ITEM 1A. RISK FACTORS

Set forth below are the risks that we believe are material to our investors. This section contains forward-looking statements. You should refer to the explanation of the qualifications and limitations on forward-looking statements appearing just before the section captioned “BUSINESS” in Item 1 above.

BUSINESS AND FINANCIAL RISKS

We identified a material weakness in our internal control over financial reporting related to the recording and processing of revenue transactions which required the restatement of our quarterly financial statements for the interim periods in 2023. Such material weaknesses could materially and adversely affect our operations, financial condition, reputation and stock price.

In connection with the audit of our financial statements for the year ended December 31,2023, management concluded that the Company’s previously issued consolidated financial statements should be restated due to inadvertently including certain revenue from our European subsidiary, Swivel Secure Europe, Ltd., in the first quarter of 2023. In addition, certain allowances for accounts receivable and certain reserves for inventory were understated. Therefore, the Company misstated gross revenues, accounts receivable, and inventory during the first three quarters of 2023. The restatement related to the Company’s material weakness in internal control over financial reporting over the recording of revenue, accounts receivable, and inventory transactions. A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of a company’s annual or interim financial statements will not be prevented or detected on a timely basis. We completed the restatement and have now corrected and continue to monitor the applied corrective actions to remediate the material weakness and continue to strengthen our internal controls over the recording of revenue transactions. We completed the restatement and are now evaluating and working towards the appropriate corrective actions to remediate the material weakness to strengthen our internal controls over the recording of revenue transactions.

It is possible that we may discover significant deficiencies or material weaknesses in our internal control over financial reporting in the future. For example, internal control over financial reporting may not achieve their intended objectives. Control processes that involve human diligence and compliance, such as our disclosure controls and procedures and internal control over financial reporting, are subject to lapses in judgment and breakdowns resulting from human failures. Controls can also be circumvented by collusion or improper management-override of such controls. Because of such limitations, there are risks that material misstatements due to error or fraud may not be prevented or detected, and that information may not be reported on a timely basis.

Based on our limited cash resources, history of significant losses, negative cash flow, and dependence on debt and equity financing to fund operations, our independent registered public accounting firm has included an explanatory paragraph in their opinion as to the substantial doubt about our ability to continue as a going concern.

Due to, among other factors, our history of significant losses, limited cash resources, negative cash flow, and dependence on debt and equity financing to fund operations, our independent registered public accounting firm has included an explanatory paragraph in their opinion for the year ended December 31, 2024 as to the substantial doubt about our ability to continue as a going concern. Our financial statements have been prepared in accordance with accounting principles generally accepted in the United States, which contemplate that we will continue to operate as a going concern. Our financial statements do not contain any adjustments that might result if we are unable to continue as a going concern.

We have historically not generated significant revenue and have sustained substantial operating losses.

In order to increase revenue, we have developed a direct sales force and anticipate the need to retain additional sales, marketing and technical support personnel and may need to incur substantial expenses. We cannot assure you that we will be able to secure these necessary resources, that a significant market for our technologies will develop, or that we will be able to achieve our targeted revenue. If we are unable to achieve revenue or raise capital sufficient to cover our ongoing operating expenses, we will be required to scale back operations, including marketing and research initiatives, or in the extreme case, discontinue operations.

We may need to obtain additional financing to execute our business plan, which may not be available. If we are unable to raise additional capital or generate significant revenue, we may not be able to continue operations.

We have historically financed our operations through access to the capital markets by issuing secured and convertible debt securities, convertible preferred stock, common stock, and through factoring receivables. We currently require approximately $812,000 per month to conduct our operations, a monthly amount that we have been unable to consistently achieve through revenue generation. During 2024, we generated approximately $7.0 million of revenue, which is below our average monthly requirements. If we are unable to generate sufficient revenue to cover operating expenses and fund our business plan, we will need to obtain additional third-party financing. We may, therefore, need to obtain additional financing through the issuance of debt or equity securities. We cannot assure you that we will be able to secure any such additional financing on terms acceptable to us or at all. If we cannot obtain such financing, we will not be able to execute our business plan, will be required to reduce operating expenses, and in the extreme case, discontinue operations.

Our failure to timely our annual report on Form 10-K for the year ended December 31, 2023 and our quarterly report on Form 10-Q for the period ended March 31, 2024 has made us ineligible to use a Form S-3 to register the offer and sale of securities, which could adversely affect our ability to raise future capital.

As a result of our failure to timely file our annual report on Form 10-K for the year ended December 31, 2023 and our Quarterly Report on SEC Form 10-Q for the period ended March 31, 2024, we are not eligible to register the offer and sale of our securities using a registration statement on Form S-3 until one year from the date we regain and maintain status as a current filer. Should we wish to register the offer and sale of our securities to the public prior to the time we are eligible to use Form S-3, both our transaction costs and the amount of time required to complete the transaction could increase, making it more difficult to execute any such transaction successfully and potentially harming our financial condition.

Our biometric technology has yet to gain widespread market acceptance and we do not know how large of a market will develop for our technology.

Biometric technology has received only limited market acceptance, particularly in the private sector. Our technology represents a novel security solution and we have not yet generated significant sales. Although recent security concerns relating to identification of individuals and appearance of biometric readers on popular consumer products, including the Apple iPhone, have increased interest in biometrics generally, it remains an evolving market. Biometric based solutions compete with more traditional security methods including keys, cards, personal identification numbers and security personnel. Acceptance of biometrics as an alternative to such traditional methods depends upon a number of factors including:

●

national or international events which may affect the need for or interest in biometric solutions;

●

the performance and reliability of biometric solutions;

●

marketing efforts and publicity regarding these solutions;

●

public perception regarding privacy concerns;

●

costs involved in adopting and integrating biometric solutions;

●

proposed or enacted legislation related to privacy of information; and

●

competition from non-biometric technologies that provide more affordable, but less robust, authentication (such as tokens and smart cards).

For these reasons, we are uncertain whether our biometric technology will gain widespread acceptance in any commercial markets or that demand will be sufficient to create a market large enough to produce significant revenue or earnings. Our future success depends, in part, upon business customers adopting biometrics generally, and our solution specifically.

Biometric technology is a relatively new approach to Internet security, which must be accepted in order for our WEB-key solution to generate significant revenue.

Our WEB-key authentication initiative represents a relatively new approach to Internet security, which has been adopted on a limited basis by companies that distribute goods, content or software applications over the Internet. The implementation of our WEB-key solution requires the distribution and use of a finger scanning device and integration of database and server side software. Although we believe our solutions provide a higher level of security for information transmitted over the Internet than existing traditional methods, unless business and consumer markets embrace the use of a scanning device and believe the benefits of increased accuracy outweigh implementation costs, our solution will not gain market acceptance.

The market for our solutions is still developing and if the biometrics industry adopts standards or a platform different from our standards or platform, our competitive position would be negatively affected.

The market for identity solutions is still developing. The evolution of this market may result in the development of different technologies and industry standards that are not compatible with our current solutions, products or technologies. Several organizations set standards for biometrics to be used in identification and documentation. Although we believe that our biometric technologies comply with existing standards, these standards may change and any standards adopted could prove disadvantageous to or incompatible with our business model and current or future solutions, products and services.

Our software products may contain defects which will make it more difficult for us to establish and maintain customers.

Although we have completed the development of our core biometric technology, it has only been used by a limited number of business customers. Despite extensive testing during development, our software may contain undetected design faults and software errors, or “bugs” that are discovered only after it has been installed and used by a greater number of customers. Any such defect or error in new or existing software or applications could cause delays in delivering our technology or require design modifications. These could adversely affect our competitive position and cause us to lose potential customers or opportunities. Since our technologies are intended to be utilized to secure physical and electronic access, the effect of any such bugs or delays will likely have a detrimental impact on us. In addition, given that biometric technology generally, and our biometric technology specifically, has yet to gain widespread acceptance in the market, any delays would likely have a more detrimental impact on our business than if we were a more established company.

In order to generate revenue from our biometric products, we are dependent upon independent original equipment manufacturers, system integrators and application developers, which we do not control. As a result, it may be more difficult to generate sales.

We market our technology through licensing arrangements with:

●

original equipment manufacturers (OEMs), system integrators and application developers which develop and market products and applications which can then be sold to end users; and

●

companies which distribute goods, services or software applications over the Internet.

As a technology licensing company, our success will depend upon the ability of these manufacturers and developers to effectively integrate our technology into products and services which they market and sell. We have no control over these licensees and cannot assure you that they have the financial, marketing or technical resources to successfully develop and distribute products or applications acceptable to end users or generate any meaningful revenue for us. These third parties may also offer the products of our competitors to end users. While we have commenced a significant sales and marketing effort, we have only begun to develop a significant distribution channel and may not have the resources or ability to sustain these efforts or generate any meaningful sales.

We face intense competition and may not have the financial and human resources necessary to keep up with rapid technological changes, which may result in our technology becoming obsolete.

The Internet, facility access control, and information security markets are subject to rapid technological change and intense competition. We compete with both established biometric companies and a significant number of startup enterprises as well as providers of more traditional methods of access control. Most of our competitors have substantially greater financial and marketing resources than we do and may independently develop superior technologies, which may result in our technology becoming less competitive or obsolete. We may not be able to keep pace with this change. If we are unable to develop new applications or enhance our existing technology in a timely manner in response to technological changes, we will be unable to compete in our chosen markets. In addition, if one or more other biometric technologies such as voice, face, iris, hand geometry or blood vessel recognition are widely adopted, it would significantly reduce the potential market for our fingerprint identification technology.

We recognized revenues from Africa and the European Union in 2023 and 2024 and expect continued revenues from these regions in future periods. Our financial performance will be subject to risks associated with changes in the value of the U.S. dollar versus local currencies.

Owing to the international scope of our operations, including our recent acquisition of Swivel Secure Europe, SA, we are exposed to foreign exchange risk. Our primary exposure to movements in foreign currency exchange rates relates to non-U.S. dollar-denominated sales and operating expenses worldwide. Weakening of foreign currencies relative to the U.S. dollar will adversely affect the U.S. dollar value of our foreign currency-denominated sales and earnings, if any, and could lead to us raising international pricing, potentially reducing the demand for our products. In addition, margins on sales of our products in foreign countries and on sales of products that include components obtained from foreign suppliers could be materially adversely affected by foreign currency exchange rate fluctuations. As a result, our business and the price of our common stock may be affected by fluctuations in foreign exchange rates, which may have a significant impact on our results of operations and cash flows from period to period. Currently, we do not have any exchange rate hedging arrangements in place.

Although we have made significant sales of our products throughout Asia and Africa in prior years, we have not been able to consistently enforce our contract rights and collect all receivables which has resulted in material write-offs.

Our ability to enforce our international contracts is contingent on our relationships with foreign resellers, and their financial viability. Although we are making efforts to better enforce our contract rights, there can be no assurance that we will be able to fully collect all receivables originating in Asia and Africa or that will not have to write-off future receivables which may be material in amount. Any such write-offs have negatively impacted our financial position and results of operation.

We depend on key employees and members of our management team, including our Chairman of the Board and Chief Executive Officer, Chief Financial Officer, and our Chief Legal Officer, in order to achieve our goals. We cannot assure you that we will be able to retain or attract such persons.

Our employment contracts with Michael W. DePasquale, our Chairman of the Board and Chief Executive Officer, Cecilia C. Welch, our Chief Financial Officer, and James D. Sullivan, our Chief Legal Officer, each have one-year terms and renew automatically for successive one-year periods unless notice of non-renewal is provided by the Company. Sullivan, our Chief Legal Officer, expire annually, and renew automatically for successive one-year periods unless notice of non-renewal is provided by the Company. Although the contracts do not prevent them from resigning, they do contain confidentiality and non-compete clauses, which are intended to prevent them from working for a competitor within one year after leaving our Company. Our success depends on our ability to attract, train and retain employees with expertise in developing, marketing and selling software solutions. In order to successfully market our technology, we will need to retain additional engineering, technical support and marketing personnel. The market for such persons remains highly competitive and our limited financial resources will make it more difficult for us to recruit and retain qualified persons.

We cannot assure you that the intellectual property protection for our core technology provides a sustainable competitive advantage or barrier to entry against our competitors.

Our success and ability to compete is dependent in part upon proprietary rights to our technology. We rely primarily on a combination of patent, copyright and trademark laws, trade secrets and technical measures to protect our propriety rights. We have filed a patent application relating to both the optic technology and biometrics solution components of our technology wherein several claims have been allowed. The U.S. Patent and Trademark Office has issued us a series of patents for our Vector Segment fingerprint technology (VST), and our other core biometric analysis and identification technologies. However, we cannot assure you that we will be able to adequately protect our technology or other intellectual property from misappropriation in the U.S. and abroad. Any patent issued to us could be challenged, invalidated or circumvented or rights granted thereunder may not provide a competitive advantage to us. Furthermore, patent applications that we file may not result in issuance of a patent or, if a patent is issued, the patent may not be issued in a form that is advantageous to us. Despite our efforts to protect our intellectual property rights, others may independently develop similar products, duplicate our products or design around our patents and other rights. In addition, it is difficult to monitor compliance with, and enforce, our intellectual property rights on a worldwide basis in a cost-effective manner. In jurisdictions where foreign laws provide less intellectual property protection than afforded in the U.S. and abroad, our technology or other intellectual property may be compromised, and our business would be materially adversely affected.

If any of our proprietary rights are misappropriated or we are forced to defend our intellectual property rights, we will have to incur substantial costs. Such litigation could result in substantial costs and diversion of our resources, including diverting the time and effort of our senior management, and could disrupt our business, as well as have a material adverse effect on our business, prospects, financial condition and results of operations. We can provide no assurance that we will have the financial resources to oppose any actual or threatened infringement by any third party. Furthermore, any patent or copyrights that we may be granted may be held by a court to infringe on the intellectual property rights of others and subject us to the payment of damage awards.

We may be subject to claims with respect to the infringement of intellectual property rights of others, which could result in substantial costs and diversion of our financial and management resources.

Third parties may claim that we are infringing on their intellectual property rights. We may violate the rights of others without our knowledge. We may expose ourselves to additional liability if we agree to indemnify our customers against third party infringement claims. While we know of no basis for any claims of this type, the existence of and ownership of intellectual property can be difficult to verify, and we have not made an exhaustive search of all patent filings. Additionally, most patent applications are kept confidential for twelve to eighteen months, or longer, and we would not be aware of potentially conflicting claims that they make. We may become subject to legal proceedings and claims from time to time relating to the intellectual property of others in the ordinary course of our business. If we are found to have violated the intellectual property rights of others, we may be enjoined from using such intellectual property, and we may incur licensing fees or be forced to develop alternative technology or obtain other licenses. In addition, we may incur substantial expenses in defending against these third-party infringement claims and be diverted from devoting time to our business and operational issues, regardless of the merits of any such claim. In addition, we may incur substantial expenses in defending against these third party infringement claims and be diverted from devoting time to our business and operational issues, regardless of the merits of any such claim.

In addition, in the event that we recruit employees from other technology companies, including certain potential competitors, and these employees are engaged in the development of portions of products which are similar to the development in which they were involved at their former employers, we may become subject to claims that such employees have improperly used or disclosed trade secrets or other proprietary information. If any such claims were to arise in the future, litigation or other dispute resolution procedures might be necessary to retain our ability to offer our current and future services, which could result in substantial costs and diversion of our financial and management resources. Successful infringement or licensing claims against us may result in substantial monetary damages, which may materially disrupt the conduct of our business and have a material adverse effect on our reputation, business, financial condition and results of operations. Even if intellectual property claims brought against us are without merit, they could result in costly and time consuming litigation and may divert our management and key personnel from operating our business.

