patient, including providing treatment options available to the patient, would constitute the unlicensed practice of medicine if performed by an unlicensed person. Violation of these corporate practice of medicine prohibitions may result in civil or criminal fines, as well as sanctions imposed against us and/or the professional through licensure proceedings.

11

Table of Contents

Other Regulatory Requirements

We are subject to laws and regulations related to the protection of the environment, the health and safety of employees and the handling, transportation and disposal of regulated medical waste, hazardous waste and biohazardous waste, including chemical, biological agents and compounds, blood and bone marrow samples and other human tissue, and radioactive materials. For example, the U.S. Occupational Safety and Health Administration has established extensive requirements relating specifically to workplace safety for healthcare employers in the United States. For purposes of transportation, some biological materials and laboratory supplies are classified as hazardous materials and are subject to regulation by one or more of the following: the U.S. Department of Transportation, the U.S. Public Health Service, the U.S. Postal Service, the Office of Foreign Assets Control and the International Air Transport Association. We generally use third-party vendors to dispose of regulated medical waste, hazardous waste and radioactive materials and contractually require them to comply with applicable laws and regulations. These vendors are licensed or otherwise qualified to handle and dispose of such wastes.

Federal and State Healthcare Fraud & Abuse Laws

Federal and State Physician Self-Referral Prohibitions

We are subject to the federal physician self-referral prohibitions, commonly known as the Stark Law. These restrictions generally prohibit a physician who has (or whose immediate family member has) a financial relationship, such as an ownership or investment interest in or compensation arrangement with us, from making referrals for “designated health services”, including clinical laboratory services, if payment for the services may be made under Medicare. If such a financial relationship exists, referrals are prohibited unless a statutory or regulatory exception applies. The Stark Law also prohibits us from billing for any such prohibited referral. These prohibitions apply regardless of any intent by the parties to induce or reward referrals or the reasons for the financial relationship and the referral. Several Stark Law exceptions are relevant to many common financial relationships involving clinical laboratories and referring physicians and may be relied upon if all of the elements of the applicable exception are satisfied. Penalties for violating the Stark Law include the return of funds received for all prohibited referrals, fines, civil monetary penalties and possible exclusion from federal health care programs. In addition, violations of the Stark Law may also serve as the basis for liability under the federal False Claims Act (the “FCA”), which can result in additional civil and criminal penalties. Several states have enacted comparable self-referral laws which may be broader in scope and apply regardless of payor.

Federal and State Anti-Kickback Laws

The federal Anti-Kickback Statute (the “AKS”), makes it a felony for a person or entity, including a clinical laboratory, to, among other things, knowingly and willfully offer, pay, solicit or receive any remuneration, directly or indirectly, overtly or covertly, in cash or in kind, in order to induce or reward either the referral of an individual for, or the purchase, order or recommendation of, any good or service, for which payment may be made under federal health care programs. The government may also assert that a claim that includes items or services resulting from a violation of the AKS constitutes a false or fraudulent claim under the FCA, which is discussed in greater detail below. Additionally, a person or entity does not need to have actual knowledge of the statute or specific intent to violate it in order to have committed a violation. Although the AKS applies only to items and services reimbursable under any federal health care program, a number of states have passed statutes substantially similar to the AKS that apply to all payors or to state program payors. Penalties for violations of such laws include imprisonment and significant monetary fines and, in the case of the AKS, exclusion from federal health care programs. Federal and state law enforcement authorities scrutinize arrangements between health care providers and potential referral sources to ensure that the arrangements are not designed as a mechanism to induce patient care referrals or induce the purchase or prescribing of particular products or services. Generally, courts have taken a broad interpretation of the scope of the AKS, holding that the statute may be violated if merely one purpose of a payment arrangement is to induce referrals or purchases. In addition to statutory exceptions to the AKS, regulations provide for a number of safe harbors. If an arrangement meets the conditions of an applicable exception or safe harbor, it is deemed not to violate the AKS. An arrangement must fully meet each condition of an applicable exception or safe harbor in order to qualify for protection. Failure to meet the conditions of a safe harbor, however, does not render an arrangement illegal. Rather, the government may evaluate such arrangements on a case-by-case basis, taking into account all facts and circumstances.

