NASDAQ: VCYT

VERACYTE, INC.

CIK 0001384101 · Health Services

Mid Revenue $517M Assets $1.4B as of Jul 15, 2026

At Veracyte, we believe that exceptional cancer care begins with exceptional diagnostics. We are a global diagnostics company that empowers clinicians with the high-value insights they need to guide and assure patients at pivotal moments in the race to diagnose and treat cancer. Our high-performing… About this business →

Each report below shows a 3-bullet preview. Free accounts read 3 full reports a month — narrative summary, section diffs, and EDGAR-cited quotes.

Sign up free

Want to see a complete report first? Today's free report (NKE 10-K) is open in full — no account needed.

8-K Filed Jun 11, 2026 · Period ending Jun 10, 2026

Summary not yet generated.

10-Q Filed May 6, 2026 · Period ending Mar 31, 2026

Summary not yet generated.

Partner

Trade VCYT commission-free

Open an account, get a free stock.

Sign up

Investing involves risk. Free stock terms apply.

8-K Filed May 5, 2026 · Period ending May 5, 2026

Summary not yet generated.

8-K Filed Mar 16, 2026 · Period ending Mar 13, 2026

Summary not yet generated.

10-K Filed Feb 26, 2026 · Period ending Dec 31, 2025

Summary not yet generated.

10-Q Filed Nov 5, 2025 · Period ending Sep 30, 2025

Summary not yet generated.

10-K Filed Feb 28, 2025 · Period ending Dec 31, 2024

Summary not yet generated.

About VERACYTE, INC.

Source: Item 1 (Business) from the 10-K filed February 26, 2026. Description as filed by the company with the SEC.

ITEM 1. BUSINESS

General

At Veracyte, we believe that exceptional cancer care begins with exceptional diagnostics. We are a global diagnostics company that empowers clinicians with the high-value insights they need to guide and assure patients at pivotal moments in the race to diagnose and treat cancer. Our high-performing tests enable clinicians to make more confident diagnostic, prognostic and predictive treatment decisions. Insights from these tests help patients avoid unnecessary procedures and interventions and accelerate time to appropriate treatment, thereby improving outcomes for patients across our global markets.

Through our leading portfolio of comprehensive molecular diagnostic tests, we are focused on progressing patient care from the current standard to a more individualized approach, leveraging each patient’s unique cancer biology to improve their outcomes. We serve global markets with two complementary models. In the United States, we offer laboratory developed tests, or LDTs, through our centralized Clinical Laboratory Improvement Amendments of 1988, or CLIA, certified laboratories in South San Francisco and San Diego, California, supported by our cytopathology expertise in Austin, Texas. Outside of the United States, we provide in vitro diagnostic, or IVD, tests to patients through distribution to laboratories and hospitals that can perform the tests locally. In the United States, we currently offer tests in prostate cancer (Decipher Prostate), thyroid cancer (Afirma), breast cancer (Prosigna) and bladder cancer (Decipher Bladder). Our international distribution of IVDs is currently focused on our Prosigna test and, in the future, we intend to offer Decipher Prostate as an IVD.

Read full description ↓

The majority of our revenue presently comes from sales of our Decipher Prostate and Afirma tests. In the near-term, we are focused on continuing to expand Decipher Prostate's penetration and leadership position while also sustaining strong growth for Afirma. We are also focused on investing in innovation to drive durable growth over the medium and long term. In particular, we are prioritizing the following growth drivers: the launch of TrueMRD, our minimal residual disease, or MRD, platform to expand our reach further across the cancer care continuum and the launch of Prosigna as an LDT for the U.S. market to be able to serve more patients in the United States who face a breast cancer diagnosis. In addition, we are focused on longer term growth drivers like the launch of IVD products for patients globally, and solving new cancer challenges, with tests such as our novel Percepta Nasal Swab test for patients identified with a lung nodule.

Our Novel Approach — the Veracyte Diagnostics Platform

We have established a novel approach to drive the successful launch and adoption of our high-performing tests, which we refer to as the Veracyte Diagnostics Platform. This approach leverages broad genomic and clinical data, our deep bioinformatics and artificial intelligence, or AI, capabilities to detect pathology features and support genomic variant identification, and a powerful evidence-generation engine to drive durable reimbursement and guideline inclusion for our tests, along with new insights to support continued innovation and pipeline development.

The Veracyte Diagnostics Platform begins by identifying an unmet clinical need, determining the combination of appropriate biomarkers utilizing cutting-edge genomic and other technologies before tuning our assays with deep scientific and machine learning capabilities.

We then take a comprehensive approach to launching and driving adoption for our tests. We generate extensive genomic and clinical data through our whole-omic approach, fueling insights, evidence and, ultimately, further utility. We currently take a whole-transcriptome approach to our diagnostic, prognostic and predictive tests and with our MRD technology will add a whole-genome approach for treatment effectiveness, monitoring, and disease recurrence detection.

In each case, this data is used to develop a comprehensive and robust assay to address a clinical need. We perform these tests in our clinical labs, also generating a growing repository of data. We then utilize our deep bioinformatic and AI capabilities to derive broad insights that not only support the test in question, but also enable research to demonstrate expanded test utility or support entry into new indications.

Our experienced clinical and medical teams work with our scientific and commercial teams to drive repeated cycles of evidence development. With both prospective and retrospective studies over time, we focus on evidence that allows us to answer key clinical questions while also demonstrating the clinical benefit and impact of our tests, which is needed to drive their adoption and guideline inclusion.

With our years of experience in market access and reimbursement, we work closely with public and private payers to leverage this evidence and meet their clinical utility requirements, which facilitates reimbursement. Our market-leading, real-world utilization then continues to drive more data, which leads to more insights, more evidence and more utility, all of which provide additional support for and confidence in our tests, further increasing durable reimbursement and guideline inclusion for our tests, along with new insights to support continued innovation and pipeline development.

We manage our CLIA labs with a focus on operational excellence and continuous improvement. We measure performance at our CLIA labs using such criteria as lab-processing turnaround time, failure rates and deviation vs. control. We have an active monitoring program to ensure lab operations exceed regulatory requirements. At our CLIA labs, we use a systematic, analytical approach aimed at delivering optimal outcomes for patients and referring physicians, while driving cost and lab-efficiency improvement as we continue to scale our operations.

Serving the U.S. Market With Our Clinical Diagnostic Tests Offered Through Our CLIA Labs

In the United States, our tests are improving patient care in thyroid, prostate, and bladder cancer. All of our tests are serviced through our own CLIA certified laboratories in South San Francisco, California, San Diego, California and Austin, Texas.

Prostate Cancer - Decipher Prostate Genomic Classifiers

An estimated 334,000 men are diagnosed with prostate cancer each year in the United States. Prior to the utilization of genomics, clinicians relied solely on clinical parameters, such as prostate-specific antigen, or PSA, level and pathology to determine the appropriate treatment for each patient. However, those factors alone do not always reflect the true biology of the tumor, which often leads to over- and under-treatment of patients with localized prostate cancer. The Decipher Prostate Genomic Classifier test dramatically improves the physician's ability to personalize therapy for each patient and make more appropriate treatment decisions.

The Decipher Prostate test uses whole-transcriptome analysis and machine learning to assess tumor biology and estimate the risk of developing metastatic disease in localized prostate cancer and the risk of metastatic progression in patients with metastatic disease, helping guide treatment planning. Decipher Prostate is performed on prostate tissue obtained from biopsy or surgical specimens and is used to inform clinical decision-making across the spectrum of prostate cancer, including active surveillance decisions; selection among active surveillance, focal therapy, and definitive treatment; use of androgen deprivation therapy (ADT) with primary radiation therapy, including ADT duration; and the timing and intensity of treatment following radical prostatectomy, including treatment intensification with androgen receptor pathway inhibitors (ARPIs) or chemotherapy. To our knowledge, Decipher Prostate is the only genomic test used across the full continuum of prostate cancer, supported by evidence from more than 115 peer-reviewed, published studies.

The 2026 NCCN Clinical Practice Guidelines in Oncology for Prostate Cancer, or NCCN Guidelines, include a table within the Principles of Risk Stratification describing how Advanced Prognostic Tools may be used to refine risk in clinically localized disease and after radical prostatectomy. In this table, Decipher Prostate is the only gene expression test included, with supporting evidence and treatment guidance provided based on the Decipher score. Decipher Prostate is currently covered by Medicare and commercial payers representing more than 215 million enrollees.

Thyroid Cancer - Afirma Genomic Sequencing Classifier

Each year in the U.S, approximately 650,000 people undergo fine needle aspiration, or FNA, biopsy evaluation for potentially cancerous thyroid nodules. Using traditional cytopathology evaluation many of these patients receive indeterminate results (i.e., not clearly benign or malignant), while many others receive a suspicious for malignancy or malignant result. Historically, most of the patients with indeterminate results were referred to diagnostic surgery, even though 70% to 80% of the time, the nodules proved to be benign.

We developed the Afirma Genomic Sequencing Classifier, or GSC, to determine which patients with indeterminate results are actually benign so that these patients may avoid unnecessary, costly surgery that often leads to the need for lifelong daily thyroid hormone replacement therapy. The test was developed with whole-transcriptome RNA sequencing and machine learning to provide physicians with clinically actionable results from a specimen collected during the FNA biopsy procedure used for initial cytopathology. Afirma GSC testing also provides important gene mutation information to help guide treatment decisions for patients with thyroid nodules that are suspicious for malignancy or malignant based on traditional cytopathology evaluation.