If we are unable to effectively protect our intellectual property rights on a worldwide basis, we may not be successful in the international expansion of our business.

Access to worldwide markets depends in part on the strength of our intellectual property portfolio. There can be no assurance that, as our business expands into new areas, we will be able to independently develop the technology, software or know-how necessary to conduct our business or that we can do so without infringing the intellectual property rights of others. To the extent that we have to rely on licensed technology from others, there can be no assurance that we will be able to obtain licenses at all or on terms we consider reasonable. The lack of a necessary license could expose us to claims for damages and/or injunction from third parties, as well as claims for indemnification by our customers in instances where we have a contractual or other legal obligation to indemnify them against damages resulting from infringement claims. With regard to our own intellectual property, we actively enforce and protect our rights. However, there can be no assurance that our efforts will be adequate to prevent the misappropriation or improper use of our protected technology in international markets.

We may not achieve profitability if we are unable to maintain, improve our offerings.

We believe that our future business prospects depend in part on our ability to maintain and improve our current services and to develop new ones on a timely basis. Our services will have to achieve market acceptance, maintain technological competitiveness, and meet an expanding range of customer requirements. We may experience difficulties that could delay or prevent the successful development, introduction or marketing of new services and service enhancements. Additionally, our new services and service enhancements may not achieve market acceptance. If we cannot effectively develop and improve services, we may not be able to recover our fixed costs or otherwise become profitable.

We are subject to risks and uncertainties associated with the continued growth of our international operations, which may harm our business.

We have international operations and continue to expand our international operations when we acquired Swivel Secure Europe SA. Accordingly, our business is subject to risks and uncertainties associated with doing business outside of the United States and could be adversely affected by a variety of factors, including:

●

multiple, conflicting and changing laws and regulations such as privacy, security, and data use regulations, tax laws, export and import restrictions, economic and trade sanctions and embargoes, employment laws, anticorruption laws, regulatory requirements, reimbursement or payer regimes and other governmental approvals, permits and licenses;

●

failure by us, our collaborators or our distributors to obtain regulatory clearance, authorization or approval for the use of our product candidates in various countries;

●

additional potentially relevant third-party patent rights;

●

complexities and difficulties in obtaining intellectual property protection and enforcing our intellectual property;

●

difficulties in staffing and managing foreign operations;

●

financial risks, such as longer payment cycles, difficulty collecting accounts receivable, the impact of local and regional financial crises on demand and payment for our product candidates and exposure to foreign currency exchange rate fluctuations;

●

natural disasters, political and economic instability, including wars, terrorism and political unrest, outbreak of disease, boycotts, curtailment of trade and other business restrictions;

●

regulatory and compliance risks that relate to maintaining accurate information and control over sales and distributors’ activities that may fall within the purview of the U.S. Foreign Corrupt Practices Act (FCPA), its books and records provisions, or its anti-bribery provisions, or laws similar to the FCPA in other jurisdictions in which we may now or in the future operate; and

●

anti-bribery requirements of several Member States in the European Union and other countries that may change and require disclosure of information to which U.S. legal privilege may not extend.

Any of these factors could significantly harm our business, operating results, financial condition or prospects.

Our business could be negatively impacted by security threats, including cybersecurity threats, ransomware, and other disruptions.

Our customers use our solutions to access their business systems and store data related to their employees, contractors, partners and customers. Our systems’ integrity is essential to their use of our platform, which stores, transmits and processes customers’ proprietary information and users’ personal data. If the confidentiality, integrity or availability of our customers’ data or systems is disrupted, we could incur significant liability to our customers and to individuals or businesses whose information was being stored by our customers, and our platform may be perceived as less desirable, which could negatively affect our business and damage our reputation. We, our third-party service providers, and our customers may be unable to anticipate these techniques or to implement adequate preventive measures. Further, because we do not control our third-party service providers, or the processing of data by our third-party service providers, we cannot ensure the integrity or security of measures they take to protect customer information and prevent data loss beyond evaluating and relying on their representations as to their security methods and posture. Although we utilize various procedures and controls to monitor these threats and mitigate our exposure to such threats, there can be no assurance that these procedures and controls will be sufficient in preventing security threats from materializing. If any of these events were to materialize, they could lead to losses of sensitive information, critical infrastructure, personnel or capabilities, essential to our operations and could have a material adverse effect on our reputation, financial position, results of operations, or cash flows. As a technology company, we face various security threats, including cybersecurity threats to gain unauthorized access to sensitive information. on an ongoing basis.

In addition to threats from traditional computer “hackers,” malicious code (such as malware, viruses, worms and ransomware), employee or contractor theft or misuse, password spraying, phishing and denial-of-service attacks, we and our third-party service providers now also face threats from sophisticated nation-state and nation-state-supported actors who engage in attacks (including advanced persistent threat intrusions) that add to the risks to our systems (including those hosted on AWS’ systems), internal networks, our customers’ systems and the information that they store and process. Cybersecurity attacks in particular are evolving, we expect that they will continue, and we expect the scope and sophistication of these efforts may increase in future periods. As a result, we and our third-party service providers may be unable to anticipate these techniques or implement adequate preventative measures quickly enough to prevent either an electronic intrusion into our systems or services or a compromise of customer data, employee data or other protected information.