In addition, the federal Eliminating Kickbacks in Recovery Act of 2018 (the “EKRA”), prohibits knowingly and willfully soliciting or receiving any remuneration (including any kickback, bribe or rebate) directly or indirectly, overtly or covertly, in cash or in kind, in return for referring a patient or patronage to a laboratory; or paying or offering any remuneration (including any kickback, bribe or rebate) directly or indirectly, overtly or covertly, in cash or in kind, to induce a referral of an individual to a laboratory and certain other entities or in exchange for an individual using the services of such entities. The EKRA applies to all payors including commercial payors and government payors, and EKRA violations result in significant fines and/or up to 10 years in jail, separate and apart from existing AKS liability. Several EKRA exceptions are relevant to many common financial

12

Table of Contents

relationships involving clinical laboratories and may be relied upon if all of the elements of the applicable exception are satisfied. Failure to meet the requirements of an exception, however, does not render an arrangement illegal. Rather, the government may evaluate such arrangements on a case-by-case basis, taking into account all facts and circumstances.

Other Federal and State Fraud & Abuse Healthcare Laws

In addition to the requirements discussed above, several other health care fraud and abuse laws could have an effect on our business.

The FCA prohibits, among other things, a person from knowingly presenting, or causing to be presented, a false or fraudulent claim for payment or approval and from, making, using, or causing to be made or used, a false record or statement material to a false or fraudulent claim in order to secure payment or retaining an overpayment by the federal government. Under the FCA, a person acts knowingly if he or she has actual knowledge of the information or acts in deliberate ignorance or in reckless disregard of the truth or falsity of the information. Specific intent to defraud is not required. FCA violations can result in penalties of up to three times the actual damages sustained by the government, plus civil penalties for each false claim. In addition to actions initiated by the government itself, the statute authorizes actions to be brought on behalf of the federal government by a private party having knowledge of the alleged fraud. Because the complaint is initially filed under seal, the action may be pending for some time before the defendant is even aware of the action. If the government intervenes and is ultimately successful in obtaining redress in the matter or if the plaintiff succeeds in obtaining redress without the government’s involvement, then the plaintiff will receive a percentage of the recovery. Several states have enacted comparable false claims laws which may be broader in scope and apply regardless of payor.

The Social Security Act includes civil monetary penalty provisions that impose penalties against any person or entity that, among other things, is determined to have presented or caused to be presented a claim to a federal health program that the person knows or should know is for an item or service that was not provided as claimed or is false or fraudulent. Several states have enacted comparable laws which may be broader in scope and apply regardless of payor. In addition, a person who offers or provides to a Medicare or Medicaid beneficiary any remuneration, including waivers of co-payments and deductible amounts (or any part thereof), that the person knows or should know is likely to influence the beneficiary’s selection of a particular provider, practitioner or supplier of Medicare or Medicaid payable items or services may be liable under the civil monetary penalties law. Moreover, in certain cases, providers who routinely waive copayments and deductibles for Medicare and Medicaid beneficiaries, can also be held liable under the civil monetary penalty provisions and certain other laws, such as the AKS and FCA. One of the statutory exceptions to the civil monetary penalty prohibition is non-routine, unadvertised waivers of copayments or deductible amounts based on individualized determinations of financial need or exhaustion of reasonable collection efforts. The Office of Inspector General of the U.S. Department of Health and Human Services (“HHS”), emphasizes, however, that this exception should only be used occasionally to address special financial needs of a particular patient. States may have similar prohibitions.