Strong clinical validation data from a multicenter cohort of prospectively collected patient samples were initially published in JAMA Surgery in 2018. The findings showed that the Afirma GSC has a sensitivity of 91% and specificity of 68%, meaning that in a patient population with 24% cancer prevalence – which is expected in clinical practice – the test can identify more than two-thirds of benign thyroid nodules, with a negative predictive value, or NPV, of 96%. In 2022, a meta-analysis of

13 independent studies assessing the test's performance in a real-world clinical setting found a sensitivity of 97%, a specificity of 88%, and an NPV of 99%, reinforcing Afirma's performance.

Afirma GSC and its predecessor, the Afirma Gene Expression Classifier, have been featured in more than 160 peer-reviewed, published studies. These include the original clinical validation study, which was published in The New England Journal of Medicine. Afirma testing is currently included in leading practice guidelines and is covered for over 275 million Medicare and commercial health plan enrollees in the United States.

Our sales team sells Afirma GSC to endocrinologists and other physicians who perform FNA biopsies on patients with thyroid nodules. Physicians can order Afirma GSC testing in one of two ways: by submitting indeterminate FNA samples directly to Veracyte for genomic testing or by submitting FNA samples for initial cytopathology analysis by our partner, Thyroid Cytopathology Partners, with genomic testing performed by Veracyte when the cytopathology is indeterminate. Our online portal enables physicians and their staff to easily submit and track test orders and download results. Afirma GSC is much more commonly used in patients with indeterminate results than patients with suspicious for malignancy or malignant results.

Bladder Cancer - Decipher Bladder Genomic Classifier

Each year in the United States, approximately 85,000 people are expected to be diagnosed with bladder cancer.

Decipher Bladder is a genomic test that measures the molecular profile of bladder cancer using gene expression analysis from transurethral resected bladder tumor specimens. The test was developed for use in bladder cancer patients with high-grade non-muscle-invasive disease who are being considered for treatment and patients with muscle-invasive disease who face the question of immediate cystectomy or systemic treatment in the neoadjuvant setting prior to cystectomy. Decipher Bladder reports the molecular subtype of the tumor specimen as Luminal or Non-Luminal (Luminal Infiltrated, Basal, Basal Claudin-Low or Neuroendocrine-like), with each subtype having distinct biological composition, clinical behavior and predicted benefit from NAC, and may have implications for future therapeutic strategies.

The Decipher Bladder test is supported by multiple peer-reviewed clinical studies demonstrating its ability to identify which patients have a higher risk of upstaging to non-organ confined disease at surgery and which patients may benefit the most from neoadjuvant therapy.

We began commercialization of the Decipher Bladder test in 2021, following final Medicare coverage. The Decipher Bladder test is the first genomic test to be covered by Medicare for patients with bladder cancer.

Investing in Innovation to Drive Durable Growth

Expanding Into Minimal Residual Disease

In 2024, we acquired C2i, an MRD company, or the C2i Acquisition, adding whole-genome MRD capabilities to our novel diagnostics platform and positioning us to serve physicians and their patients further along the care continuum, in combination with our prognostic and predictive diagnostic tests. We believe we can leverage our specialist commercial channels while also building relationships with medical oncologists to partner early in a patient’s care, using our indication-specific focus and expertise to drive adoption from the first diagnostic test onward. MRD testing will expand the value we provide to clinicians to inform whether a patient’s intervention was successful or if management escalation is required.

TrueMRD, our whole-genome, AI-powered approach generates broad signatures from blood more quickly and efficiently than bespoke tumor informed panels. TrueMRD requires less than a tube of blood (as little as 3-4 ml blood, or 1-2 ml plasma), can go from sample to result in just two weeks, and delivers improved performance compared to imaging and other molecular tests. We believe this ability will enable physicians to track a tumor’s progression as it evolves from early diagnosis through patient treatment and follow-up.

We expect our first application for TrueMRD will be a muscle-invasive bladder cancer, or MIBC, MRD test, where we plan to leverage our strong urology commercial channel and have a clear pathway to expected reimbursement. We also plan to utilize TrueMRD to offer additional MRD tests in several other indications. We have submitted a tech assessment to MolDx, who administers Medicare reimbursement in our lab jurisdiction and, subject to a positive response, expect to launch our first MRD test in the first half of 2026.

Breast Cancer - Prosigna Breast Cancer Assay

Breast cancer is the most common cancer and the leading cause of cancer-related death in women worldwide. In 2023, an estimated 2.3 million new cases of breast cancer were diagnosed worldwide. Hormone receptor positive (HR+) breast cancer is the most common type of breast cancer, comprising approximately 70% of cases. We estimate that there are approximately 225,000 patients in the United States and 270,000 patients across Europe diagnosed with HR+ disease annually and potentially eligible for the Prosigna Breast Cancer Assay.

Information about individual patients’ prognosis is the foundation of treatment decision-making and recommendations in breast cancer. However, traditional non-molecular tests are often insufficient to reliably determine patients’ individual risk of recurrence and, therefore, adequately inform therapy decisions.

The Prosigna Breast Cancer Assay is a clinically validated prognostic assay that uses advanced genomic technology and combines clinical and pathological information to help inform next steps for post-menopausal women with early-stage, hormone receptor positive breast cancer, helping them avoid unnecessary toxic chemotherapy or under-treatment. The Prosigna Breast Cancer Assay analyzes the activity of 46 genes in the PAM50 gene signature, and based on molecular subtypes, proliferation score, and clinical-pathological features, can provide a hormone-receptor positive, early-stage breast cancer patient and their physician with a prognostic risk-of-recurrence score that indicates the probability of cancer recurrence over the next ten years.

The Prosigna Breast Cancer Assay utilizes formalin-fixed and paraffin-embedded breast cancer tissue and is offered as an IVD test that runs on the nCounter Analysis System and is expected to be offered as an LDT run out of our CLIA lab for patients in the United States as soon as 2026. The test has been CE-IVD marked, showing that it currently conforms with European Union regulations, and is available for use by healthcare professionals in the European Union and other countries that recognize the CE mark.

The Prosigna Breast Cancer Assay is currently sold to laboratories outside the United States by our direct sales team and through distributors in certain countries. With the launch of the Prosigna LDT, our sales team will sell to physicians, particularly medical oncologists, treating breast cancer patients in the United States. The test is clinically validated in studies published in Annals of Oncology and the Journal of Clinical Oncology. The test is recommended in guidelines from the National Comprehensive Cancer Network and the American Society of Clinical Oncology in the United States. Outside of the United States, the test is included in leading medical guidelines, including from the National Institute for Health and Care Excellence in the United Kingdom and the European Society for Medical Oncology.

Driving Global Growth with Distributed IVD Tests

Once we have developed robust clinical evidence and physician adoption of our tests in the United States, we aim to drive further patient access by launching them, as appropriate, into global markets as IVD tests. This approach enables our tests to be performed locally in laboratories and hospitals worldwide, which we believe facilitates market access and physician adoption in strategic global markets such as the EU.

We currently offer our Prosigna breast cancer IVD test in Europe, the Middle East, Asia Pacific and Latin America on the nCounter Analysis System, for which we acquired the exclusive worldwide license for clinical IVD test use in 2019. In 2023, we announced a multi-year agreement with Illumina, Inc. to also develop and offer some of our molecular tests in Canada, Europe, the Middle East, Asia Pacific and Latin America as decentralized IVD tests on their NextSeq 550Dx NGS instrument thereby leveraging the large installed base. We expect to launch our Prosigna Breast Cancer Assay on the NextSeq 550Dx system. We are also currently developing our Decipher Prostate test as a quantitative polymerase chain reaction-based, or qPCR-based, test to be launched as a decentralized IVD test outside of the United States.

Solving New Cancer Challenges With the Percepta Nasal Swab Test

Lung cancer has the highest mortality rate of all cancers worldwide, causing approximately 1.8 million deaths each year. Lung nodules are typically the first sign of lung cancer and should not be ignored, however most of them are benign. Physicians currently have limited objective tools to help accurately determine which patients with lung nodules found on computerized axial tomography, or CT, scans have cancer. Approximately 15 million patients are now recommended for annual lung cancer CT screening to detect potentially cancerous lung nodules early. Approximately 2.7 million Americans are screened annually for lung cancer, and about 1.6 million lung nodules are found incidentally each year. We developed the noninvasive Percepta Nasal Swab test to help physicians more accurately, quickly and confidently determine lung cancer risk so that patients whose lung nodules are benign may avoid unnecessary invasive procedures and patients whose nodules are likely cancerous may proceed to further diagnostic work-up and, if necessary, treatment.