Although we have implemented systems and procedures that are designed to protect customer, employee, vendor and Company information, prevent data loss and other security breaches, and otherwise identify, assess, and analyze cybersecurity risks, these measures may not function as expected or may not be sufficient to protect our internal networks and platform against certain attacks. Development and maintenance of these systems is costly and requires ongoing monitoring and updating as technologies change and efforts to overcome security measures increase and become more sophisticated. We face an evolving threat landscape in which cybercriminals, among others, employ a complex array of techniques designed to access personal data and other information, including, for example, the use of fraudulent or stolen access credentials, malware, ransomware, phishing, denial of service and other types of attacks. While, to the best of our knowledge, we have not experienced any material misappropriation, loss or other unauthorized disclosure of confidential or personally identifiable information as a result of a security breach or cyberattack that could materially increase financial risk to the Company or our customers, such a security breach or cyberattack could adversely affect our business and operations, including by damaging our reputation and our relationships with our customers, employees and investors, exposing us to litigation, fines, penalties or remediation costs.

We maintain cybersecurity insurance, but our insurance may be insufficient to cover all liabilities incurred in any such incident, and any incident may result in loss of, or increased costs of, that cybersecurity insurance. Any breach, or any perceived breach, of our systems, our customers’ systems, or other systems or networks secured by our products, without regard to whether any breach is due to a vulnerability in our platform, may also undermine confidence in our platform or the identity as a service industry and could result in damage to our reputation and brand, negative publicity, loss of partners, customers and sales, increased costs to correct any problem, costly litigation and other liabilities. In addition, a breach of the security measures of one of our partners could result in the disclosure of confidential information or other data that may provide additional avenues of attack, and if a high profile security breach occurs with respect to a comparable cloud technology provider, our customers and potential customers may lose trust in the security of the cloud business model generally, which could adversely impact our ability to retain existing customers or attract new ones. Any of these negative outcomes could adversely impact market acceptance of our products and could harm our business, results of operations, and financial condition.

Our failure to comply with applicable privacy, data protection and information security laws or related contractual obligations could subject us to significant liability and negatively impact our financial position and results of operation.

There are numerous laws and regulations in various jurisdictions regarding privacy, data protection, information security, and the storing, sharing, use, processing, transfer, disclosure and protection of personal data. In light of the increasing pace of new technology development, including with respect to biometric data, the scope of these data protection and privacy-related laws and regulations are expanding, subject to differing interpretations, and may be inconsistent among jurisdictions, or conflict with other rules that we are subject to. These evolving laws and regulations may result in increasing regulatory and public scrutiny and escalating levels of enforcement and sanctions. We are also subject to the terms of our privacy policies and contractual obligations to third parties related to privacy, data protection and information security.

Any failure or perceived failure by us to comply with our privacy policies, our privacy-related obligations to customers or other third parties, or applicable laws or regulations relating to privacy, data protection, or information security may result in governmental investigations or enforcement actions, litigation, claims or public statements against us by consumer advocacy groups or others, and could result in significant liability or cause our customers to lose trust in us, which could cause them to cease or reduce use of our products and services and otherwise have an adverse effect on our reputation and business. Any similar failure or perceived failure by users of our products or services may also have an adverse effect on our reputation and business. In addition, legal, regulatory, contractual and other obligations as well as public concerns relating to privacy, data protection or information security could restrict our ability to store and process data as part of our solutions or otherwise impact our ability to provide our solutions in certain jurisdictions and may result in the loss of business opportunities from customers operating in, or seeking to expand into, those jurisdictions. Additionally, in 2023, the SEC adopted new rules related to cybersecurity risk management, which may further increase our regulatory burden and the cost of compliance in such events.

Our business could be adversely affected by trade tariffs or other trade barriers.

Our business is subject to the imposition of tariffs and other trade barriers, which may make it more costly for us to import inventory from China and Hong Kong and certain product components from South Korea. The new presidential administration recently imposed new tariffs on imports to the United States from China, Mexico, Canada, and Europe and is expected to impose new tariffs on imports from other countries. In addition, these countries have, and in the future other countries may, impose retaliatory tariffs. The resulting environment of retaliatory trade or other practices or additional trade restrictions or barriers could harm our ability to obtain inventory and product components or sell our products and services at prices customers are willing to pay, which could have a material adverse effect on our business, prospects, results of operations, and cash flows. Relatedly, trade policies could lead to an increasing number of competitors entering the United States, thereby creating more competition. If we experience cost increases as a result of existing or future tariffs and are unable to pass on such additional costs to our customers, or otherwise mitigate the costs, our business, prospects, financial condition, results of operations, and cash flows could be materially and adversely affected.

Scrutiny and evolving expectations from customers, regulators, investors, and other stakeholders with respect to our environmental, social and governance practices may impose additional costs on us or expose us to new or additional risks.