Other Federal and State Healthcare Laws

In addition to the fraud and abuse laws discussed above, our business potentially is subject to the following additional healthcare regulatory laws:

Laws Governing Genetic Counseling Services

Our genetic counseling partner may provide services via electronic means that could subject it to various federal, state and local certification and licensing laws, regulations and approvals, relating to, among other things, the adequacy of health care, the practice of medicine and other health professions (including the provision of remote care and cross-coverage practice), equipment, personnel, operating policies and procedures and the prerequisites for ordering laboratory tests. Some states have enacted regulations specific to providing services to patients via telehealth. Such regulations include, among other things, informed consent requirements that some states require providers to obtain from their patients before providing telehealth services. Health professionals who provide professional services using telehealth modalities must, in most instances, hold a valid license to practice the applicable health profession in the state in which the patient is located. In addition, certain states require a physician providing telehealth to be physically located in the same state as the patient. Any failure to comply with these laws and regulations could result in civil or criminal penalties against telehealth providers.

Clinical and Human Subjects Research Regulations

We may collaborate or support ongoing clinical or other human subjects research that could subject us to a number of laws and regulations pertaining to such research, including, but not limited to the Federal Policy for Protection of Human Subjects (as set forth in the implementing regulations of any signatory federal department or agency), the FDCA and its applicable implementing regulations at 21 C.F.R. Parts 11, 50, 54, 56, 58 and 812 and all equivalent legal requirements in other jurisdictions.

13

Table of Contents

Privacy and Security Laws

Health Insurance Portability and Accountability Act

Under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health Act (“HITECH”), HHS has issued regulations to protect the privacy and provide for the security of protected health information (“PHI”) used or disclosed by covered entities, including most health care providers and their respective business associates, as well as the business associates’ subcontractors. HIPAA also regulates standardization of data content, codes, and formats used in certain health care transactions and standardization of identifiers for health plans and providers. Four principal regulations with which we are required to comply have been issued in final form under HIPAA and HITECH: privacy regulations, security regulations, breach notification regulations, and standards for electronic transactions, which establish standards for common healthcare transactions.

The privacy regulations cover the use and disclosure of PHI by covered entities as well as business associates, which are persons or entities that perform certain functions for or on behalf of a covered entity that involve the creation, receipt, maintenance, or transmission of PHI. Business associates are defined to include a subcontractor to whom a business associate delegates a function, activity, or service, other than in the capacity of the business associate’s workforce. As a general rule, a covered entity or business associate may not use or disclose PHI except as permitted or required under the privacy regulations. The privacy regulations also set forth certain rights that an individual has with respect to his or her PHI maintained by a covered entity or business associate, including the right to access or amend certain records containing his, her or their PHI, request restrictions on the use or disclosure of his, her or their PHI, or request an accounting of disclosures of his or her PHI.

Covered entities and business associates also must comply with the security regulations, which establish requirements for safeguarding the confidentiality, integrity, and availability of PHI that is electronically transmitted or electronically stored. In addition, HITECH, among other things, established certain PHI breach notification requirements with which covered entities and business associates must comply. In particular, a covered entity must notify any individual whose unsecured PHI is breached according to the specifications set forth in the breach notification rule. A covered entity must also notify the Secretary of HHS and, under certain circumstances, the media of a breach of unsecured PHI.

The HIPAA privacy, security, and breach notification regulations establish a uniform federal “floor” and do not preempt state laws that are more stringent or provide individuals with greater rights with respect to the privacy or security of, and access to, their records containing PHI or insofar as such state laws apply to personal information that is broader in scope than PHI. In addition, individuals (or their personal representatives, as applicable) generally have the right to access test reports directly from laboratories and to direct that copies of those reports be transmitted to persons or entities designated by the individual.

