Guidelines for Nucleic Acid Synthesis Screening in Europe
- 4 days ago
- 10 min read
Updated: 3 days ago
A Policy Brief for Strengthening Biosecurity and Competitiveness Across the European Union
Executive Summary Synthetic biology and AI-enabled biological design tools are advancing rapidly, making it easier than ever to design and synthesise complex nucleic acid sequences—including those that pose serious biosecurity risks. As these technologies become more accessible and decentralised, the European Union faces a governance gap: without harmonised screening requirements, pathogenic or otherwise dangerous sequences could be acquired or inadvertently generated with minimal oversight. The EU Biotech Act, formally proposed in December 2025, offers a timely framework to address this challenge. Chapter VIII of the Act—covering Biodefence and Preventing Biotechnology Misuse—provides the legal foundation for mandatory Nucleic Acid Synthesis Screening across the EU. This brief sets out workable recommendations for turning that foundation into enforceable, coordinated policy. The core proposal is a two-component screening system:
Implemented through implementing and delegated acts, and aligned with international standards including ISO 20688-2:2024 and the IGSC Harmonized Protocol, this system can be both proportionate and innovation-compatible. Key recommendations include establishing EU-wide minimum screening requirements covering DNA and RNA orders of 50 base pairs or more; launching a centrally managed, securely accessible Sequences of Concern database under Commission oversight; introducing benchtop synthesiser integration requirements; and providing targeted support—particularly for SMEs—to make compliance feasible across the market. With several major jurisdictions already moving towards mandatory screening frameworks, the window for the EU to shape global norms is narrow. Early, well-designed action will position Europe as a trusted leader in biotechnology governance—and help ensure that the promise of synthetic biology is not undermined by preventable biosecurity failures. |
Overview
Following the adoption of the EU Biotech Act (Regulation establishing a framework of measures for strengthening the Union's biotechnology and biomanufacturing sectors), formally proposed by the European Commission on December 16, 2025, the European Union has a unique opportunity to advance biosecurity and consolidate its leadership in the governance of emerging biotechnologies.
This policy brief lays out workable recommendations for EU institutions and Member States to implement Chapter VIII (Biodefence and Preventing Biotechnology Misuse) of the EU Biotech Act through Nucleic Acid Synthesis Screening—two complementary controls: (i) Know Your Customer (KYC) protocols and (ii) sequence screening against Sequences of Concern (SOCs). We present these controls as practical tools that balance proportionality, innovation-compatibility, and alignment with international standards (ISO 20688-2:2024 and IGSC Harmonized Protocol).
The EU Biotech Act offers a comprehensive framework that can accelerate biotechnology innovation while tackling biosecurity concerns. Chapter VIII sets out provisions for screening, verification of legitimate need, reporting and tracking suspicious transactions of biotechnology products of concern listed in Annex I, backed by enforcement mechanisms that ensure compliance. This policy brief proposes embedding screening requirements through implementing acts for technical specifications and delegated acts while staying aligned with existing frameworks including Regulation (EU) 2021/821 on dual-use items (which already includes controls on sensitive biotechnological equipment following Delegated Regulation (EU) 2024/2547), Directive (EU) 2022/2555 (NIS2), and GDPR.
As synthetic biology and AI-enabled biological design tools spread, Nucleic Acid Synthesis Screening is becoming a global best practice and an essential component of responsible biotechnology governance. The EU needs a clear plan for operationalization—one that's feasible, harmonized across Member States, and capable of reinforcing public trust while supporting innovation. Without such harmonization, the EU risks regulatory fragmentation, competitive disadvantages, and avoidable security vulnerabilities.
Why Screening Matters
Synthetic nucleic acids now underpin scientific and industrial progress. They drive vaccine development, personalized medicine, industrial biomanufacturing, sustainable agriculture and environmental monitoring. At the same time, the technologies used to design and synthesize DNA and RNA—including benchtop synthesizers, cloud-based design platforms and AI-enabled engineering tools—are getting increasingly accessible and decentralized.
While these advances expand Europe's bioeconomic potential, they also raise exposure to dual-use risks—including risks that fall squarely within the scope of "biotechnology products of concern" outlined in the proposed EU Biotech Act.
Without Nucleic Acid Synthesis Screening, pathogenic sequences, regulated toxins or harmful biological functions might be acquired by malicious actors, or inadvertently generated through AI design tools lacking embedded biosecurity safeguards. The accelerating convergence between synthetic biology and AI magnifies this concern by letting individuals with limited expertise design complex biological constructs quickly and with minimal oversight.
In this context, Nucleic Acid Synthesis Screening serves as a critical safeguard. Customer verification ("Know Your Customer") makes sure that orders come from legitimate, identifiable users, while sequence screening flags whether ordered DNA or RNA matches sequences of concern. Together, these measures create a protective checkpoint before synthesis occurs and help build in norms of responsible innovation across the bioeconomy.
The Role and Functions of an EU-Wide Nucleic Acid Synthesis Screening System
The purpose of this policy brief isn't just to make the case for Nucleic Acid Synthesis Screening, but to spell out clear, feasible pathways for implementing it across the EU as practical tools to implement Chapter VIII of the EU Biotech Act. This includes guidance on aligning EU requirements with standards such as ISO 20688-2:2024 and the IGSC Harmonized Protocol, integrating screening into existing EU legislation, and setting up shared technical infrastructure that cuts costs and operational burdens.
A central element of the EU system should be a harmonized, securely managed EU Sequences of Concern (SOC) service under Commission oversight, providing a curated list with secure API access, tiered sensitivity levels, and robust access controls as a supporting tool for implementation of the Biotech Act's biosecurity provisions, informed by scientific advice from the Advisory Group on Biosecurity. This resource would offer a consistent reference for all providers, ensure legal clarity, and support interoperable screening practices across the 27 EU Member States. The Advisory Group on Biosecurity plays a crucial role in ensuring that the framework remains responsive to emerging biological threats, including those posed by AI models in biological applications, through its mandate to monitor risks, assess AI model capabilities, and issue qualified alerts to the Commission regarding new biotechnology products of concern and AI models posing biological systemic risks.
To mitigate risks of over-blocking legitimate research, SOC list development and implementing acts should incorporate structured consultation mechanisms engaging the broader scientific and life sciences research community.
There's also a need for proportional, well-defined obligations for providers. These include mandatory KYC verification, sequence screening for synthetic DNA and RNA above defined thresholds (≥50 base pairs, including ssDNA, RNA, oligonucleotides, and benchtop synthesis), and a standardized decision tree for SOC matches offering graduated responses (accept/deny/request additional information/refer to authorities) with reporting of suspicious transactions to designated national contact points and safe harbor protections.
To ensure practical implementation, a hybrid conformity assessment model combining self-attestation, certification, and audits, with risk-based audit frequency and an EU registry of compliant providers and devices, plus EU-supported tools—potentially open-source such as SecureDNA and IBBIS Common Mechanism—as well as standardized reporting systems, audit mechanisms and transparent registries of compliant providers could be used to ensure practical implementation.
Such measures will cut down on fragmentation, support automation, bring down compliance costs and give providers the clarity they need to build Nucleic Acid Synthesis Screening into routine operations. They also enable economies of scale in screening infrastructure and reduce compliance uncertainty, particularly for SMEs and new market entrants.
Integrating Nucleic Acid Synthesis Screening Into EU Governance and Regulation
Operationalizing Nucleic Acid Synthesis Screening calls for a coherent allocation of responsibilities between EU institutions and Member States. This brief envisions an EU-level role centered on defining minimum binding requirements through implementing acts for technical specifications and delegated acts under Article 86 for amendments to Annex I (biotechnology products of concern), managing the SOC service, and offering technical guidance—anchored within Chapter VIII (Biodefence and Preventing Biotechnology Misuse) of the EU Biotech Act.