Public companies are facing scrutiny from customers, regulators, investors, and other stakeholders related to their environmental, social and governance (“ESG”) practices and disclosure. Investor advocacy groups, investment funds and influential investors are also focused on these practices, especially as they relate to the environment, climate change, health and safety, supply chain management, diversity, labor conditions and human rights, both in our own operations and in our supply chain. Increased ESG-related compliance costs could result in material increases to our overall operational costs. Our ESG practices may not meet the standards of all of our stakeholders and advocacy groups may campaign for further changes. Additionally, different stakeholder groups have divergent views on ESG matters, which increases the risk that any action or lack thereof with respect to ESG matters may be perceived negatively by at least some stakeholders and adversely impact our reputation and business. Anti-ESG sentiment has gained some momentum across the United States, with several states having enacted or proposed “anti-ESG” policies or legislation or issued related legal opinions. The federal government has similarly taken action to curtail ESG initiatives. A failure, or perceived failure, to adapt to or comply with regulatory requirements or to respond to investor or stakeholder expectations and standards could negatively impact our business and reputation and have a negative impact on the trading price of our common stock.

Legal, regulatory or market measures to address climate change may materially and adversely affect our future results of operations and financial condition.

In March 2024, the SEC adopted climate disclosure rules, which would require new disclosure in certain SEC filings about material climate-related risks, activities to mitigate or adapt to such risks, board oversight of climate-related risks and management’s role in managing material climate-related risks, and climate-related targets and goals. These climate disclosure rules have been the subject of multiple legal challenges, and the SEC recently dropped its defense of the rules, so the extent to which the rules will go into effect remains uncertain. Inconsistency of regulations at the federal and state level may affect the costs of compliance with such legal or regulatory requirements. We may incur increased costs relating to the assessment and disclosure of climate-related risks and increased litigation risks related to such disclosures, either of which could materially and adversely affect our future results of operations and financial condition. However, we may incur increased costs relating to the assessment and disclosure of climate-related risks and increased litigation risks related to disclosures made pursuant to the new rules, either of which could materially and adversely affect our future results of operations and financial condition. Adverse publicity or climate-related litigation that impacts us could have a negative impact on our business.

The war in Ukraine and the international community’s response have created substantial political and economic disruption, uncertainty, and risk.

Russia’s military intervention in Ukraine in late February 2022, Ukraine’s widespread resistance, and the NATO led and United States coordinated economic, financial, communications, and other sanctions imposed by other countries have created significant political and economic world uncertainty. It is not possible to predict the broader consequences of the conflict, including related geopolitical tensions, and the measures and retaliatory actions taken by the U.S. and other countries in respect thereof, as well as any counter measures or retaliatory actions by Russia in response. At a minimum, the continuing conflict is likely to cause regional instability, geopolitical shifts and could materially adversely affect global trade, currency exchange rates, regional economies and the global economy, which could materially adversely affect our financial condition or results of operations. Current and likely additional international sanctions against Russia may contribute to higher costs, particularly for petroleum-based products. These and related actions, responses, and consequences that cannot now be predicted or controlled may contribute to world-wide economic reversals.

There is a scarcity of and competition for acquisition opportunities.

A component of our business plan is to acquire businesses and assets in the biometric and identity access management industry and other industries which we believe would complement our current offerings. There are a limited number of operating companies available for acquisition that we deem to be desirable targets. There are a limited number of operating companies available for acquisition that we deem to be desirable targets. In addition, there is a very high level of competition among companies seeking to acquire these operating companies. Many established and well-financed entities are active in acquiring interests in companies that we may find to be desirable acquisition candidates. Many of these entities have significantly greater financial resources, technical expertise and managerial capabilities than us. Consequently, we will be at a competitive disadvantage in negotiating and executing possible acquisitions of these businesses. Even if we are able to successfully compete with these entities, this competition may affect the terms of completed transactions and, as a result, we may pay more or receive less favorable terms than we expected for potential acquisitions. We may not be able to identify operating companies that complement our strategy, and even if we identify a company that complements our strategy, we may be unable to complete an acquisition of such a company for many reasons, including:

●	failure to agree on the terms necessary for a transaction, such as the purchase price;

●	incompatibility between our operational strategies or management philosophies with those of the potential acquiree;

●	competition from other acquirers of operating companies;

●	lack of sufficient capital to acquire a profitable company; and

●	unwillingness of a potential acquiree to work with our management.

Risks related to acquisition financing.

We have limited financial resources and our ability to make additional acquisitions without securing additional financing from outside sources is also limited. In order to continue to pursue our acquisition strategy, we may be required to obtain additional financing. We may obtain such financing through a combination of debt financing or the placement of debt and equity securities. We may finance some portion of our future acquisitions by either issuing equity or by using shares of our common stock for all or a portion of the purchase price for such businesses. In the event that our common stock does not attain or maintain a sufficient market value, or potential acquisition candidates are otherwise unwilling to accept our common stock as part of the purchase price for the sale of their businesses, we may be required to use more of our cash resources, if available, in order to maintain our acquisition program. If we do not have sufficient cash resources, we will not be able to complete acquisitions and our growth could be limited unless we are able to obtain additional capital through debt or equity financings.

We may experience difficulties in integrating the operations, personnel and assets of any business we acquire which may disrupt our business, dilute stockholder value, and adversely affect our operating results.

There can be no assurance that we will be able to identify, acquire or profitably manage any businesses or successfully integrate acquired businesses into the Company without substantial costs, delays or other operational or financial problems. Such acquisitions also involve numerous operational risks, including:

●	difficulties in integrating operations, technologies, services and personnel;

●	the diversion of financial and management resources from existing operations;

●	the risk of entering new markets;

●	difficulties in retaining the existing customers;

●	the potential loss of existing or acquired strategic operating partners following an acquisition;

●	the potential loss of key employees following an acquisition and the associated risk of competitive efforts from departures;

●	assumed or unforeseen liabilities that arise in connection with the acquired business;

●	possible legal disputes with the acquired company following an acquisition; and

●	the inability to generate sufficient revenue to offset acquisition or investment costs.