HIPAA authorizes state attorneys general to file suit on behalf of their residents for violations. Courts are able to award damages, costs, and attorneys’ fees related to violations of HIPAA in such cases. While HIPAA does not create a private right of action allowing individuals to file suit against us in civil court for violations of HIPAA, its standards have been used as the basis for duty of care cases in state civil suits such as those for negligence or recklessness in the misuse or breach of PHI. In addition, violations of HIPAA could result in significant penalties imposed by the HHS’s Office for Civil Rights. HIPAA also mandates that the Secretary of HHS conduct periodic compliance audits of HIPAA covered entities, such as us, and their business associates for compliance with the HIPAA privacy and security standards. It also tasks HHS with establishing a methodology whereby harmed individuals who were the victims of breaches of unsecured PHI may receive a percentage of the civil monetary penalty paid by the violator.

HHS announced on December 27, 2024, and published in the Federal Register on January 6, 2025, a Notice of Proposed Rulemaking proposing extensive modifications to the HIPAA security regulations. If finalized, these modifications could entail significant additional compliance obligations and costs for HIPAA-regulated covered entities and business associates.

Further, there are a number of state laws regarding the privacy and security of health information and personal data that are applicable to our clinical laboratories. We believe that we have taken the steps required of us to comply with health information privacy and security statutes and regulations in all jurisdictions, both state and federal, and we intend to continue to comprehensively protect all personal information and to comply with all applicable laws regarding the protection of such information. However, these laws constantly change, and we may not be able to maintain compliance in all jurisdictions where we do business. Failure to maintain compliance, including in connection with changes in state or federal laws regarding privacy or security, could result in civil and/or criminal penalties as well as significant reputational damage and could also have a material adverse effect on our business.

14

Table of Contents

California and Other State Consumer Privacy Laws

The California Consumer Privacy Act, as amended by the California Privacy Rights Act (together with the California Consumer Privacy Act, the “CCPA”), confers to California consumers, among other things, the right to receive notice of the categories of personal information that will be collected by a business, how the business will use and share the personal information, and the categories of third parties who will receive the personal information. The CCPA also confers rights to access, delete, correct, or request a portable dataset, the right to limit processing of “sensitive personal information,” and the right to receive equal service and pricing from a business after exercising a consumer right granted by the CCPA. In addition, the CCPA allows California consumers the right to opt out of the “sale” of their personal information, which the CCPA defines broadly as any disclosure of personal information to a third party in exchange for monetary or other valuable consideration. The CCPA also allows California consumers to opt out of the “sharing” of information, which restricts a company’s use of personal information for cross-context behavioral advertising. The CCPA requires a business to implement reasonable security procedures to safeguard personal information against unauthorized access, use, or disclosure and imposes purpose limitation, data minimization, data retention and other security compliance obligations on regulated businesses. The CCPA requires businesses to include specific provisions in contracts with third parties that process data on a business’s behalf regarding the third party’s processing and management of such data.

The CCPA does not apply to personal information that is PHI under HIPAA and that is collected by a business associate or covered entity under HIPAA. The CCPA also exempts patient information that is processed by a covered entity and maintained in the same manner as PHI. Accordingly, the CCPA will not apply to much of the genetic testing and patient information we collect and process. However, we are required to comply with the CCPA insofar as we collect other categories of California consumers’ personal information, such as information about California-based employees, contractors, business contacts and website visitors.

The CCPA is enforceable through administrative fines of up to $2,663 for each violation, or $7,988 for intentional violations or where the violator has actual knowledge that the personal information relates to an individual under 16 years of age.

In addition to the CCPA, by the end of 2025, there were sixteen other states that had consumer privacy laws come into effect, including Colorado, Connecticut, Delaware, Florida, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia. Three more states will have comprehensive consumer data privacy laws that come into effect in 2026, and many other states have introduced or enacted similar consumer privacy laws. These new state privacy laws and any potential federal consumer privacy law will and would impose additional data protection obligations on covered businesses, including additional consumer rights, limitations on data uses, new audit requirements for higher risk data and opt outs for certain uses of sensitive data. The new and proposed privacy laws may result in further uncertainty and may require us to incur additional expenditures to comply. These regulations and legislative developments have potentially far-reaching consequences and may require us to modify our data management and data use practices and incur substantial compliance expense. Our failure to comply with applicable laws and regulations or other obligations to which we may be subject relating to personal data, or to protect personal data from unauthorized access, use, or other processing, could result in enforcement actions and regulatory investigations against us, claims for damages by customers and other affected individuals, fines, damage to our reputation, and loss of goodwill, any of which could have a material adverse effect on our operations, financial performance, and business.