This framework establishes a layered governance architecture:
EU level: sets minimum requirements, manages SOC service, maintains registry, and oversees monitoring
Member States: enforce compliance, designate competent authorities, and manage referrals
Economic operators: retain primary responsibility for KYC and sequence screening
Third parties: conduct certification and risk-based audits
Working closely with Regulation (EU) 2021/821 on dual-use items (which already includes controls on sensitive biotechnological equipment following Delegated Regulation (EU) 2024/2547) prevents duplication where biotechnology products already fall under dual-use export controls. The Commission would also coordinate international alignment, particularly with partners such as the United States (including recent legislative developments such as the Biosecurity Modernization and Innovation Act (2026)), U.S. Executive Order 14292 on biological research safety and security, May 2025), the UK, New Zealand, ASEAN, and multilateral initiatives including the International Bio Funders Compact (June 2024), which are already advancing screening frameworks. Engagement with ISO/TC 276, WHO, OECD, and the Australia Group would further advance interoperability and mutual recognition.
In this model, EU Member States would keep responsibility for designating competent authorities, enforcing compliance, conducting investigations and integrating Nucleic Acid Synthesis Screening into national biosafety, research oversight and export-control systems. This tiered model preserves subsidiarity while ensuring coherence across borders. Public transparency mechanisms, including registries of compliant providers, would strengthen trust and enable cross-border recognition.
Economic and Legal Feasibility
The implementation of Nucleic Acid Synthesis Screening across the EU is economically feasible and looks to be cost-effective¹. While there are costs tied to software, training, data management and internal governance, these can be cut significantly through shared EU infrastructure, open-source screening tools (such as IBBIS Common Mechanism, SecureDNA), and targeted economic support through grants, compliance vouchers, or procurement incentives—particularly for SMEs and public laboratories. Phased compliance timelines matched to risk profiles and organizational capacity, plus eligibility preferences in EU research programs (like the next Horizon Europe framework programme and the European Competitiveness Fund), reward responsible innovation. A dedicated regulatory impact assessment would help pin down costs and spot optimal support mechanisms.
Why an Implementation Guide Is Needed Now
Considerations about the practical implementation of Nucleic Acid Synthesis Screening represent both a strategic necessity and a practical opportunity. The biotechnology sector is changing rapidly; dual-use research, AI-enabled sequence design and decentralized synthesis technologies are reshaping the landscape in ways that call for proactive, forward-looking governance. Several key jurisdictions are moving ahead with mandatory or harmonized screening systems, and the EU has to ensure that its regulatory framework stays aligned with technological reality and international expectations.
Following the adoption of the EU Biotech Act, the EU needs concrete tools to turn the widespread consensus on the importance of biosecurity into enforceable, coordinated policy measures.
The framework should be implemented through a sequenced approach based on three principles: legal clarity before technical infrastructure; proportionate and capacity-sensitive implementation; and legitimacy through transparency, review, and oversight.
Operationalizing Nucleic Acid Synthesis Screening through clear technical guidance, legal integration within the EU Biotech Act framework and institutional governance is essential if we want to ensure that the EU remains a trustworthy and competitive bioeconomic actor. By offering workable pathways, this brief bridges the gap between policy ambition and practical implementation and helps future-proof the European bioeconomy while reinforcing public trust in emerging biotechnologies. The brief directly tackles emerging challenges including screening gaps created by AI-enabled design and decentralized benchtop synthesis equipment, proposing embedded screening capabilities and user verification in benchtop synthesizers where such devices fall within or enable access to biotechnology products of concern listed in Annex I to the Biotech Act.
Actionable Recommendations
Legislate the baseline. Set EU-wide minimum KYC and sequence screening requirements as biosecurity measures under Chapter VIII of the EU Biotech Act through implementing acts for technical specifications, covering DNA and RNA orders ≥50 base pairs, including benchtop and in-house synthesis contexts where appropriate. Enable delegated acts under Article 86 for amendments to Annex I (biotechnology products of concern) informed by the Advisory Group on Biosecurity's monitoring of biological risks and AI model capabilities.
Standards-based implementation. Reference ISO 20688-2 and IGSC protocols within implementing acts. Develop an EU conformity assessment scheme integrating self-attestation, third-party certification, and risk-based audits. Create a public EU registry of compliant providers and certified devices.
EU SOC service. Launch an EU-curated Sequences of Concern database with secure API access, version control, tiered access permissions, and expert oversight. Establish transparent inclusion and exclusion criteria informed by the Advisory Group on Biosecurity's scientific assessments and responsive to qualified alerts on emerging biological threats and AI models posing biological systemic risks (as per recitals 102-104), with defined update cadences.
