In a post last month I discussed two complementary frameworks for governing biological AI: the NTI/bio managed access framework for AI tools, and the Biosecurity Data Level (BDL) system proposed by Bloomfield et al. in Science. Both make a compelling case for tiered, proactive governance of biological data and models. They’re both great papers. Really. Go read them!

While reading the BDL proposal in the Science paper, I kept thinking: how would this have played out during the early days of the COVID-19 outbreak?

I imagine the BDL framework may have classified much of the early SARS-CoV-2 research data under restricted tiers. Functional studies mapping spike protein mutations to ACE2 binding affinity, cell entry efficiency, and antibody evasion are the kind of genotype-to-phenotype data the framework targets at BDL-3 or even BDL-4. Deep mutational scanning of spike receptor binding, pseudovirus neutralization assays, and serial passage experiments generating data on transmissibility and immune escape would all potentially trigger higher-tier controls.

To their credit, the authors anticipate this. The paper explicitly calls for exceptions during disease outbreaks, when real-time data are especially important for public health.

We recommend that governments establish diverse expert panels [that could] provide for relevant exceptions, such as lifting restrictions on relevant data during a disease outbreak, when real-time data are especially important to inform public health measures.

But the early months of a pandemic are exactly when this exception would be hardest to implement well. In January 2020 the scientific community didn’t yet know SARS-CoV-2 would become a pandemic. The first genome sequence was shared openly on January 10, before most governments had begun emergency responses. Within weeks, structural studies and functional characterization of ACE2 binding were underway globally. Vaccine design efforts at Moderna and BioNTech were already using these data to select candidates before the WHO declared a pandemic in March.

A BDL framework as proposed here would have required an expert panel to decide, in real time, whether an emerging respiratory virus of uncertain scope warranted lifting data restrictions, before the scale of the threat was clear, through committees that may not yet have convened. Even modest delays during this period could have slowed vaccine development, diagnostics, and the epidemiological modeling that informed early public health responses.

None of this is a criticism of the BDL framework. It’s thoughtful, and it’s concisely described in just 4 pages (really, it’s good! Just go read it). The authors are spot on that proactive governance beats reactive restrictions imposed in a crisis.

The COVID-19 experience illustrates a potential implementation challenge: the moments when open data access matters most are also the moments when the biosecurity case for restricting it is strongest. The BDL framework proposed here or one like it will need outbreak exception mechanisms that are fast and that don’t depend on bureaucratic deliberation while a deadly virus is spreading.

Bloomfield, ... & Pannu, J. (2026). Biological data governance in an age of AI. Science, 391(6785), 558-561. DOI: 10.1126/science.aeb2689.

⁂

The senior author on this paper, Jassi Pannu, was interviewed last week on the Cognitive Revolutions podcast. It’s a really nice interview, full of insightful commentary from Dr. Pannu on the current state of biosecurity and the proposed BDL framework. You can watch it here:

Or listen to it here: