The increasing availability of benchtop nucleic synthesis equipment paired with the rapid evolution of artificial intelligence (AI) capabilities raises concerns that malicious actors could clandestinely synthesize dangerous pathogens or toxins with biological-weapon potential. Current national and international regulatory mechanisms do not adequately address the rising biosecurity risks that accompany this development.
Instead of strengthening oversight, a May 5 White House Executive Order has created uncertainty over the status of a previously established framework on nucleic acid synthesis screening. The administration indicated that it would revise or replace the framework within 90 days. However, that deadline expired on August 3 without the issuance of new guidance thereby resulting in a lack of clarity regarding current standards. Policymakers need to act with greater urgency and care to tighten the transparent regulation of nucleic acid synthesis equipment.
Concerns over Nucleic Acid Synthesis
The synthesis or “printing” of nucleic acid sequences such as DNA or RNA strands is now an integral part of the biomedical field as it facilitates essential experiments that support the production of lifesaving drugs and therapies. Numerous companies offer online purchases of affordable and custom-made sequences. Over the past several years, the rapid evolution of enzymatic synthesis as a competitor to chemical synthesis is increasing the length of base pair sequences that can be synthesized while simultaneously shortening the production timeline and eliminating the need for hazardous chemicals in the process.
Despite the benefits of nucleic acid synthesis, the increasing availability heightens concerns about malicious actors exploiting this technology. In a 2017 study, experts were able to utilize legally purchased DNA segments to replicate the horsepox virus genome, a pathogen that is not harmful to humans but closely matches the successfully eradicated variola virus that causes smallpox. One expert noted that the “synthesis of infectious smallpox in the laboratory would require only a small team of scientists […] for as little as $100,000.” This underlines the clear dual-use research of concern (DURC) nature of nucleic acid synthesis technology.
The International Gene Synthesis Consortium (IGSC), an industry-led oversight body that sets standards for the voluntary screening of customers and purchases, did not raise alarms over orders placed for the experiment because sequences are only flagged when overlapping with select agents or toxins. Although smallpox sequences would be flagged or not even produced, IGSC estimated in 2017 that only 80% of the global commercial gene synthesis capacity is produced by IGSC members, thereby resulting in one fifth of production remaining unscreened. The Sequence Biosecurity Risk Consortium (SBRC) aims to extend screening capabilities for dangerous sequences by defining standards for so-called “sequences of concern”, which are meant to provide synthesis providers, policymakers, and scientific experts with clearer guidance on the biosecurity risks of respective sequences. However, participation remains voluntary.
Biosecurity risks of nucleic acid synthesis are further exacerbated by the evolution and integration of AI, which is facilitating a drastic expansion of biological design tools (BDT) in the form of technologies that allow for the engineering of new biological systems such as de novo pathogens.
For example, DeepMind’s AI technology “AlphaFold,” which predicts three dimensional protein structures from their amino acid sequences with high accuracy, could aid in engineering novel toxins that have a similar function but do not match the sequences of any known select agents. These concerns were emphasized by a recent study led by Microsoft researchers. The team utilized open-source AI tools to engineer new protein variants of known proteins of concern which successfully evaded synthesis screening procedures. Although the researchers collaborated with four synthesis providers to fill gaps in screening methods prior to publication, significant biosecurity risks remain. Consequently, a 2024 publication by biochemistry professor and Nobel laureate David Baker and Harvard genetics professor George Church emphasizes that “[s]creening sequences alone may not be sufficient because proteins generated through de novo design may have little or no sequence similarity to any natural proteins, complicating homology detection.”
Elevated Biosecurity Risks of Benchtop Devices
The introduction of advanced benchtop nucleic synthesis devices elevates this biosecurity risk to an unprecedented level as they allow for the local and autonomous printing of sequences by a device that is small enough to fit on a regular lab or kitchen counter. While chemical DNA synthesis benchtop devices have existed since the 1980s, advances over the past few years now allow for the enzymatic production of up to 120 base pairs, in comparison to the previously produced 50 single-stranded base pairs by chemical synthesis. This capacity is expected to continue rising in the upcoming years. The small size and independent capability to synthesize nucleic acid sequences significantly enhances dual-use concerns, particularly given the rise of biological design tools. As a result, the Nuclear Threat Initiative (NTI) writes that the rising availability of advanced benchtop equipment “has the potential to disrupt the centralized synthesis market and its associated biosecurity practices by driving DNA acquisition toward a more decentralized model.”
Even with the support of these advanced biotechnology systems, the creation of a biological weapon remains a challenging, complex, and multi-step procedure that requires extensive biological expertise. Yet given these rapid biotechnological developments, the timely introduction of extensive oversight procedures and guidelines is crucial to prevent even greater biosecurity threats in the future.
The Gap in Current Regulations
Despite this elevated risk, U.S. authorities have introduced limited regulatory requirements that are applicable to benchtop devices. One of the most noteworthy governmental efforts is the 2023 Health and Human Services Department (HHS) “Screening Framework Guidance for Providers and Users of Synthetic Nucleic Acids.” The guideline outlines recommended baseline standards and best practices that highlight the importance of limiting access to authorized personnel only, screening for malicious customers and sequences of concern, maintaining records of printed sequences, as well as implementing cybersecurity measures that prevent technical circumvention attempts.
Building on the guideline and the “Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence,” the Biden administration introduced a 2024 Framework for Nucleic Acid Synthesis Screening that guides “manufacturers of benchtop nucleic acid synthesis equipment […] to screen purchase orders to identify sequences of concern (SOCs) and assess customer legitimacy.”