The Percepta Nasal Swab test is built upon foundational "field of injury" science, through which genomic changes associated with lung cancer in current and former smokers are detected using a sample collected non-invasively from the nasal passage. Clinical validation data published in the journal CHEST showed that when the Percepta Nasal Swab test identified patients as low risk, its sensitivity was 97%, providing a negative predictive value, or NPV, of 98% in a population with the 25% cancer prevalence that would be expected in a broad cohort with suspicious lung nodules. We believe this NPV can assist physicians in avoiding unnecessary invasive procedures in these patients with a very small likelihood of missing a cancer. When the test identified patients as high risk, its specificity was 92%, for a positive predictive value, or PPV, of 70% at a malignancy rate of 25%. Given these data, we believe the Percepta Nasal Swab test would assist physicians in directing these

patients to further procedures so they could obtain an accurate diagnosis and speed time to treatment, if necessary. Patients in the moderate risk group could be managed according to current clinical guidelines.

Biopharmaceutical and Other Revenue

From time to time, we partner with biopharmaceutical companies that rely on data from our CLIA tests to provide unique insights into the genetic underpinnings of disease.

Reimbursement

United States

Revenue from sales of our tests comes from several sources, including commercial third-party payers, such as insurance companies and health maintenance organizations, government payers, such as Medicare and Medicaid, and patients.

Medicare generally covers molecular diagnostic tests through individual Medicare Administrative Contractors, or MACs. Medicare coverage for most of Veracyte’s tests is determined through the MolDX program, administered by the MAC, Palmetto GBA. Through Local Coverage Determinations, or LCDs, and associated coverage articles, MolDX covers Afirma GSC, Decipher Prostate, Decipher Bladder, and Prosigna. For testing services that do not fall within the scope of the MolDX program, coverage may be adjudicated by the MAC with jurisdiction over the laboratory that performs the test, either via an LCD or on a claim-by-claim basis.

Medicare prices clinical diagnostic laboratory tests, or CDLTs, on the Clinical Laboratory Fee Schedule, or CLFS, under section 1833(h) of the Social Security Act, or the SSA. Section 216(a) of the Protecting Access to Medicare Act of 2014, or PAMA, made extensive revisions to the Medicare CLFS coding, rate setting processes, and laboratory payment reporting for CDLTs, and created a new subcategory of CDLTs called Advanced Diagnostic Laboratory Tests, or ADLTs, with separate reporting and payment requirements. We submit claims to payers directly using unique American Medical Association Current Procedural Terminology, or CPT, codes when they exist for our products and services and use either miscellaneous or common CPT codes for non-proprietary testing services or when unique codes do not exist. When miscellaneous CPT codes are used for testing, Medicare pricing is determined by the local MAC.

In 2016, the Centers for Medicare and Medicaid Services, or CMS, issued the final rule to implement the requirements of the Protecting Access to Medicare Act of 2014, or PAMA, which significantly revised the Medicare payment system for CDLTs. Under the final rule, for CDLTs furnished on or after January 1, 2018, the amount Medicare pays is equal to the weighted median of private payer rates for the CDLTs, reported annually for ADLTs and triennially for CDLTs. Since the initial implementation of PAMA, Congress has extended the payment review cycle on multiple occasions. Most recently, Congress passed the Consolidated Appropriations Act, 2026, which included revisions to the PAMA review cycle. The first PAMA data reporting period for CPT 81546 (Afirma GSC), CPT 81542 (Decipher Prostate), and CPT 0016U (Decipher Bladder) under the current triennial data reporting schedule is expected to occur between May 1 through July 31, 2026 based on the data collection period of January 1 through June 30, 2025. This could result in updated reimbursement rates effective January 1, 2027 through December 31, 2029.

Third-party payers, including Medicare, have specific and often complex billing rules, failure to abide by which may result in denials, audits, and/or refund requests. We work with commercial payers to establish medical coverage policies for our tests and services, negotiate network status and contracted rates. Payment from third-party payers differs depending on whether we have entered into a contract with the payers as a “contracted, participating provider” or do not have a contract and are considered a “non-contracted, non-participating provider.” Payers will often reimburse non-contracted providers, if at all, at a lower rate than contracted providers.

When we contract to serve as a contracted provider, reimbursements are made pursuant to a negotiated fee schedule and are limited to only covered indications. Becoming a contracted provider generally results in higher reimbursement for covered indications and lack of reimbursement for non-covered indications. As a result, the impact of becoming a contracted provider with a specific payer will vary.

In some cases, third party payers may request audits of the amounts paid to us. This may require us to repay certain amounts to payers as a result of such audits.

Factors that impact reimbursement include, among others:

•variability in medical policies indicating coverage for our products and services;

•contracted/network status and claims adjudication as in-network or out of network and corresponding patient co-pay/coinsurance responsibilities;

•patient financial assistance programs;

•changes to American Medical Association's CPT coding rules and edits;

•Medicare clinical laboratory and physician fee schedules;

•government sequestration;

•Medicaid fee schedules;

•contracted rates for our diagnostics;

•utilization management or prior authorization processes and steps put in place by commercial payers ensuring medical necessity of services ordered for patients;

•billing errors; and

•claims disputes.

For the years ended December 31, 2025, 2024 and 2023, respectively, revenue was represented by the indicated percent for each payer:

Medicare Fee-For-Service accounted for 34%, 33% and 35% of our testing revenue. Medicare Advantage, paid for by commercial payers, accounted for 18%, 17%, and 14% of our testing revenue. Medicaid accounted for 1%, 1%, and 1% of our testing revenue. Private commercial payers accounted for 47%, 49%, and 50% of our testing revenue.

In Vitro Diagnostic Tests

For our IVD tests, we bill hospital and laboratory customers directly for test kits they order. Our customers subsequently bill third-party payers for reimbursement. We continue to drive Prosigna reimbursement efforts in Europe and other global markets through the development of clinical and other evidence to support the test’s inclusion in guidelines and coverage programs. The test is currently reimbursed in Germany, France, Spain, Portugal, Italy, Netherlands, Norway, Sweden, Denmark, Austria, Lithuania, Switzerland, Canada, England, Scotland, and Israel.

Competition

Our main competition are companies that use next generation sequencing technology or other methods to measure genomic biomarkers in disease areas addressed by our tests.

Our Afirma test faces competition from companies that use next generation sequencing technology or other methods to measure mutational markers such as BRAF and KRAS, along with numerous other mutations. These organizations include, for example, Interpace Diagnostics Group, Inc. and ThyroSeq (marketed by Sonic Healthcare Limited), as well as others who are developing new products or technologies that may compete with our tests.

Our Decipher Prostate test faces competition from Myriad Genetics, Inc., or Myriad Genetics, and MDxHealth, SA, or MDxHealth, which offer genomic testing for prognostic purposes within localized prostate cancer. Additionally, traditional methods used by pathologists and clinicians to estimate risk of disease progression pose competitive threats to our business. Companies seeking to combine traditional pathology methods and AI powered image analysis, such as ArteraAI, could potentially emerge as competitors. In bladder cancer, we are not currently aware of a direct competitor offering genomic testing for prognostic purposes that match the intended use population for our test. However, DNA mutational analysis, traditional clinical methods and nomograms are currently in use by physicians for similar purposes.

We believe our primary competition in MRD for MIBC is Natera, Inc. For future indications we choose to serve, competition may come from numerous other companies, including but not limited to, Natera, Inc., Guardant Health, Inc., Exact Sciences Corporation, Personalis, Myriad Genetics, Neogenomics, Inc., Quest Diagnostics, Billion-To-One, Caris Life Sciences or TempusAI, Inc.

In addition, competitors may develop their own versions of our solutions in countries we may seek to enter where we do not have patents or where our intellectual property rights are not recognized, and compete with us in those countries, including encouraging the use of their solutions by physicians in other countries.

We believe key factors contributing to our success in the market include our Veracyte Diagnostics Platform, scientific and technological excellence, evidence of clinical differentiation underscored by the breadth of publications supporting our tests, strong KOL support and payer coverage policies for our tests. We believe our strength across these areas form a barrier to entry and a competitive advantage. Our specialist channels and relationships allow us to enter the cancer care continuum at the beginning of a cancer patient’s journey, which positions us to more easily move down through that journey from diagnosis through treatment and monitoring. However, our competitive landscape may change over time as new competitors enter the market. As we add new tests and services, we will face many of these same competitive risks.

Patents and Proprietary Technology

In order to remain competitive, we must develop and maintain protection of the proprietary aspects of our technologies. To that end, we rely on a combination of patents, copyrights and trademarks, as well as contracts, such as confidentiality, invention assignment and licensing agreements. We also rely upon trade secret laws to protect unpatented know-how and continuing technological innovation. In addition, we have what we consider to be reasonable security measures in place to maintain confidentiality. Our intellectual property strategy is intended to develop and maintain our competitive position.

We apply for, and in-license, patents covering our products and technologies and uses thereof, as we deem appropriate; however, we may fail to apply for patents on important products and technologies in a timely fashion or at all, or we may fail to apply for patents in potentially relevant jurisdictions. Our issued patents expire between 2027 and 2040.

We intend to file additional patent applications in the United States and abroad to strengthen our intellectual property rights; however, our patent applications may not result in issued patents in a timely fashion or at all, and we cannot assure investors that any patents that have issued or might issue will protect our technology. We have received and may in the future receive notices of claims of potential infringement from third parties.

We hold registered trademarks in the United States for “Veracyte,” “Afirma,” “Percepta,” “Envisia,” “Prosigna,” “Lymphmark,” “Decipher,” “GRID,” “C2i,” “C2i Genomics” and the Veracyte logo, and a pending trademark application for “TrueMRD”. We also hold registered trademarks in various jurisdictions outside of the United States.