Genetic Privacy and Testing Laws

We are subject to myriad laws that require us to establish safeguards for the conduct of genomic testing and analysis and to protect against the misuse of genetic information and human biological specimens (“samples”) from which genetic information can be derived. These laws vary in their scope and in the nature of their requirements and restrictions. For example, certain genetic privacy laws prohibit the retention of samples after performing a genomic analysis and prohibit the collection, use or disclosure of genetic information or samples for certain purposes, such as research, without appropriate informed consent from the individual or unless the genetic information or samples are appropriately de-identified. Other laws may impose additional requirements, including requirements regarding institutional review board review and approval for certain research uses of genetic information or samples or requirements to implement certain security controls in connection with the transfer of genetic information. We must comply with such genetic privacy and testing laws in our collection, use, disclosure and retention of genetic information and samples.

Other Data Protection Laws

There are a growing number of jurisdictions around the globe that have privacy and data protection laws that may apply to us as we enter or expand our business in jurisdictions outside of the United States. These laws are typically triggered by a company’s establishment or physical location in the jurisdiction, data processing activities that take place in the jurisdiction, and/or the processing of personal information about individuals located in that jurisdiction that are targeted, for example, by an offer of

15

Table of Contents

goods or services or by monitoring their activities. Certain data protection laws, such as those in the European Union, (the “EU”) and United Kingdom (the “UK”), are comprehensive in nature and include significant requirements around the processing of personal information, while other jurisdictions may have no privacy and data protection laws or privacy and data protection laws less restrictive or prescriptive than those in the United States. Enforcement of these laws varies from jurisdiction to jurisdiction, with a variety of consequences, including civil or criminal penalties or the loss of a license to operate in the jurisdiction, individual litigation rights, or damage to our reputation.

For example, the EU’s General Data Protection Regulation (“GDPR”), including as implemented and amended through the UK Data Protection Act 2018 (“UK GDPR”), applies to any data collection, use and sharing in the context of an establishment in the EU or UK as well as extraterritorially to any entity outside the EU and UK when they process personal information related to an offer of goods or services to, or monitoring the behavior of, individuals who are located in the EU or UK, respectively. The GDPR and UK GDPR impose requirements on controllers and processors of personal data, including when personal information is transferred outside of the EU or the UK to another country and enhanced protections for “special categories” of personal data, which include sensitive information such as health and genetic information of data subjects. The GDPR and UK GDPR also grant individuals various rights in relation to their personal data including the rights of access, rectification, objection to certain processing and deletion. The GDPR and UK GDPR provide individuals with an express right to seek legal remedies if the individual believes his or her rights have been violated. Failure to comply with the requirements of the GDPR or the related national data protection laws of the member states of the EU, which may deviate from or be more restrictive than the GDPR, or a failure to comply with the UK GDPR may also result in significant administrative fines and restrictions on our business operations issued by EU or UK regulators.