While the framework introduced a requirement for recipients of federal research and development funds to purchase nucleic acid synthesis sequences from providers who adhere to HHS’s “best practices,” it did not establish mandatory guidelines for providers, manufacturers, or customers that are not conducting federally funded research. In that regard, it merely emphasized that “broader use of the framework is encouraged.”
The requirements for federally funded research were set to take effect on April 26, 2025. However, Section 4b of President Donald Trump’s May 5 “Improving the Safety and Security of Biological Research” Executive Order states that within 90 days (by August 3), a revised or replaced framework shall be introduced. Led by the director of the Office of Science and Technology Policy (OSTP), the new version intends to “implement comprehensive, scalable, and verifiable synthetic nucleic acid procurement screening mechanisms to minimize the risk of misuse.”
Despite the passing of the deadline, no new framework has been announced, thereby leading to uncertainty surrounding the implementation and enforcement of the 2024 OSTP framework. While the National Institutes of Health recently announced adherence to the 2024 version, other organizations indicate a halt on the implementation until new information is shared. The July 10 “America’s AI Action Plan” mentioned improved nucleic acid synthesis regulations as a recommended policy action in the field of biosecurity, yet no new binding regulations have been issued to date. While the intention to improve biosecurity standards in nucleic acid synthesis screenings can generally be viewed as a positive development, the current lack of transparently mandated standards reduces crucial regulatory oversight.
Despite several bill proposals, Congress has not stepped up to fill this regulatory gap. The 2023 “Securing Gene Synthesis Act” introduced by Sen. Ed Markey (D-Mass.) requires “the Department of Health and Human Services to issue regulations to prevent the misuse of de novo gene synthesis products (i.e., manufactured gene products), including screening protocols for providers of these products.” Similarly, the 2024 “Nucleic Acid Standards for Biosecurity Act” introduced by Rep. Yadira Caraveo (D-Co.) and cosponsor Rep. Richard McCormick (R-Ga.) and the 2023 “Gene Synthesis Safety and Security Act” by Sen. John W. Hickenlooper (D-Co.) and cosponsor Sen. Ted Budd (R-NC) aim at supporting nucleic acid screening procedures. None of these bills have moved past their initial introduction to Congress.
Currently, the only consistently applied regulations for benchtop devices are export controls. Partly or fully automated assemblers and synthesizers (capable of >1.5 kilobases) are listed on the Bureau of Industry and Security’s Interactive Commerce Control List (2B352j; 2D352), as well as on the Australia Group (AG) Control List (Item 10). Both lists also cover software capable of “designing and building functional genetic elements from digital sequence data”. According to an Institute for Progress report, however, manufacturers have already reported unwitting export violations.
Moving Forward
Given the decentralized nature of benchtop printing and the growing ability to create de novo pathogens, voluntary screening procedures that cover centralized online purchases and compare orders with a preexisting agent and toxin lists are insufficient. Benchtop devices must be subject to stricter security mechanisms both before and after a new device is purchased. In line with legal standards for medical devices, the Institute for Progress proposed that benchtop printers should be required to undergo a technical security certification prior to being introduced to the market.
Mandatory customer screening presents another crucial security feature that is necessary to reduce the threat of benchtop devices being acquired by malicious actors and could be achieved by requiring licensing or certification, as described in a 2023 NTI report.
In addition to pre-purchase security measures, oversight mechanisms and software must be installed that allow for the accurate screening of nucleic acid printing once a device is in use. For example, manufacturers could be required to equip printers with tamper-proof capabilities to guarantee that information relayed back to the manufacturer by the device cannot be altered. Additionally, information on each synthesized sequence printed by a benchtop system should be recorded in a central location and stored securely to allow for future cross-checks and identification of new sequences of concern.
Numerous screening tools that achieve 95% accuracy in identifying sequences already exist and should be made mandatory for benchtop devices. Nevertheless, continued technological improvements should be pursued to allow for the identification of potential de novo pathogens while also reducing the cost burden of introducing security measures for companies developing nucleic acid synthesis devices. To that end, NTI is working with the World Economic Forum to enhance screening capabilities through the development of databases and algorithms, developing improved customer screening guidelines, and integrating such “common mechanisms” into benchtop devices.
The reselling of benchtop devices presents another area of concern. Any sale or transfer of these devices should be subject to mandatory reporting to a government agency (e.g. HHS) in order to ensure continued compliance with customer regulations. A notable challenge for the reliability of such a framework is the verification of compliance by international actors outside of the United States. Reliable enforcement of export controls is crucial in this regard.
While voluntary and industry-led initiatives are meaningful, governmental regulations should be expanded to address this evolving biosecurity threat by means of mandatory policies. The timely introduction of a consistently enforced OSTP screening framework is crucial in this context. Investment in government bodies that can facilitate the necessary screening and oversight bodies should present another policy priority.
It is also important that states-parties to the Biological and Toxins Weapons Convention (BWC) focus their attention on the biosecurity challenges posed by benchtop nucleic synthesis work. The Ninth BWC Review Conference held in 2022 agreed to establish a follow-on working group to develop specific, possibly legally binding, measures to support international cooperation, scientific research, and economic and technological development for peaceful purposes. The Conference also decided to establish a mechanism to review and assess BWC-related scientific and technological developments and to provide states-parties with relevant advice. These discussions can and should examine how new safeguards might be established at both the national and international level to address the biosecurity risks posed by AI-enabled nucleic acid synthesis technology.
In the world of biotechnology, benchtop nucleic acid printing presents merely one example of a multitude of recent developments that lack sufficient oversight mechanisms. Policymakers in the United States and other leading biotech states should urgently address the increasing biosecurity risks that stem from rapid biotechnological advances and the application of artificial intelligence to biotechnology to ensure the health and security of not just the nation, but of the entire international community. – LENA KROEPKE