As a result, if we fail to properly evaluate and execute any acquisitions or investments, our business and prospects may be seriously harmed.

To the extent we make any material acquisitions, our earnings may be adversely affected by non-cash charges relating to the amortization of intangible assets.

Under applicable accounting standards, purchasers are required to allocate the total consideration paid in a business combination to the identified acquired assets and liabilities based on their fair values at the time of acquisition. The excess of the consideration paid to acquire a business over the fair value of the identifiable tangible assets acquired must be allocated among identifiable intangible assets including goodwill. The amount allocated to goodwill is not subject to amortization. However, it is tested at least annually for impairment. The amount allocated to identifiable intangible assets, such as customer relationships and the like, is amortized over the life of these intangible assets. We expect that this will subject us to periodic charges against our earnings to the extent of the amortization incurred for that period. Because our business strategy focuses, in part, on growth through acquisitions, our future earnings may be subject to greater non-cash amortization charges than a company whose earnings are derived solely from organic growth. As a result, we may experience an increase in non-cash charges related to the amortization of intangible assets acquired in our acquisitions. Our financial statements will show that our intangible assets are diminishing in value, even if the acquired businesses are increasing (or not diminishing) in value.

RISKS RELATED TO OUR COMMON STOCK

We have issued a substantial number of warrants exercisable into shares of our common stock which could result in substantial dilution to the ownership interests of our existing stockholders.

As of the date of this report, approximately 4,275,056 shares of our common stock (as adjusted to reflect our 1-for-18 reverse stock split, which was effective December 21, 2023) were reserved for issuance upon exercise or conversion of outstanding stock options and warrants. The exercise or conversion of these securities will result in a significant increase in the number of outstanding shares and substantially dilute the ownership interests of our existing stockholders.

An active trading market for our common stock may not be sustained.

Although our common stock is listed on the Nasdaq Capital Market, an active trading market for our shares may not be developed and if developed, sustained. If an active market for our common stock is not developed or sustained, it may be difficult for you to sell your shares without depressing the market price for the shares or sell your shares at all. Any inactive trading market for our common stock may also impair our ability to raise capital to continue to fund our operations by selling shares and may impair our ability to acquire other companies or technologies by using our shares as consideration.

If we fail to comply with the continued listing requirements of The Nasdaq Stock Market, our Common Stock may be delisted and the price of our Common Stock and our ability to access the capital markets could be negatively impacted.

Our common stock is listed for trading on Nasdaq. In order to maintain our listing, we must satisfy Nasdaq’s continued listing requirements. In 2024, we received multiple notices from Nasdaq indicating that we were not in compliance with Nasdaq continued listing requirements. These notices referenced failures to timely file our Annual Report on Form 10-K for the fiscal year ended December 31, 2023, to timely file our Quarterly Report on Form 10-Q for the fiscal quarter ended March 31, 2024, and failure to maintain minimum stockholders' equity of at least $2.5 million. We have timely cured each of these deficiencies and are currently in compliance with Nasdaq’s continued listing standards. The value of the shares of common stock of Boumarang Inc. that we purchased from Fiber Food Systems, Inc. in connection with our collaboration with Fiber Food Systems increased our stockholders’ equity to a level which satisfied the Nasdaq minimum requirement. As a privately held pre-revenue company, Boumarang is subject to all of the risks and uncertainties inherent in an early-stage enterprise and the value of its shares are subject to fluctuation which could be material. Any material decrease in the value of these shares could cause us our stockholders’ equity to fall below the Nasdaq minimum requirement resulting in the potential delisting of our shares from the Nasdaq stock market. In addition, in recent weeks the trading price of our common stock has fallen below the $1.00 minimum bid required to maintain our listing on Nasdaq. Continued trading below $1.00 per share could subject us to delisting from the Nasdaq stock market. The delisting of our common stock from Nasdaq could materially reduce the liquidity of our common stock and result in a corresponding material reduction in the price of our common stock. Delisting could also harm our ability to raise capital through alternative financing sources on terms acceptable to us, or at all, and may result in the potential loss of confidence by investors, employees and fewer business development opportunities

We may need to raise additional funds in the future through issuances of securities and such additional funding may be dilutive to stockholders or impose operational restrictions.

We may need to raise additional capital in the future to help fund our operations through sales of shares of our common stock or securities convertible into shares of our common stock, as well as issuances of debt. Such additional financing may be dilutive to our stockholders, and debt financing, if available, and may involve restrictive covenants which may limit our operating flexibility. If additional capital is raised through the issuance of shares of our common stock or securities convertible into shares of our common stock, the percentage ownership of existing stockholders will be reduced. These stockholders may experience additional dilution in net book value per share and any additional equity securities may have rights, preferences and privileges senior to those of the holders of our common stock.

Because we do not expect to pay dividends for the foreseeable future, investors seeking cash dividends should not purchase our shares of common stock.