Decision tree and safe harbor. Mandate a common decision framework for SOC matches, incorporating red-flag indicators, designated referral pathways to national contact points established under Chapter VIII, and safe harbor protections for good-faith actions including voluntary disclosures and order denials.
Benchtop integration requirements. Require device-embedded screening, user authentication, tamper-resistant logging, and secure update pathways in benchtop nucleic acid synthesis equipment capable of creating sequences of concern (as defined in Annex I). Provide transition timelines and technical guidance for original equipment manufacturers. Support implementation through regulatory sandboxes where appropriate (e.g. Articles 49a–49b).
Economic support and phasing. Offer SME-targeted vouchers and grants, standardized template toolkits, and regulatory sandbox pilots. Sequence compliance milestones by risk classification. Consider programmatic preferences for compliant actors in the next Horizon Europe framework programme and the European Competitiveness Fund.
Consolidated legal and cybersecurity guidance. Issue integrated guidance covering GDPR compliance, Directive (EU) 2022/2555 (NIS2) security requirements (Articles 21-23), recordkeeping obligations, and retention limits. Clarify coordination with Regulation (EU) 2021/821 to avoid duplication where biotechnology products are subject to dual-use export controls. Encourage Data Protection Impact Assessments for screening providers.
International coordination. Engage ISO/TC 276, WHO, OECD, Australia Group, and key partners (UK, US, ASEAN) to advance interoperability and a harmonized approach. Learn from recent international developments including U.S. Executive Order 14292 (May 2025) and the International Bio Funders Compact (June 2024) and coordinate with the Advisory Group on Biosecurity to align international biosecurity efforts, particularly regarding AI models in biological applications, and ensure scientific coherence across jurisdictions. Focus on outcome-based convergence and mutual recognition rather than uniform institutional design.
Monitoring and adaptive management. Establish an operational monitoring mechanism to support the Commission's implementation of Chapter VIII and review of delegated acts under Article 86, complementing the Advisory Group on Biosecurity's scientific threat assessment mandate. This mechanism should focus on compliance metrics (screening coverage, false positive and negative rates, threat detection outcomes) and operational effectiveness, while the Advisory Group maintains its focus on biological risk monitoring and issuing qualified alerts regarding emerging biotechnology products of concern and AI models posing biological systemic risks. Publish annual compliance metrics. Enable iterative refinement through delegated acts informed by empirical evidence and Advisory Group alerts.
Moving Forward
Adopting EU-wide Nucleic Acid Synthesis Screening anchored within Chapter VIII of the EU Biotech Act will strengthen biosecurity, support responsible innovation and position the EU as a global leader in biotech governance.
The window for shaping global norms is narrow; early EU action will determine whether the Union leads or follows.
The next phase calls for further consultation, refinement of technical specifications, preparation of implementing acts and delegated acts under Article 86, and piloting of shared infrastructure including the EU-curated SOC service. Engagement with industry, academia, standards bodies, civil society and national authorities will be essential to ensure a robust and trusted system. An operational monitoring mechanism should be set up to support the Commission's implementation of Chapter VIII, focusing on compliance metrics (screening coverage, false positive and negative rates, threat detection outcomes) while the Advisory Group on Biosecurity maintains its focus on biological risk monitoring and issuing qualified alerts regarding emerging biotechnology products of concern and AI models posing biological systemic risks.
Drawing from recent international policy developments and with targeted economic support, benchtop device integration requirements, and comprehensive legal guidance integrating Directive (EU) 2022/2555 (NIS2) and coordination with Regulation (EU) 2021/821, the EU has an unprecedented opportunity to establish a gold standard for biosecurity governance in the synthetic biology era. The time for action is now—the infrastructure, expertise, and political momentum necessary for implementation are aligned, offering a unique window to establish Europe as a leading jurisdiction for biosecurity governance in the synthetic biology era.
Organizations interested in contributing to or preparing for EU-level implementation are encouraged to express interest as the next phase of coordinated development begins.