Information Blocking Prohibition

On May 1, 2020, the Office of the National Coordinator for Health Information Technology (“ONC”) promulgated final regulations under the authority of the 21st Century Cures Act to impose new conditions to obtain and maintain certification of certified health information technology and prohibit certain covered actors, including developers of certified health information technology, health information networks/health information exchanges, and health care providers, from engaging in activities that are likely to interfere with the access, exchange, or use of electronic health information (information blocking). The final regulations further defined exceptions for activities that are permissible, even though they may have the effect of interfering with the access, exchange, or use of electronic health information. The information blocking regulations compliance date was April 5, 2021 and the HHS subsequently issued a final rule called the HTI-1 Rule that, among other things, revised the information blocking regulations, effective March 11, 2024. Since then, ONC has published in the Federal Register several proposed and final rules that, among other things, propose to or further revise the information blocking regulations. Under the 21st Century Cures Act, health care providers that violate the information blocking prohibition will be subject to appropriate disincentives. On July 1, 2024, the HHS published in the Federal Register a final rule to establish such disincentives, effective July 31, 2024. Developers of certified information technology and health information networks/health information exchanges may be subject to civil monetary penalties of up to $1 million per violation (adjusted for inflation). The HHS Office of Inspector General has the authority to impose such penalties and on July 3, 2023, published a final rule in the Federal Register codifying new authority in regulation, which became effective September 1, 2023. On July 29, 2024, HHS published a statement in the Federal Register that, among other things, announced a reorganization of certain roles and functions and renamed ONC the Assistant Secretary for Technology Policy and Office of the National Coordinator for Health Information Technology, or ASTP/ONC.

Federal and State Consumer Protection Laws

The Federal Trade Commission (the “FTC”) is an independent U.S. law enforcement agency charged with protecting consumers and enhancing competition across broad sectors of the economy. The FTC’s primary legal authority with respect to data privacy and security comes from Section 5 (“Section 5”) of the Federal Trade Commission Act (the “FTC Act”), which prohibits unfair or deceptive acts or practices in the marketplace. The FTC has increasingly used this broad authority to police data privacy and security, using its powers to investigate and bring lawsuits. Where appropriate, the FTC can seek a variety of remedies, such as but not limited to requiring the implementation of comprehensive privacy and security programs, biennial assessments by independent experts, monetary redress to consumers, and provision of robust notice and choice mechanisms to consumers. In addition to its enforcement mechanisms, the FTC uses a variety of tools to protect consumers’ privacy and personal information, including pursuing enforcement actions to stop violations of law, conducting studies and issuing reports, hosting public workshops, developing educational materials and testifying before the U.S. Congress on issues that affect consumer privacy. Recently, the FTC has issued guidance emphasizing that their authority to prevent unfair or deceptive acts or practices extends to advertising and marketing claims for health care and health-related products.

The majority of data privacy cases brought by the FTC fall under the “deceptive” acts prong of Section 5. These cases often involve a failure on the part of a company to adhere to its own privacy and data protection principles set forth in its policies or other statements made to consumers. To avoid Section 5 violations, the FTC encourages companies to build privacy protections

16

Table of Contents

and safeguards into relevant portions of their business, and to consider privacy and data protection as the company grows and evolves. In addition, privacy notices should clearly and accurately disclose the type(s) of personal information the company collects, how the company uses and shares that information, and the security measures used by the company to protect that information.

In recent years, the FTC’s enforcement under Section 5 related to data security has included alleged violations of the “unfairness” prong. Many of these cases have alleged that companies were unfair to consumers because they failed to take reasonable and necessary measures to protect consumer data. The FTC has not provided bright line rules defining what constitutes “reasonable and necessary measures” for implementing a cybersecurity program, but it has provided guidance, tips and advice for companies. The FTC has also published past complaints and consent orders, which it urges companies to use as guidance to help avoid an FTC enforcement action, even if a data breach or loss occurs.

In addition to the FTC Act, most U.S. states have unfair and deceptive acts and practices statutes, known as Unfair Deceptive Acts and Practices (“UDAP”) statutes, that substantially mirror the FTC Act and have been applied in the privacy and data security context. These vary in substance and strength from state to state. Many have broad prohibitions against unfair and deceptive acts and practices. These statutes generally allow for private rights of action and are enforced by the states’ Attorneys General.