We have never declared or paid any cash dividends on our common stock, and we do not anticipate paying any cash dividends on our common stock in the foreseeable future. Payment of any future dividends will be at the discretion of our board of directors after taking into account various factors, including but not limited to our financial condition, operating results, cash needs, growth plans and the terms of any credit agreements that we may be a party to at the time. Accordingly, investors seeking cash dividends should not purchase shares of our common stock.

Provisions of our certificate of incorporation, bylaws and Delaware law may make a contested takeover of our Company more difficult.

Certain provisions of our certificate of incorporation, bylaws and the General Corporation Law of the State of Delaware (“DGCL”) could deter a change in our management or render more difficult an attempt to obtain control of us, even if such a proposal is favored by a majority of our stockholders. For example, we are subject to the provisions of the DGCL that prohibit a public Delaware corporation from engaging in a broad range of business combinations with a person who, together with affiliates and associates, owns 15% or more of the corporation’s outstanding voting shares (an “interested stockholder”) for three years after the person became an interested stockholder, unless the business combination is approved in a prescribed manner. Our certificate of incorporation also includes undesignated preferred stock, which may enable our board of directors to discourage an attempt to obtain control of us by means of a tender offer, proxy contest, merger or otherwise. Finally, our bylaws include an advance notice procedure for stockholders to nominate directors or submit proposals at a stockholders meeting. Delaware law and our charter may, therefore, inhibit a takeover.

The trading price of our common stock may be volatile.

The trading price of our shares has from time to time fluctuated widely and, in the future, may be subject to similar fluctuations. The trading price may be affected by a number of factors including the risk factors set forth in this Annual Report on Form 10-K as well as our operating results, financial condition, announcements of innovations or new products by us or our competitors, general conditions in the biometrics and access control industries, and other events or factors. We cannot assure you that any of the broker-dealers that currently make a market in our common stock will continue to serve as market makers or have the financial capability to stabilize or support our common stock. A reduction in the number of market makers or the financial capability of any of these market makers could also result in a decrease in the trading volume of and price of our shares. In recent years broad stock market indices, in general, and the securities of technology companies, in particular, have experienced substantial price fluctuations. Such broad market fluctuations may adversely affect the future-trading price of our common stock.

ITEM 1B. UNRESOLVED STAFF COMMENTS

Not applicable.

ITEM 1C. CYBERSECURITY

We take a defense-in-depth approach, leveraging multiple, layered security measures, to protect our data, our customers’ data, our infrastructure, and our employees. We embed data protection throughout our operations and information technology programs, relying on multiple and various controls to prevent and detect threats, with the goal of safeguarding our assets, data and personnel.

We evaluate cybersecurity risks as part of our overall enterprise risk management. A steering committee of senior executives meets quarterly to evaluate any changes to the Company’s exposure to cybersecurity risks, discuss potential mitigation plans, and provide updates on mitigation efforts already underway. Our cybersecurity team keeps up to date on the latest threats and risks through multiple channels and is also involved in evaluating risks associated with any new proposed service providers. We employ a Cybersecurity Engineer, reporting directly to our Chief Technology Officer, who manages our cybersecurity team that is comprised entirely of security professionals with industry recognized certifications. The cybersecurity team within BIO-key is responsible for assessing and managing risks associated with both our internal operations and our use of third-party service providers and informing/gaining feedback from the cybersecurity steering committee. The cybersecurity team within BIO-key is responsible for assessing and managing risks and informing/gaining feedback from the cybersecurity steering committee.

Additionally, our cybersecurity team maintains a comprehensive set of cybersecurity policies and standards, including a security incident response framework. The framework is a set of coordinated procedures and tasks that our incident response team executes to ensure timely and accurate reporting and resolution of computer security incidents. The framework details who, how and when appropriate persons or committees, including the Board of Directors and Audit Committee are kept informed on the status of potential cybersecurity incidents. A summary of recent incidents is also presented by the Chief Law Officer (“CLO”) at each regular Audit Committee meeting. Our policies and standards were developed in collaboration with a wide range of disciplines, including information technology, cybersecurity, legal, compliance and business. Our cybersecurity strategy and policies are continually reassessed to ensure they attempt to identify and proactively address the constant changes in the global threats. Decision makers such as the CLO, executive team, and Audit Committee are regularly kept up to date on cybersecurity trends. Ongoing collaboration with stakeholders throughout the business also helps to build continued awareness and visibility of future needs.

We engage external vendors to assess the cybersecurity program as needed. An independent third party will perform annual multi-stage penetration testing of our IT environment.

Our cybersecurity program is governed by the Audit Committee of our Board. The Audit Committee of the Board and the full Board will each receive quarterly updates on cybersecurity risks identified through the enterprise risk management processes described above.

Notwithstanding our processes to oversee and identify risk from cybersecurity threats, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. We identify nation state-sponsored threat actors and the rise in sophistication and proliferation of ransomware campaigns as top reasonable material risks to the business. The theft, unauthorized use or publication of our intellectual property and/or confidential business or personal information (whether through a breach of our own systems or the breach of a system of a third party that provides services to us) could harm our competitive or negotiating positions, reduce the value of our investment in research and development and other strategic initiatives, compromise our patent enforcement strategies or outlook, damage our reputation or otherwise adversely affect our business. To date there have not been any risks that have materially affected our operations.

See Item 1A. “RISK FACTORS” for a discussion of cybersecurity risks.