We require all employees and consultants working for us to execute confidentiality agreements, which provide that all information received by them during the course of the employment or consulting relationship be kept confidential, except in specified circumstances. Our agreements with our employees provide that all inventions, discoveries and other types of intellectual property, whether or not patentable or copyrightable, conceived by the individual while he or she is employed by us, are assigned to us. We cannot provide any assurance, however, that employees and consultants will abide by the confidentiality or assignment terms of these agreements. Despite measures taken to protect our intellectual property, unauthorized parties might copy aspects of our technology or obtain and use information that we regard as proprietary.

Environmental Matters

Our operations require the use of hazardous materials (including biological materials) which subject us to a variety of federal, state and local environmental and safety laws and regulations. Some of these regulations provide for strict liability, holding a party potentially liable without regard to fault or negligence. We could be held liable for damages and fines as a result of our, or others’, business operations should contamination of the environment or individual exposure to hazardous substances occur. We cannot predict how changes in laws or new regulations will affect our business operations, or the cost of compliance. Historically, the cost of compliance for these safety laws and regulations related to the protection of the environment has not materially impacted our operations. There were no material capital expenditures related to environmental compliance in the year ended December 31, 2025. Similarly, we do not anticipate any significant expenditures for the year ending December 31, 2026.

Raw Materials and Suppliers

We procure reagents, equipment, and other materials that we use to perform our tests from sole suppliers. We also purchase components used in our collection kits from sole-source suppliers. Some of these items are unique to these suppliers and vendors. In addition, we utilize external providers to assemble and distribute our sample collection kits. While we have developed alternate sourcing strategies for these materials and vendors where possible, we cannot be certain whether these strategies will be effective, or the alternative sources will be available when we need them. If these suppliers can no longer provide us with the materials we need to perform the tests or for our collection kits, if the materials do not meet our quality specifications or are otherwise unusable, if we cannot obtain acceptable substitute materials, if materials become unavailable, or if we elect to change suppliers, an interruption in test processing could occur, we may not be able to deliver patient reports and we may incur high switching costs. Any such interruption may significantly affect our future revenue, cause us to incur higher costs, and harm our customer relationships and reputation. In addition, in order to mitigate these risks, we maintain inventories of these supplies at higher levels than would be the case if multiple sources of supply were available. If our test volume decreases or we switch suppliers, we may hold excess inventory with expiration dates that occur before use which would adversely affect our losses and cash flow position. As we introduce any new test or make changes to existing tests, we may experience supply issues as we ramp test volume.

Legal Proceedings

From time to time, we may be party to lawsuits in the ordinary course of business. We are currently not a party to any material legal proceedings. Certain legal proceedings in which we are involved are discussed in Note 7, Commitments and Contingencies, to the accompanying consolidated financial statements.

Regulation

Clinical Laboratory Improvement Amendments of 1988, or CLIA

As a clinical reference laboratory, we are required to hold certain federal, state and local licenses, certifications and permits to conduct our business. In the U.S., we are subject to CLIA, a federal law that regulates clinical laboratories that test specimens derived from humans for the purpose of providing information for the diagnosis, prevention or treatment of disease. Under CLIA, we are required to hold a certificate applicable to the type of laboratory examinations and tests we perform and to comply with standards covering personnel qualifications, facilities administration, quality systems, inspections, and proficiency testing. We must maintain CLIA compliance and certification to sell our tests and be eligible to bill state and federal healthcare programs, as well as many private third-party payers.

Moreover, if one of our clinical reference laboratories is out of compliance with CLIA requirements, we may be subject to sanctions such as suspension, limitation or revocation of our CLIA certificate, as well as directed plan of correction, state on-site monitoring, civil money penalties, civil injunctive suit or criminal penalties, or cancellation of our approval to receive payments under Medicare for our services. If we were to be found out of compliance with CLIA requirements and subjected to sanctions, our business could be harmed.

We hold CLIA certifications to perform testing at our South San Francisco and San Diego, California; and Austin, Texas laboratory locations. To renew our CLIA certificates, we are subject to survey and inspection every two years to assess compliance with program standards. Moreover, CLIA inspectors may conduct random inspections of our clinical reference laboratories. If we in the future fail to maintain CLIA certificates in our laboratory locations, we would be unable to bill for services provided by state and federal healthcare programs, as well as many private third-party payers, which may have an adverse effect on our business, financial condition and results of operations.

State Laboratory Licensing

California Laboratory Licensing

In addition to federal certification requirements of laboratories under CLIA, licensure is required and maintained for our South San Francisco and San Diego, California and Austin, Texas clinical reference laboratories under California law. Such laws establish standards for the day-to-day operation of a clinical reference laboratory, including the training and skills required of personnel and quality control. In addition, California laws mandate proficiency testing.

If our clinical reference laboratories are out of compliance with California standards, the California Department of Public Health, or CDPH, may suspend, restrict or revoke our license to operate our clinical reference laboratories, assess substantial civil money penalties, or impose specific corrective action plans. Any such actions could materially affect our business. We maintain current licenses in good standing with CDPH. However, we cannot provide assurance that CDPH will at all times in the future find us to be in compliance with all such laws.

New York Laboratory Licensing

Our South San Francisco, San Diego and Austin clinical reference laboratories are required to be licensed by New York, under New York laws and regulations before we receive specimens from New York. The New York laws and regulations establish standards for:

•quality management systems;

•qualifications, responsibilities, and training;

•facility design and resource management;

•pre-analytic, analytic (including validation and quality control), and post-analytic systems; and

•quality assessments and improvements.

New York law also mandates proficiency testing for laboratories licensed under New York law, regardless of whether such laboratories are located in New York. If a laboratory is out of compliance with New York statutory or regulatory standards, the New York State Department of Health, or NYSDOH, may suspend, limit, revoke or annul the laboratory's New York license, censure the holder of the license or assess civil money penalties. Statutory or regulatory noncompliance may result in a laboratory's operator being found guilty of a misdemeanor under New York law. NYSDOH also must approve laboratory developed tests before the test is offered in New York; approval has been received for the Afirma GSC, Decipher Prostate and Decipher Bladder tests. NYSDOH approval has also been received for Percepta Nasal Swab in support of our clinical trial. Should we be found out of compliance with New York laboratory standards of practice, we could be subject to sanctions, which could harm our business. We maintain a current license in good standing with NYSDOH for our South San Francisco and San Diego, California; and Austin, Texas laboratories. We cannot provide assurance that the NYSDOH will at all times find us to be in compliance with applicable laws.

Other States' Laboratory Licensing

In addition to New York and California, other states require licensing of in-state and out-of-state laboratories under certain circumstances. For example, Pennsylvania, Maryland and Rhode Island require licenses to test specimens from patients in those states. We have obtained licenses from states where we believe we are required to be licensed and believe we are in compliance with applicable licensing laws.

From time to time, we may become aware of other states that require in-state or out-of-state laboratories to obtain licensure in order to accept specimens from, or conduct laboratory operations in, the state, and it is possible that other states will have such requirements in the future. If we identify any other state with such requirements or if we are contacted by any other state advising us of such requirements, we intend to comply with such requirements.

United States Regulation of Laboratory Testing

Food and Drug Administration: In Vitro Diagnostics and Diagnostic Kits

IVDs and diagnostic kits, including collection systems that are sold and distributed in the United States, are regulated as medical devices by the FDA. Devices subject to FDA regulation must undergo premarket review prior to commercialization unless exempt from such review. In addition, manufacturers of medical devices must comply with various regulatory requirements under the Federal Food, Drug, and Cosmetic Act, or FDC Act, and implementing regulations promulgated thereunder. Entities that fail to comply with FDA requirements may be subject to, among other things, issuance of inspectional observations on Form FDA-483, untitled or warning letters, recalls, import detentions, seizures, or injunctions, including orders to cease manufacturing, and can be liable for civil money penalties or criminal prosecution.

The FDC Act sets forth the classifications of medical devices into one of three categories based on the risks associated with the device and prescribes the levels of controls appropriate for each of the three classes to help ensure reasonable assurance of safety and effectiveness. Class I devices are considered to be low risk and are generally exempt from FDA premarket notification requirements. Class I devices are subject to general regulatory controls. When general controls are considered insufficient to provide reasonable assurance of safety and effectiveness, but there is sufficient information to establish special controls to provide such assurance, FDA will classify the device as a Class II device. Unless exempt, for Class II devices, the FDC Act requires the submission to FDA of a premarket notification, referred to as a “510(k),” which must provide data and information showing that the device is substantially equivalent to an already legally marketed device, referred to as a predicate device, with respect to the indications for use and the product’s technological characteristics. If the data and information are sufficient to show that the device is substantially equivalent to the predicate device, FDA issues a Substantially Equivalent letter clearing the device for marketing.

If there is insufficient information to support classifying a device into Class I or Class II and the device is life-sustaining or life-supporting or is substantially important in preventing impairment of human health or presents a potential unreasonable risk of illness or injury, FDA places the device into Class III. Class III devices are considered the highest risk devices and generally require significant data and information, including testing data and data from nonclinical and clinical studies, to provide reasonable assurance of the device's safety and effectiveness. For Class III devices, FDA requires the submission and FDA approval of a premarket application, or PMA, before they can be marketed.

Certain devices are classified as Class III devices automatically, by operation of law, when the device does not have a predicate device or is found to not be substantially equivalent to a predicate device. If there is sufficient evidence to show that the device is a lower risk device, a manufacturer may ask FDA to reclassify the device into Class II or Class I by submitting a

De Novo classification request. When FDA reclassifies a device through the De Novo process, other manufacturers of the same device type do not necessarily have to submit a De Novo request or a PMA in order to legally market the device. Instead, manufacturers can submit a 510(k), unless the device has been classified as 510(k)-exempt, to legally market their device, because the device that was the subject of the original De Novo request can serve as a predicate device for a substantial equivalence determination. If FDA does not issue an order granting the De Novo request for reclassification, the device will remain a Class III device and be subject to PMA requirements to obtain marketing authorization.

Establishments that manufacture or, in certain situations, distribute FDA-related medical devices, including manufacturers, repackagers and relabelers, specification developers, and initial importers, are required to register and list their devices with the FDA, including payment of annual user fees.

Devices that may be legally marketed are subject to numerous regulatory requirements. These include: good manufacturing practice requirements for medical devices as set out in the Quality Management System Regulation, or QMSR, labeling regulations, restrictions on promotion and advertising, the Medical Device Reporting regulation, or MDR (which requires manufacturers to report certain adverse events and product malfunctions to the FDA), and the Reports of Corrections and Removals regulation (which requires manufacturers to report certain field actions to the FDA). Certain corrections and market removals may also be subject to FDA’s recall regulation and procedures.

The FDA has issued a regulation outlining specific requirements for "specimen transport and storage containers." "Specimen transport and storage containers" are medical devices "intended to contain biological specimens, body waste, or body exudate during storage and transport" so that the specimen can be destroyed or used effectively for diagnostic examination. A specimen transport and storage container is classified as a Class I exempt device, which means that the device is exempt from the 510(k) premarket notification requirement and, if not labeled or otherwise represented as sterile, the QMSR, except for recordkeeping and complaint handling requirements. These 510(k) exempt devices are still subject to general controls, including MDR requirements, the reporting of corrections and removals, and establishment registration and product listing.

The FDA enforces the requirements described above by various means, including inspection and market surveillance. If the FDA finds a violation, it can institute a wide variety of enforcement actions, ranging from an Untitled Letter or Warning Letter to more severe sanctions such as:

•fines, injunctions, and civil money penalties;

•recall or seizure of products;

•operating restrictions, partial suspension or total shutdown of production; and

•criminal prosecution.

Federal Oversight of Laboratory Developed Tests and Research Use Only Products

Clinical laboratory tests like our proprietary genomic tests are regulated under CLIA, as well as by applicable state laws. Clinical laboratory tests that are developed and run within a single CLIA-certified laboratory are referred to as laboratory developed tests, or LDTs, by the FDA. Currently, the FDA believes these tests meet the definition of a device under the FDC Act and that it has the authority to regulate them. Historically, the FDA generally exercised enforcement discretion, meaning that it did not require premarket review, quality system/current Good Manufacturing Practices regulations, and other applicable medical device requirements for LDT developers and users.

In May 2024, the FDA published a final rule to phase out its policy of enforcement discretion over LDTs, and that rule was vacated by a federal district court on March 31, 2025. As part of its current enforcement discretion policy, the FDA could still decide to pursue enforcement action at any time against LDTs that it deems to be violative of its regulations when appropriate.

We believe that our Decipher Prostate test, Afirma classifier and Decipher Bladder test, have been developed and are performed in a manner consistent with the FDA’s enforcement discretion policy.

Some of the materials we use for our tests and that we may use for future tests are IVD products intended and labeled for research use only, or RUO, or investigational use only, or IUO. An RUO product cannot be used for any human clinical purpose and must be labeled "For Research Use Only. Not for use in diagnostic procedures." RUOs are a separate regulatory category and include IVD products that are in the laboratory research phase of development. They are therefore not subject to most FDA regulatory requirements, so long as they are properly labeled and used in accordance with such labeling. RUOs

cannot be marketed with any claims, or in a manner indicating, that the device is safe, effective, or has diagnostic utility, or is intended for human clinical diagnostic or prognostic use. The FDA has advised that if evidence demonstrates that a product is inappropriately labeled for research or investigational use only, the device would be considered misbranded and adulterated within the meaning of the FDC Act. In the guidance, the FDA stated that the manufacturer’s objective intent for an RUO or IUO product’s intended use will be determined by examining the totality of circumstances, including advertising, instructions for clinical interpretation, presentations that describe clinical use, and specialized technical support, surrounding the distribution of the product in question.

While we qualify all materials used in our diagnostic services according to CLIA regulations, we cannot be certain that the FDA might not promulgate rules or issue guidance documents that could affect our ability to purchase materials necessary for the performance of our diagnostic services. Should any of the reagents obtained by us from vendors and used in conducting our diagnostic services be affected by future regulatory actions, our business could be adversely affected by those actions, including increasing the cost of service or delaying, limiting or prohibiting the purchase of reagents necessary to perform the service.

We cannot provide any assurance that FDA premarket review or other requirements will not be imposed in the future for our diagnostic services, whether through additional guidance or regulations issued by the FDA, new enforcement policies adopted by the FDA or new legislation enacted by Congress. In March 2025, a federal district court vacated the FDA’s 2024 final rule that would have increased FDA regulation of LDTs, and the FDA did not appeal that decision; however, the regulatory and legislative landscape remains uncertain and could change. Legislative proposals addressing oversight of LDTs were introduced in recent years, including most recently the Verifying Accurate Leading-edge IVCT Development (VALID) Act of 2023 in March 2023, and we expect that new legislative proposals will be introduced from time to time. It is possible that legislation could be enacted into law or regulations, or guidance could be issued by the FDA which may result in new or increased regulatory requirements for us to continue to offer our tests or to develop and introduce new tests.

If premarket review, clearance, or approval is required for the tests that we market as LDTs, our business could be negatively affected until such review is completed and clearance or approval to market is obtained, and the FDA could require that we stop selling our tests pending premarket clearance or approval. If our tests are allowed to remain on the market but there is uncertainty about the legal status of our services, if we are required by the FDA to label them investigational, or if the FDA limits the use and corresponding labeling claims, order levels may decline, and reimbursement may be adversely affected. The regulatory process may involve, among other things, successfully completing additional clinical studies and submitting to the FDA a premarket notification to obtain clearance or submitting a De Novo classification request or PMA to obtain approval to market the device. If clearance or approval is required by the FDA, there can be no assurance that our tests will be cleared or approved on a timely basis, if at all, nor can there be any assurance that approved labeling claims or labeling claims subject to cleared indications for use will be consistent with our current claims or adequate to support continued adoption of and reimbursement for our solutions. Ongoing compliance with FDA regulations would increase the cost of conducting our business, and subject us to heightened requirements of the FDA and penalties for failure to comply with these requirements. We may also decide voluntarily to pursue FDA premarket review of our tests to obtain marketing clearance or approval if we determine that doing so would be appropriate.

European Union Regulation of Laboratory Testing

In the European Union, or EU, only in vitro diagnostics that have a medical purpose are regulated as IVD medical devices, or IVD MDs, under the legal frameworks described below. In contrast to other IVDs, IVD MDs are intended to provide information on, among other things, a person’s physiological or pathological state, disease, or treatment response.

Directive 98/79/EC

IVD MDs previously were regulated under EU-Directive 98/79/EC, or the IVDD, and corresponding national provisions.

The IVDD required that IVD MDs meet certain essential requirements, which were set out in Annex I of the IVDD. To demonstrate compliance with the essential requirements, IVD MDs needed to undergo a conformity assessment procedure. As a general rule, demonstration of conformity of IVD MDs and their manufacturers with the essential requirements needed to be based, among other things, on adequate performance evaluation data supporting the safety and performance of the products during the intended conditions of use.

IVD MDs must bear the CE marking of conformity when placed on the market, unless a specific exemption applies. Compliance with the IVDD essential requirements was a prerequisite for a manufacturer to be able to affix a CE mark, which

was a declaration by the manufacturer that the IVD MD met all the appropriate requirements under the IVDD and corresponding national provisions, as applicable.

Under the IVDD, for most IVD MDs, manufacturers used to “self-declare” the conformity of their IVD MDs with the essential requirements of the IVDD. For types of IVD MDs listed in Annex II of the IVDD and devices for self-testing, a conformity assessment procedure required the intervention of a notified body. Notified bodies are independent organizations designated by EU member states to assess the conformity of medical devices, including IVD MDs that qualify as such when required, with all relevant requirements under the applicable laws before a CE mark is affixed to the device and the device is placed on the market. The notified body would typically audit and examine the device’s technical file and the manufacturer’s quality system, though conformity with the relevant harmonized standards – which is ISO 13485:2016 for Quality Management Systems – can be used to demonstrate compliance with these requirements. If satisfied that the IVD MD conforms to the relevant requirements, the notified body issues a certificate of conformity, which the manufacturer uses as a basis for its own declaration of conformity.

Prosigna continues to be marketed in the EU/EEA as a self-declared CE marked device under the IVDD as regulated under a transition arrangement defined in the Regulation EU 2017/746, or IVDR, and as amended.