Reimbursement and Billing

In April 2014, Congress passed the Protecting Access to Medicare Act of 2014 (“PAMA”), which included substantial changes to the way in which clinical laboratory services are paid under Medicare. Under PAMA (as amended) and its implementing regulations, laboratories that realize at least $12,500 in Medicare Clinical Laboratory Fee Schedule (“CLFS”) revenues during the six month reporting period and that receive the majority of their Medicare revenue from payments made under the CLFS or the Physician Fee Schedule must report, beginning in 2017, and then in 2026 and every three years thereafter (or annually for “advanced diagnostic laboratory tests”), private payor payment rates and volumes for their tests. None of our tests meet the current definition of advanced diagnostic laboratory tests, and therefore we believe we are required to report private payor rates for our tests on an every-three-years basis, starting next in 2026. The Centers for Medicare & Medicaid Services (“CMS”) use the rates and volumes reported by laboratories to develop Medicare payment rates for the tests equal to the volume-weighted median of the private payor payment rates for the tests. Laboratories that fail to report the required payment information may be subject to substantial civil money penalties.

As set forth under the regulations implementing PAMA, for tests furnished on or after January 1, 2018, Medicare payments for clinical diagnostic laboratory tests are paid based upon these reported private payor rates. For clinical diagnostic laboratory tests that are assigned a new or substantially revised code, initial payment rates for clinical diagnostic laboratory tests that are not advanced diagnostic laboratory tests will be assigned by the crosswalk or gap-fill methodology, as under prior law. Initial payment rates for new advanced diagnostic laboratory tests will be based on the actual list charge for the laboratory test.

The payment rates calculated under PAMA went into effect starting January 1, 2018. Where applicable, reductions to payment rates resulting from the new methodology were limited to 10% per test per year in each of the years 2018 through 2020. Rates were held at 2020 levels during 2021 through 2025 and will continue to be held at such levels in 2026. Then, where applicable based upon median private payor rates reduced by up to 15% per test per year for each of 2027 through 2029.

PAMA codified Medicare coverage rules for laboratory tests by requiring any local coverage determination to be made following the local coverage determination process. PAMA also authorizes CMS to consolidate coverage policies for clinical laboratory tests among one to four laboratory-specific Medicare Administrative Contractors. These same contractors may also be designated to process claims if CMS determines that such a model is appropriate. It is unclear whether CMS will proceed with contractor consolidation under this authorization.

PAMA also authorized the adoption of new, temporary billing codes and/or unique test identifiers for FDA-cleared or approved tests as well as advanced diagnostic laboratory tests. The American Medical Association has created a section of billing codes, Proprietary Laboratory Analyses (“PLA”), to facilitate implementation of this section of PAMA. These codes may apply to one or more of our tests if we apply for PLA coding.

17

Table of Contents

Reimbursement and billing for diagnostic services is highly complex, and errors in billing potentially can result in denied claims and/or in substantial obligations to repay overpayments to payors. Laboratories must bill various payors, such as private third-party payors, including managed care organizations (“MCO”), and state and federal health care programs, such as Medicare and Medicaid, and each may have different billing requirements. Additionally, the audit requirements we must meet to ensure compliance with applicable laws and regulations, as well as our internal compliance policies and procedures, add further complexity to the billing process. Other factors that complicate billing include:

•variability in coverage and information requirements among various payors;

•patient financial assistance programs;

•missing, incomplete or inaccurate billing information provided by ordering physicians;

•billings to payors with whom we do not have contracts;

•disputes with payors as to which party is responsible for payment; and

•disputes with payors as to the appropriate level of reimbursement.

Depending on the reimbursement arrangement and applicable law, the party that reimburses us for our services may be:

•a third party who provides coverage to the patient, such as an insurance company or MCO;

•a state or federal healthcare program; or

•the patient.

Available Information

Our annual reports on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K and amendments to these reports, as well as our other SEC filings, are available free of charge on our website, www.genedx.com, as soon as reasonably practicable after such reports are electronically filed with or furnished to the SEC. The information contained on our website is not incorporated by reference in this document.

We have used, and intend to continue to use, our website, investor relations website (accessible via our website), and social media accounts, including our LinkedIn page, our Instagram page, and our Facebook page, as a means of disclosing material non-public information and for complying with our disclosure obligations under Regulation FD.