Creating Enforceable Biosecurity Standards for Nucleic Acid Providers
A new paper from Raytheon BBN and IBBIS: Sometimes “good enough” consensus today beats waiting for perfect clarity that may never come.
Jacob Beal (Raytheon BBN Technologies) and Tessa Alexanian (International Biosecurity and Biosafety Initiative for Science) published a paper late last year:
Beal J. and Alexanian, T. 2025. “Creating Enforceable Biosecurity Standards for Nucleic Acid Providers,” Engineering Biology: e70003. https://doi.org/10.1049/enb2.70003.
The DNA synthesis industry faces a collective action problem: responsible companies that screen orders for biosecurity risks invest time and money into safety measures, while less scrupulous competitors can undercut them on price and speed by skipping these checks. This paper proposes a roadmap out of this dilemma through industry led development of enforceable standards.
Two decades of advocacy have not yet produced the institutional capacity to build and maintain such a database within any government, and we know of no current effort ongoing to build one in at least the USA, UK, or EU.
Rather than waiting for governments to define every “sequence of concern”1 from scratch (something decades of advocacy has failed to produce) the authors propose that industry stakeholders work together to establish what they can agree on right now. Their Sequence Biosecurity Risk Consortium (SBRC) categorizes sequences into three groups: clearly benign (no flag), clearly dangerous (flag), and disputed or uncertain. By explicitly acknowledging the gray area, they reduce liability for responsible actors while enabling enforcement on sequences where consensus exists.
The International Gene Synthesis Consortium’s (IGSC) analysis of screening test sets shows that experts already agree on risk assessment for roughly 76% of sequences, with only 5% actively disputed. The remaining sequences are simply too poorly studied to categorize confidently. Rather than letting disagreement over that final 5-25% paralyze the entire system, the SBRC approach allows enforcement on the clear cases while research continues on the rest.
The paper outlines an ambitious three-phase roadmap for the United States, leveraging the May 2025 Executive Order on biological research safety.2 Phase 1 focuses on verifying minimal compliance, i.e. essentially proving that screening systems exist and function at a basic level. Phase 2 strengthens these requirements to ensure actual biosecurity effectiveness, incorporating comprehensive standards for both sequence and customer screening. Phase 3 aims for continuous improvement, including customer preapproval systems and anomaly reporting mechanisms similar to those used in aviation safety.
The approach attempts to align incentives at each stage of adoption. Early adopters (screening tool developers and major synthesis companies) are already participating because they see strategic value. The “early majority” will follow once certification provides competitive advantage and reduces regulatory uncertainty. Government enforcement becomes less risky once this critical mass has adopted standards voluntarily, and the early adopters actually benefit from enforcement that levels the playing field against laggards.
The authors emphasize that standards must be industry-led for several reasons. Governments lack the institutional capacity for systematic sequence-level risk assessment. Security-focused policymakers tend toward conservative standards that might stifle legitimate research. Synthesis is a global industry but regulation remains national: overly stringent early standards could encourage “provider shopping” across borders.
Once the early majority has voluntarily adopted standards, it de-risks enforceable regulation from the government, and indeed the early adopters and early majority become incentivised to support enforceable regulation, as it now becomes a competitive advantage for them and a disadvantage for their competitors who have been neglecting biosecurity.
Some challenges remain underexplored in the paper. Customer screening standards are acknowledged as less mature than sequence screening, with decision-making about customer legitimacy involving “non-automated engagement between humans.” The roadmap’s timeline assumes coordination across synthesis providers, screening tool developers, certification bodies, and multiple government agencies. International harmonization receives appropriate emphasis but limited concrete detail.
Still, this represents a strong proposal for making DNA synthesis screening both effective and enforceable. By September 2025, the SBRC had already released its first “enforcement ready” standards covering pandemic-potential viruses and regulated toxins. Voluntary third-party testing became available in October 2025. The machinery is in motion.
The broader lesson extends beyond biosecurity: when voluntary guidelines fail to achieve universal adoption despite broad agreement on their necessity, the path forward may require industry to formalize what they can agree on, making enforcement both feasible and beneficial for responsible actors.
See two papers from my colleagues at my former employer, Signature Science, led by Gene Godbold: (1) Godbold, Gene D., et al. “The Case for Limiting “Sequences of Concern” to Those with Demonstrated Pathogenic Function.” Applied Biosafety (2025); (2) Godbold, Gene D., et al. “Categorizing sequences of concern by function to better assess mechanisms of microbial pathogenesis.” Infection and immunity 90.5 (2022): e00334-21. See also a more recent preprint from a group of well-known biosecurity experts, including the two authors of the paper discussed in this post: Alexanian T, Beal J, et al. "Developing a Standard Definition for Sequences of Concern." bioRxiv (2026): 2026-03.
The White House, Executive Order on Improving the Safety and Security of Biological Research, (May 2025) EO 14292. “[E]nsure it takes a commonsense approach and effectively encourages providers of synthetic nucleic acid sequences to implement comprehensive, scalable, and verifiable synthetic nucleic acid procurement screening mechanisms to minimise the risk of misuse. … To ensure compliance, the updated Framework shall incorporate the enforcement mechanisms described [elsewhere in the Order].
It was an unexpected but pleasant surprise to see a paper I wrote appear in my inbox earlier this week; thank you for all of your paper writeups, I find them quite useful!
You're right that the customer screening side was a bit undercooked in that paper. Sarah Carter and I wrote up a few more thoughts on Customer Screening late last year (whitepaper summarized / linked here: https://ibbis.bio/translating-customer-screening-guidance-into-practical-tools/) and EBRC and IBBIS now working on an enforceable minimal KYC standard... it also feels like early days with tools like Cliver (recent preprint: https://www.biorxiv.org/content/10.64898/2026.02.27.708645v1), TwentyTwo, and Aclid's expanded KYC support; providers increasingly don't have to DIY that part of the screening process, which I think makes it reasonable to ask for higher standards.