In Vitro Diagnostic Medical Device Regulations (2017/746)

The EU regulatory landscape concerning medical devices and IVD MDs has and continues to change significantly. The IVDD was replaced with the full implementation of the In Vitro Diagnostic Medical Device Regulations (2017/746), or IVDR, in the EU on 26 May 2022. In July 2024, certain transition timelines were extended, where IVD MDs can continue to be placed on the market under the IVDD for a certain period of time based on the risk class of the IVD MD, provided manufacturers meet the expectations set forth when the transition timelines were extended.

The main aims of the IVDR are to standardize diagnostic procedures throughout the EU, increase reliability of diagnostic analysis and enhance patient safety. As such, IVD MDs are subject to additional regulatory scrutiny now that the IVDR has come into force fully.

The IVDR introduced a rule-based classification system, whereby IVD MDs must be classified into one of four classes: A, B, C or D. Class A is the lowest risk, and Class D is the highest. These take into account the intended purpose of the IVD MD and its inherent risks. According to the IVDR classification rules, all cancer diagnostics are classified as Class C devices, so any Veracyte cancer diagnostic to be placed on the market in the EU would be classified as Class C. Prosigna is currently marketed as a so-called “legacy” device placed on the market under the IVDD in the EU. The device is currently undergoing transition (via Notified Body review and quality system audit) as an IVDR Class C device.

The IVDR also introduces new requirements for conformity assessments. In particular, substantially more IVD MDs will require the involvement of a notified body to be able to affix a CE mark to the IVD MD. In addition, under the IVDR there is a greater emphasis on post-market surveillance and submission of post-market performance follow-up reports. In addition, the EU introduced a new compulsory role, the Person Responsible for Regulatory Compliance (PRRC). This individual has regulatory oversight of all IVD MDs placed on the market by Veracyte as manufacturer in the EU and reports directly to senior management. Together with the CEO, the PRRC is legally responsible for ensuring regulatory compliance, including safety, under the IVDR.

In December 2025, the European Commission published a proposal to amend the IVDR, aimed at, among other things, reducing administrative burdens and improving conformity assessments. The proposal is now under consideration by the European Parliament and the Council and may lead to changes to the IVDR in the future.

United Kingdom, or UK, Regulation of Laboratory Testing

Following the UK’s departure from the EU, the IVDR was not implemented in Great Britain (England, Scotland and Wales). The Medicines and Healthcare products Regulatory Agency, or MHRA, has become the sovereign regulatory authority responsible for the Great Britain medical device market according to the requirements provided in the Medical Devices Regulations 2002 (SI 2002 No 618, as amended). The UK regulation implemented the three pre-existing EU directives, including the IVDD. Regulations require medical devices to be registered with the MHRA before being placed on the Great Britain market. The MHRA only registers devices where the manufacturer or their United Kingdom, or UK, Responsible Person has a registered place of business in the UK. Manufacturers based outside the UK need to appoint a UK Responsible Person that has a registered place of business in the UK to register devices with the MHRA. Additionally, in Great Britain, all medical

devices will require a UK Conformity Assessed, or UKCA, mark but CE marks (IVDD self-certified or IVDR issued by EU notified regulatory bodies, subject to validity of the certificate in the EU) will remain valid until June 30, 2030. Manufacturers may choose to use the UKCA mark on a voluntary basis until June 30, 2030.

For the time being, the regulatory regime for medical devices and IVD MDs in Great Britain (England, Scotland and Wales) continues to be based on the requirements derived from current EU legislation. The MHRA seeks to amend the UK Medical Devices Regulations 2002, in particular to create a new access pathway to support innovation, create an innovative framework for regulating software and artificial intelligence as medical devices, reform IVD MD regulation, and foster sustainability through the reuse and remanufacture of medical devices. For IVD medical devices, the regime is expected to come into force in July 2030, coinciding with the end of the acceptance period for EU CE marks in Great Britain, subject to appropriate transitional arrangements. On June 26, 2022, the MHRA published its response to a 10-week consultation on the post-Brexit regulatory framework for medical devices and diagnostics. Regulations implementing the new regime came into force in July 2025. Until the final legislation and accompanying guidance has been published there will remain uncertainty as to the future IVD regulatory requirements in Great Britain.

In addition, a new route to market and accompanying mark, the UKCA, has been introduced to enable manufacturers to place medical devices and IVDs on the market in Great Britain. The requirements for this route to market are based on the requirements derived from EU law as currently implemented in the UK. CE marks and certificates issued by EU-designated notified regulatory bodies for medical devices and IVDs will continue to be valid for the Great Britain market until 2028 and 2030, respectively. For medical devices, including IVDs, placed on the market in Great Britain after this period, the UKCA marking will be mandatory. In contrast, UKCA marking and certificates issued by UK notified regulatory bodies are not recognized on the EU market.

The position in Northern Ireland is different to Great Britain. The rules for placing medical devices and IVDs on the Northern Ireland market align with the rules in the EU and, as such, the IVDR will apply in Northern Ireland and will take effect in accordance with EU timeframes and transitional periods. Therefore, devices marketed in Northern Ireland will require assessment according to the EU regulatory regime. Such assessment may be conducted by an EU notified body, in which case a CE mark will be required before placing the device on the market in the EU or Northern Ireland. Alternatively, if a UK notified body conducts such assessment, a “UKNI” mark will be applied, and the device may only be placed on the market in Northern Ireland and not the EU.

Privacy and Fraud and Abuse Compliance

Health Insurance Portability and Accountability Act and State Data Privacy Laws

Under the federal Health Insurance Portability and Accountability Act of 1996, or HIPAA, as amended through the Health Information Technology for Economic and Clinical Health Act, or HITECH, the United States Department of Health and Human Services, or HHS, has issued regulations to protect the privacy and security of protected health information used or disclosed by covered entities, which include health care providers, such as us. HIPAA also regulates standardization of data content, codes and formats used in health care transactions and standardization of identifiers for health plans and providers. Among the implementing regulations, covered entities are vicariously liable for violations of HIPAA resulting from acts or omissions of their business associates where the business associate is an agent of the covered entity and was acting within the scope of its agency, regardless of whether the covered entity and business associate entered into a business associate agreement in compliance with HIPAA. Penalties for violations of HIPAA regulations include civil and criminal penalties.

We have developed and implemented policies and procedures designed to comply with HIPAA’s privacy, security, and breach notification requirements. We may not use or disclose protected health information in any form, including electronic, written, or oral, in a manner that is not permitted under HIPAA, and we are required to implement security measures to ensure the confidentiality, integrity, and availability of the electronic protected health information that we create, receive, maintain, or transmit. While we have some flexibility in determining which security safeguards are reasonable and appropriate to implement for our operations, it nonetheless requires significant effort and expense to ensure continuing compliance with the HIPAA security rule. We are also required to comply with the administrative simplification standards under HIPAA when we conduct the electronic transactions regulated by HIPAA, including by using standard code sets and formats and standardized identifiers for health plans and providers. The requirements under HIPAA and its implementing regulations may change periodically and could have an effect on our business operations if compliance becomes substantially costlier than under current requirements.

In addition to federal privacy regulations, there are a number of state laws governing confidentiality of health information that are applicable to our business. In particular, we are subject to the California Confidentiality of Medical Information Act,

which is similar to but in some ways more restrictive than the HIPAA regulations, and the California Consumer Privacy Act, or CCPA, which was enacted in California in 2018 and substantially amended and expanded thereafter, most significantly by a ballot initiative adopted in November 2020 that enacted the California Privacy Rights Act, or CPRA. The CPRA amends and substantially expands the CCPA. The CCPA, among other things, requires covered companies to provide disclosures to California consumers concerning the collection and sale of personal information, and gives such consumers the right to opt-out of certain sales of personal information. The amendments to the CCPA that were adopted by ballot initiative include provisions creating a new category of “sensitive personal information” that is subject to more stringent protections than other personal information, and new requirements regarding sharing personal information for advertising purposes. In addition, the amendments established a new California Privacy Protection Agency, which has authority both to implement and enforce the CCPA. The new agency adopted implementing regulations that went into effect in March 2023. At the same time, other states, including Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia, have enacted laws similar to the CCPA/CPRA, and other states are expected to follow suit. Monitoring the development, enactment and implementation of these laws and regulations issued pursuant to them adds to our compliance costs and we face penalties if we fail to adopt comprehensive compliance measures, including documenting the steps we have taken to comply.

EU and UK Data Protection Regime

The processing of personal data, including patients’ personal health data, in the European Economic Area, or EEA, and the UK is governed by the General Data Protection Regulation, or the GDPR. The GDPR applies to any company established in the EEA and to companies established outside the EEA that process personal data in connection with the offering of goods or services to data subjects in the EEA or the monitoring of the behavior of data subjects in the EEA. The GDPR enhances data protection obligations for data controllers of personal data, including inter alia stringent requirements relating to lawful and legitimate basis and purposes for the processing of personal data, the consent of data subjects, expanded disclosures about how personal data is used, requirements to conduct privacy impact assessments for “high risk” processing, limitations on retention of personal data, appointment of data protection officers, conclusion of data processing agreements, mandatory data breach notification and “privacy by design” requirements, and creates direct obligations on service providers acting as data processors.

The GDPR also imposes strict rules on the transfer of personal data outside of the EEA to countries that do not ensure an adequate level of protection. Previously, one such data transfer mechanism was the EU-US Privacy Shield, but the Privacy Shield was invalidated for international transfers of personal data in July 2020 by the Court of Justice of the European Union, or CJEU. Following the CJEU’s decision and an executive order issued by President Biden on October 7, 2022, The European Commission announced in July 2023 that it had adopted a new adequacy decision with respect to the United States under a new regulatory structure known as the EU-US Data Privacy Framework. Separately, the CJEU upheld the validity of standard contractual clauses, or SCCs, as a legal mechanism to transfer personal data, but companies relying on SCCs are subject to additional guidance from regulators in the EEA and need to evaluate and implement supplementary measures that provide privacy protections additional to those provided under SCCs.

Failure to comply with the requirements of the GDPR and the related national data protection laws of the EEA Member States may result in fines up to €20 million or 4% of a company’s global annual revenues for the preceding financial year, whichever is higher. Moreover, the GDPR grants data subjects the right to claim material and non-material damages resulting from infringement of the GDPR. In June 2021, the CJEU issued a ruling that expanded the scope of the “one stop shop” under the GDPR. According to the ruling, the competent authorities of EU member states may, under certain strict conditions, bring claims to their national courts against a company for breaches of the GDPR, including unlawful cross-border processing activities, even if such company does not have an establishment in the EU member state in question and the competent authority bringing the claim is not the lead supervisory authority.

In addition, further to the UK’s exit from the EU on January 31, 2020, the UK’s European Union (Withdrawal) Act 2018 incorporated the GDPR (as it existed on December 31, 2020, but subject to certain UK-specific amendments) into UK law, referred to as the UK GDPR. The UK GDPR and the UK Data Protection Act 2018 set out the UK’s data protection regime, which is independent from but aligned to the EU’s data protection regime. Non-compliance with the UK GDPR may result in monetary penalties of up to £17.5 million or 4% of worldwide revenue, whichever is higher. With respect to transfers of personal data from the EEA to the UK, on June 28, 2021, the European Commission issued an adequacy decision in respect of the UK’s data protection framework, enabling data transfers from EU member states to the UK to continue without requiring organizations to put in place contractual or other measures in order to lawfully transfer personal data between the territories. While it is intended to last for at least four years, the European Commission may unilaterally revoke the adequacy decision at any point, and, if this occurs, it could lead to additional costs and increase our overall risk exposure.

Other Privacy Laws

Laws governing privacy may continue to be adopted in the future from time to time. We have taken steps to comply with health information privacy requirements to which we are aware that we are subject. For example, the Personal Information Protection Law, or PIPL, was implemented in China, and broadly regulates the processing of personal information and imposes compliance obligations and penalties comparable to those of the GDPR. However, we can provide no assurance that we are or will remain in compliance with diverse privacy requirements in all of the jurisdictions in which we do business. Failure to comply with privacy requirements could result in civil or criminal penalties, which could have a materially adverse effect on our business.

Corporate Practice of Medicine

Numerous states, including California, New York and Texas, have enacted laws prohibiting corporations such as us from practicing medicine and employing or engaging physicians to practice medicine. These laws are designed to prevent interference in the medical decision-making process by anyone who is not a licensed physician. This prohibition is generally referred to as the prohibition against the corporate practice of medicine. Violation of this prohibition may result in civil or criminal fines, as well as sanctions imposed against us or the professional through licensing proceedings. The pathologists who review and classify thyroid FNA cytopathology results for Afirma are employed by Thyroid Cytopathology Partners, or TCP, a Texas professional association, pursuant to services agreement between us and TCP. Pursuant to the agreement, we pay TCP a monthly fee on a per FNA basis, and TCP manages and supervises the pathologists who perform the cytopathology services as a component of the Afirma solution.

Federal and State Physician Self-Referral Prohibitions

We are subject to the federal physician self-referral prohibitions, commonly known as the Stark Law, and to similar restrictions under the self-referral prohibitions of certain states in which we operate, including California's Physician Ownership and Referral Act, or PORA. Together these restrictions generally prohibit us from billing a patient or any governmental or private payer for any diagnostic services when the physician ordering the service, or any member of such physician's immediate family, has an investment interest in or compensation arrangement with us, unless the arrangement meets an exception to the prohibition.

Both the Stark Law and PORA contain an exception for compensation paid to a physician for personal services rendered by the physician meeting certain contractual requirements. We have compensation arrangements with a number of physicians for personal services, such as speaking engagements and consulting activities. We have structured these arrangements with terms intended to comply with the requirements of the personal services exception to Stark and PORA.

However, we cannot be certain that regulators would find these arrangements to be in compliance with Stark, PORA or similar state laws. We would be required to refund any payments we receive pursuant to a referral prohibited by these laws to the patient, the payer or the Medicare program, as applicable.

Sanctions for a violation of the Stark Law include the following:

•denial of payment for the services provided in violation of the prohibition;

•refunds of amounts collected by an entity in violation of the Stark Law;

•a civil penalty of up to $15,000 for each service arising out of the prohibited referral;

•possible exclusion from federal healthcare programs, including Medicare and Medicaid; and

•a civil penalty of up to $100,000 against parties that enter into a scheme to circumvent the Stark Law's prohibition.

These prohibitions apply regardless of the reasons for the financial relationship and the referral. No finding of intent to violate the Stark Law is required for a violation. In addition, knowing violations of the Stark Law may also serve as the basis for liability under the Federal False Claims Act which prohibits knowingly presenting, or causing to be presented, a false, fictitious, or fraudulent claim for payment to the United States Government.

Further, a violation of PORA is a misdemeanor and could result in civil penalties and criminal fines. Finally, other states have self-referral restrictions with which we have to comply that differ from those imposed by federal and California law. While we have attempted to comply with the Stark Law, PORA and similar laws of other states, it is possible that some of our

financial arrangements with physicians could be subject to regulatory scrutiny at some point in the future, and we cannot provide assurance that we will be found to be in compliance with these laws following any such regulatory review.

Federal and State Anti-Kickback Laws

The federal Anti-kickback Statute makes it a felony for any person or entity, including a laboratory, to knowingly and willfully offer, pay, solicit or receive remuneration, directly or indirectly, in exchange for or to induce either the referral of an individual, or the furnishing, arranging for, or recommending of an item or service that is reimbursable, in whole or in part, by a federal health care program. A violation of the Anti-kickback Statute may result in imprisonment for up to ten years and criminal fines of up to $100,000. Convictions under the Anti-kickback Statute result in mandatory exclusion from federal health care programs for a minimum of five years. In addition, HHS has the authority to impose civil assessments and fines and to exclude health care providers and others engaged in prohibited activities from Medicare, Medicaid and other federal health care programs. Actions which violate the Anti-kickback Statute can also lead to liability under the Federal False Claims Act, which prohibits, among other things, knowingly presenting, or causing to be presented, a false or fraudulent claim for payment to the United States Government.

Although the federal Anti-kickback Statute applies only to federal health care programs, a number of states, including California, have passed statutes substantially similar to the Anti-kickback Statute pursuant to which similar types of prohibitions are made applicable to all other health plans and third-party payers. California's fee-splitting and Anti-kickback Statute, Business and Professions Code Section 650, and its Medi-Cal Anti-kickback statute, Welfare and Institutions Code Section 14107.2, have been interpreted by the California Attorney General and California courts in substantially the same way as HHS and the courts have interpreted the federal Anti-kickback Statute. A violation of Section 650 is punishable by imprisonment and fines of up to $50,000. A violation of Section 14107.2 is punishable by imprisonment and fines of up to $10,000.

Federal and state law enforcement authorities scrutinize arrangements between health care providers and potential referral sources to ensure that the arrangements are not designed as a mechanism to induce patient care referrals or induce the purchase or prescribing of particular products or services. The law enforcement authorities, the courts and Congress have also demonstrated a willingness to look behind the formalities of a transaction to determine the underlying purpose of payments between health care providers and actual or potential referral sources. Generally, courts have taken a broad interpretation of the scope of the Anti-kickback Statute, holding that the statute may be violated if merely one purpose of a payment arrangement is to induce or reward referrals or purchases.

The federal Anti-kickback Statute includes statutory exceptions and provides for a number of regulatory safe harbors. If an arrangement meets the provisions of a safe harbor, it is deemed not to violate the Anti-kickback Statute. An arrangement must fully comply with each element of an applicable safe harbor in order to qualify for protection. Many state anti-kickback statutes have analogous exceptions or safe harbors to those of the federal Anti-kickback Statute. These state anti-kickback statutes have generally been interpreted consistently with the Anti-kickback Statute.

Among the safe harbors that may be relevant to us is the discount safe harbor. The discount safe harbor potentially applies to discounts provided by providers and suppliers, including laboratories, to physicians or institutions. If the terms of the discount safe harbor are met, the discounts will not be considered prohibited remuneration under the Anti-kickback Statute. California does not have a discount safe harbor. However, as noted above, Section 650 has generally been interpreted consistent with the Anti-kickback Statute.

The personal services safe harbor to the Anti-kickback Statute provides that remuneration paid for personal services will not violate the Anti-kickback Statute provided all of the elements of that safe harbor are met. Our personal services arrangements with some physicians and other parties may not meet each requirement of this safe harbor. Failure to meet the terms of this, or any other, safe harbor does not necessarily render an arrangement illegal. Rather, the government may evaluate such arrangements on a case-by-case basis under the language of the statute, taking into account all facts and circumstances.

While we believe that we are in compliance with the Anti-kickback Statute, Section 650, and Section 14107.2, there can be no assurance that our relationships with physicians, academic institutions and other customers or parties will not be subject to investigation or challenge under such laws. If imposed for any reason, sanctions under the Anti-kickback Statute, Section 650, or Section 14107.2 could have a negative effect on our business.

Other Federal and State Fraud and Abuse Laws

In addition to the requirements discussed above, several other health care fraud and abuse laws could have an effect on our business. For example, provisions of the Social Security Act permit Medicare and Medicaid to exclude an entity that charges the federal health care programs substantially in excess of its usual charges for its services. The terms "usual charge" and "substantially in excess" are ambiguous and subject to varying interpretations, though the HHS’ Office of the Inspector General, or HHS-OIG, has provided some guidance on the topic.

Further, the federal False Claims Act prohibits a person from knowingly presenting or causing to be presented a false or fraudulent claim to, making a false record or statement in order to secure payment from or retaining an overpayment by the federal government. In addition to actions initiated by the government itself, the statute authorizes actions to be brought on behalf of the federal government by a private party, known as a relator or commonly referred to as a whistleblower, having knowledge of the alleged fraud. Because the complaint is initially filed under seal, the action may be pending for some time before the defendant is even made aware of the action. If the government is ultimately successful in obtaining redress in the matter or if the relator succeeds in obtaining redress without the government's involvement, then the relator will receive a percentage of the recovery. Finally, the Social Security Act includes its own provisions that prohibit the filing of false claims or submitting false statements in order to obtain payment. Violation of these provisions may result in up to treble damages, substantial civil penalties, fines, imprisonment or combination of the above, and possible exclusion from Medicare or Medicaid programs. California has an analogous state false claims act applicable to all payers, as do many other states; however, we may not be aware of all such rules and statutes and cannot provide assurance that we will be in compliance with all such laws and regulations.

In general, in recent years United States Attorneys’ Offices have increased scrutiny of the healthcare industry, as have Congress, the Department of Justice, the HHS-OIG and the Department of Defense. These bodies have all issued subpoenas and other requests for information to conduct investigations of, and commenced civil and criminal litigation against, healthcare companies based on financial arrangements with health care providers, regulatory compliance, product promotional practices and documentation, and coding and billing practices. Whistleblowers have filed numerous qui tam lawsuits against healthcare companies under the federal and state False Claims Acts in recent years, in part because the whistleblower can receive a portion of the government’s recovery under such suits.

In addition, the Eliminating Kickbacks in Recovery Act of 2018, or EKRA, was enacted as part of the SUPPORT for Patients and Communities Act (P.L 115-271). This law prohibits the solicitation, receipt, payment or offering of any remuneration in return for referring a patient or patronage to a recovery home, clinical treatment facility, or laboratory for services covered by both government and private payers. EKRA also applies to the payment or offering of remuneration in exchange for an individual using the services of a recovery home, clinical treatment facility, or laboratory. To date, neither the Department of Justice nor HHS has issued guidance further interpreting or implementing EKRA.

Finally, under PAMA, laboratories are required to report to CMS the private payer payment rates and test volumes paid by private payers based on final payments made during a specific “data collection period.” The PAMA review cycle was recently revised in the 2026 Consolidated Appropriations Act. This data reporting requirement is triennial for most clinical diagnostic laboratory tests (annual for ADLTs), with the first PAMA data reporting period for CPT 81546 (Afirma GSC), CPT 81542 (Decipher Prostate), and CPT 0016U (Decipher Bladder) under the current triennial data reporting schedule expected to occur between May 1 through July 31, 2026 based on the data collection period of January 1 through June 30, 2025. This could result in updated reimbursement rates effective January 1, 2027 through December 31, 2029. When reporting data under PAMA, the President, CEO, or CFO of a reporting entity, or an individual who has been delegated authority to sign for, and who reports directly to, such an officer, must sign the certification statement and be responsible for assuring that the data provided are accurate, complete, and truthful, and meets all the required reporting parameters. Failure to report or misrepresentation or omission in reporting can result in civil penalties of up to $10,000 per day for each violation and other penalties. We believe we are in compliance with the PAMA reporting requirements, but there can be no assurance that our reporting practices will not be scrutinized under the PAMA regulations.

International

Many countries in which we may offer any of our tests in the future have anti-kickback regulations prohibiting providers from offering, paying, soliciting or receiving remuneration, directly or indirectly, in order to induce business that is reimbursable under any national health care program. The IVDR prohibits (and the IVDD previously prohibited) the offer of inducements, particularly financial, that might influence the judgement of notified regulatory bodies and their personnel to carry out their conformity assessment activities. The IVDR does not address the question of inducements offered to healthcare

professionals or other third parties, though EU member states may implement their own national laws in this regard. For example, Sapin II is the French anti-corruption law, which imposes regulations to prevent and detect bribery and corruption through increased corporate transparency, reinforced internal monitoring, and enhanced whistleblower protection. In the UK, the 2002 Regulations do not address the question of inducements offered to healthcare professionals to prescribe, sell, supply or recommend use of a particular medical device or IVD or to offer the relevant device company any other benefit. These activities are, however, prohibited by the Bribery Act 2010, which provides general offenses relating to bribery and receiving a bribe.

In addition, the largest medical device manufacturer’s industry association, MedTech Europe, issues a Code of Business Practice, or the MedTech Code, which is obligatory for its member associations and member companies, and regulates their interactions with the medical community and other stakeholders. The MedTech Code prevents member companies from offering and providing educational grants to individual health care providers with certain exceptions and has phased out the provision of financial or in-kind support directly to individual health care providers to cover costs for their attendance at third-party organized educational events (with the exception of procedure training). It also sets out transparency obligations with regard to all interactions with health care providers, in terms of notification to the health care provider’s superiors or relevant health institutions before the interaction may take place, disclosure of payments (made as educational grants) and a centralized platform for the approval of conferences and other events.

In situations involving physicians employed by state-funded institutions or national health care agencies, violation of the local anti-kickback law may also constitute a violation of the United States Foreign Corrupt Practices Act, or FCPA. The FCPA prohibits any United States individual, business entity or employee of a United States business entity to offer or provide, directly or through a third party, including any potential distributors we may rely on in certain markets, anything of value to a foreign government official with corrupt intent to influence an award or continuation of business or to gain an unfair advantage, whether or not such conduct violates local laws. In addition, it is illegal for a company that reports to the SEC to have false or inaccurate books or records or to fail to maintain a system of internal accounting controls. We will also be required to maintain accurate information and control over sales and distributors' activities that may fall within the purview of the FCPA, its books and records provisions and its anti-bribery provisions.

The standard of intent and knowledge in FCPA anti-bribery cases is minimal -- intent and knowledge are usually inferred from that fact that bribery took place. The accounting provisions do not require intent. Violations of the FCPA's anti-bribery provisions for corporations and other business entities are subject to a fine of up to $2 million and officers, directors, stockholders, employees, and agents are subject to a fine of up to $250,000 and imprisonment for up to five years. Other countries, including other Organisation for Economic Co-operation and Development Anti-Bribery Convention members, have similar anti-corruption regulations.

When marketing our tests outside of the United States, we may be subject to foreign regulatory requirements governing human clinical testing, prohibitions on the import of tissue necessary for us to perform our tests or restrictions on the export of tissue imposed by countries outside of the United States or the import of tissue into the United States, and marketing approval. These requirements vary by jurisdiction, differ from those in the United States and may in some cases require us to perform additional pre-clinical or clinical testing. In many countries outside of the United States, coverage, pricing and reimbursement approvals are also required.

Human Capital

As of December 31, 2025, we had 755 employees. None of our employees are the subject of collective bargaining arrangements, and our management considers its relationships with employees to be good.

We pride ourselves on our strong culture, which encourages innovation, collaboration, and mutual respect. We were certified as a Great Place to Work in both the United States and Israel in 2025. This recognition is based solely on employee feedback gathered through an anonymous, third-party survey. Our core values across the company are: We are stronger together; We seek a better way; We care deeply; and We make it happen. Individual members of our leadership team have volunteered to sponsor each aspirational value to ensure the values are embedded into our culture.

Corporate and Other information

We were incorporated in Delaware as Calderome, Inc. in August 2006. Calderome, Inc. operated as an incubator until early 2008. We changed our name to Veracyte, Inc. in March 2008. Our principal executive offices are located at 6000 Shoreline Court, Suite 300, South San Francisco, California 94080, and our telephone number is (650) 243-6300. We

completed our initial public offering in October 2013, and our common stock is listed on The Nasdaq Global Market under the symbol “VCYT.”

Our website address is www.veracyte.com. Through a link on the Investor Relations section of our website, we make available the following filings as soon as reasonably practicable after they are electronically filed with or furnished to the Securities and Exchange Commission (SEC): our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K and any amendments to those reports filed or furnished pursuant to Section 13(a) or 15(d) of the Exchange Act. All such filings are available free of charge. The information posted on our website is not incorporated into this report. The SEC maintains a website that contains reports, proxy and information statements and other information regarding our filings at www.sec.gov.