After the turn of the century, the power of DNA sequencing technologies rose and their costs dropped just as synthetic biologists assembled into an identifiable community with a shared interest in engineering the genetic material of organisms.1 As oligonucleotide synthesis companies cropped up, users could order custom DNA sequences with a few clicks. While the scientific community celebrated the improved access to information and democratization of science, many biosecurity experts feared the effects of reduced barrier of entry for individuals seeking out genetic material with ill intent.2
The biosecurity risks associated with an unregulated industry became evident when, in 2006, a Guardian reporter successfully ordered parts of the smallpox genome through the mail. Although ordering the components of a pathogen is only one step in the difficult task of assembling a functional pathogen, it was a canary in the coal mine for the scientific community, and in particular, the DNA providers. It demanded a response.
Since then, industry consortia and government bodies have stepped up to fill this gap and provide guidance on how DNA providers can help prevent biosecurity risks through enhanced screening frameworks. However, to keep pace with the evolving landscape of rapid technology advancements and requests for guidance from industry, the government has updated its framework for providers of these services, but some experts in the field call for end-users, including institutions, to take on more responsibility when it comes to minimizing the biosecurity risks associated with these technologies.3,4
Aligning DNA Synthesis with Security
Jean Peccoud, a synthetic biologist at Colorado State University, is interested in the security implications of synthetic biology.
Tim Gillies
Back in 2008, Jean Peccoud, currently a synthetic biologist at Colorado State University, was working at Virginia Tech when he received an unexpected and alarming message. He recalled, “I got an email from the FBI saying that I was invited to attend a meeting in San Francisco and my first reaction was, ‘Oh what did I do?’”
Curious about what they had to say, Peccoud made the cross-country journey to attend the gathering. The FBI, seeing the writing on the wall with potential security issues around the synthesis of dangerous agents—often referred to as sequences of concern (SOCs)—organized the meeting to lay down lines of communication between stakeholders working across government, academia, and industry so that the community could anticipate new biosafety and biosecurity risks resulting from progress in synthetic biology and gene synthesis.
Although the government had published guidelines for researchers working with recombinant DNA technology, they had yet to provide any guidance that was specific to DNA synthesis companies or the recent advances in synthetic biology. In response to this gap, leaders in the nucleic acid synthesis industry took a step towards self-regulation. In 2009, they formed the International Gene Synthesis Consortium (IGSC) and established a harmonized screening protocol—which was updated in 2017—to be adopted by its members. Included in the framework was sequence and customer screening, record keeping, and guidelines for flagging potentially problematic orders to authorities.
“The DNA synthesis community, they understand all of these risks and they want to have solutions,” said Max Ryadnov, a chemist at the National Physical Laboratory. “The governments around the world, they’re very slow.”
Although they were one step behind industry, the Department of Health and Human Services (HHS) soon published a draft of their nucleic acid screening guidelines for DNA providers, followed by the final version of the guidance in 2010. It aimed to minimize the risk of individuals looking to exploit current systems and order genetic material derived from or encoding toxins or agents of concern. It provided a framework for screening customers and 200 base pair or longer double-stranded DNA sequences that included collecting information about the user and their intent.
Like the IGSC, the goal of government was, and still is, to minimize risk and maximize innovation; they are aware of the potential dangers of expanding DNA synthesis technologies but also bullish about the benefits that biotechnology can bring to human health and the US economy.
The HHS guidelines—not to be confused with regulations—were voluntary and some experts in the field had concerns about the screening methodology.
“I didn’t think that anybody had actually tested and implemented the bioinformatics screen that they were talking about,” said Peccoud. So, he wrangled a team of undergraduate researchers who were enrolled in the International Genetically Engineered Machine competition to do just that. In 2011, they published their report on the strengths and weaknesses of the HHS draft guidance.5 The strategy put forth by the HHS, dubbed the “Best Match” approach, flags only the top match from a database of known sequences (such as the National Institutes of Health’s GenBank). In contrast, IGSC members adopted a “Top Homology” approach that required a human to manually assess the complete list of hits for potential biosecurity threats. Although the federal protocol suggested a higher-resolution screen than the consortia was using and provided a defined criteria for identifying hits, the automatic classification of a single hit was limiting. Although the 2010 HHS guidance acknowledged the scientific community’s criticism of the “Best Match” approach, the guidance stated that it would be difficult to develop a clear and consistent set of criteria for determining when an order should receive additional review from a human screener.
In their correspondence, Peccoud and his team also noted that customers are more likely to order shorter oligonucleotide sequences, which fall outside of the guidance, and that databases used for screening only contain known toxins and SOCs; current bioinformatic screens check whether the sequenced material is known to be infectious. “This is not the right question,” said Peccoud, noting that something much more dangerous can arise from the combination of independently innocuous sequences that become dangerous through their interactions.
Recently, Peccoud’s team built a plasmid that included a 12kb computer-generated DNA sequence. When they compared this sequence to content in the GenBank database, the BLAST search algorithm did not return anything because the computer-generated sequence did not have any homology to any biological sequence. “Is that really the right way to look at it?” Peccoud posed. “If you have 12kb of DNA sequences in a plasmid and you have absolutely no information about that, that’s the one that you should actually be losing sleep over.”
An Evolving Biosecurity Landscape
In 2023, the 13-year-old HHS screening framework finally received a touchup. The new guidance, aiming to address advances in synthetic biology, broadened its definition of SOCs and introduced a smaller screening window of 50 nucleotides. Also included in the document are best practices for manufacturers of benchtop nucleic acid synthesis equipment.
Benchtop synthesizers are a relative newcomer to the synthetic biology community. Companies working in this space hope to democratize DNA synthesis, but some worry that this change to the commercial landscape of synthetic nucleic acids could lead to even less oversight. “It’s a genie out of a bottle,” said Ryadnov. But he noted that many companies working in this space are evolving screening frameworks, not only because it is the right thing to do, but also because they are financially motivated to identify and counteract potential Achilles heels in their workflows.
Thomas Ybert is a cofounder and chief executive officer at DNA Script, a company that developed the first commercially-available DNA printer driven by enzymatic DNA synthesis.
DNA Script
Thomas Ybert, cofounder and chief executive officer at DNA Script, a biotechnology company that develops DNA printers, said, “Biosecurity for us is a very important topic.” Ybert explained that they not only screen sequences and customers, but also use a closed-loop system: Approved customers can only use their printer system with DNA Script kits and reagents. This is in line with HHS guidance to install safeguards on such equipment to ensure that only legitimate customers with legitimate uses can synthesize SOCs. He added, “We are bringing a complete shift into how this could be controlled in the future.” DNA Script is also a member of the IGSC.
The much-anticipated updates to the HHS framework last fall were only in the limelight for a couple of weeks before President Biden’s administration issued their “Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.” As part of a broader action on artificial intelligence (AI) and the economy, the directive highlighted the biosecurity risks that could arise at the intersection of AI and synthetic biology. A leading concern is that AI models could be modified to make it easier for nonexperts to design, synthesize, and acquire synthetic content that could pose a biosecurity risk.
Still, the guidance and frameworks set out by the HHS and White House remain voluntary and largely target providers and manufacturers. Companies that do not join the IGSC are not beholden to their screening framework, leaving gaps in security and oversight. This has led to calls for Congress to adopt formal legislation on screening. In 2023, Senator Ed Markey (D-MA) and representative Anna Eshoo (D-CA) introduced the Securing Gene Synthesis Act to their respective chambers. The bill aims to require the HHS to introduce a regulation to “reduce the risks in gene synthesis products, and for other purposes” and requires DNA providers to implement beefed-up screening protocols—which many are already doing voluntarily—and any entity receiving federal research funding to procure nucleus acid synthesis products from verified vendors.
Sarah Carter is an independent science policy consultant based in Washington DC. She advises nonprofit organizations and think tanks on biotechnology and the bioeconomy.
Sarah Carter
Although there are calls to pass legislation that mandates screening, Sarah Carter, an independent science policy consultant, said that she doesn’t consider screening to be voluntary at this point in the US. “It’s true that the framework is not regulatory, but the federal funding requirement is huge,” said Carter. As directed by the executive order, in April 2024 the Office of Science and Technology Policy (OSTP) published their “Framework for Nucleic Acid Synthesis Screening” to encourage synthetic nucleic acid providers to implement robust screening mechanisms. It stated that, starting in October of 2024, recipients of federal research funding will be required to procure synthetic nucleic acids only from providers that follow these recommendations. Carter noted that nearly every life sciences institution in the US receives some federal funding. Therefore, companies that want to do business in the US will have to comply with the OSTP framework. According to Carter, this form of oversight through federal funding requirements is not unusual in the life sciences. Even biosafety requirements are not regulatory unless researchers are working specifically with select agents, animals, or human subjects. However, institutes receiving federal funding must have an Institutional Biosafety Committee that provides review and oversight of research using recombinant or synthetic nucleic acid molecules.
The Role of the Institution in Biosecurity
When it comes to biosecurity measures, Carter likened it to the Swiss cheese model, adding, “Each layer of cheese might have big holes in it, but altogether maybe they would have pretty good coverage.” At the moment, most of the guidance for determining and monitoring uses and users has targeted providers, but experts argue that institutions and individual research labs could, and should, take a more active role in improving biosecurity.
While sequence screening is a clear and obvious target when it comes to mitigating biosecurity risks, it is not the only avenue available. “Customer screening is almost a more important piece of this,” said Carter. She noted that when a sequence is flagged as a match for pathogen or toxin DNA, companies will check the customer and it’s almost always for legitimate uses. “But that determination about what is a legitimate customer [and] what is the legitimate use of pathogen or toxin DNA—those are questions that we don’t have a solid consensus about,” she added.
“The institutions really haven’t participated very much at all in trying to figure out legitimate customers [and] legitimate use of these things,” said Carter. Oversight and screening are largely targeted to the principal investigators tied to the funding and research project, but once procured, the products resulting from synthesis can pass through many hands. Carter noted that the institution’s biosafety officers already have a lot of responsibilities on their plates, but she said, “There should be some kind of role for the institution and helping to ensure that kind of biosecurity oversight.”
Peccoud also noted a need for more end-user responsibility. “For some reason that totally eludes me, when gene synthesis came along, the government decided that it was the gene synthesis company’s responsibility to screen the orders,” said Peccoud. “Yes, they have some responsibility in the process, but I think that the customer actually has more responsibility.”
The HHS’s 2023 framework does address the role of customers, namely institutions and users, in the oversight of SOCs and benchtop DNA synthesis devices. The document says that institutions should aim to ensure that benchtop synthesizers are only operated by approved users, and it “encourages” the use of contracts, such as Material Transfer Agreements, to record SOC transfers.
“That was a really useful and good direction and I hope that doesn’t get lost,” said Carter, who recently coauthored a report by the Nuclear Threat Initiative that explores the biosecurity implications of benchtop DNA synthesis devices. The report provides recommendations for both benchtop synthesis device manufacturers and governments.
“DNA synthesis is a critical bottleneck, and it’s a critical place where we do need good biosecurity oversight, but we need a lot more layers and many more areas where we have these checks, because as good as we can make DNA synthesis screening, it’s not going to be perfect and it’s going to have flaws, and we need other ideas as well in that space.”
Although a lot of biosecurity work focuses on the intentional or accidental misuse of biotechnologies, Carter noted that, “It’s really important when you do that kind of work to remember that all of these tools are used for good—and they are overwhelmingly used for good—so when you’re thinking about ways to reduce those risks, you have to really make sure that you don’t lose those benefits.”