Screening Framework Guidance for Providers of Synthetic Double-Stranded DNA

Abstract

I. Summary

Synthetic biology, the developing interdisciplinary field that focuses on both the design and fabrication of novel biological components and systems as well as the re-design and fabrication of existing biological systems, is poised to become the next significant transforming technology for the life sciences and beyond. Synthetic biology is not constrained by the requirement of using existing genetic material and thus has great potential to be used to generate organisms, both currently existing and novel, including pathogens that could threaten public health, agriculture, plants, animals, the environment, or materiel. In the United States, many such pathogens, as well as certain toxins, are defined by specific existing regulations: namely, the Select Agent Regulations (SAR) and, for international orders, the Export Administration Regulations (EAR). To reduce the risk that individuals with ill intent may exploit the application of nucleic acid synthesis technology to obtain genetic material derived from or encoding Select Agents or Toxins and, as applicable, agents on EAR's Commerce Control List (CCL), the U.S. Government has developed Guidance that provides a framework for screening synthetic double-stranded DNA (dsDNA). This Guidance sets forth recommended baseline standards for the gene and genome synthesis industry and other providers of synthetic dsDNA products regarding the screening of orders so that they are filled in compliance with current US regulations and to encourage best practices in addressing biosecurity concerns associated with the potential misuse of their products to bypass existing regulatory controls.

Following this Guidance is voluntary, though many specific recommendations serve to remind providers of their obligations under existing regulations. Briefly, upon receiving an order for synthetic dsDNA, the US Government recommends that providers perform customer screening and sequence screening. If either customer screening or sequence screening raises any concerns, providers should perform follow-up screening. If follow-up screening does not resolve concerns about the order or there is reason to believe a customer may intentionally or inadvertently violate US laws, providers should contact designated entities within the US Government for further information and assistance. This Guidance also provides recommendations regarding proper records retention protocols and screening software.

II. Introduction

Synthetic biology, unlike traditional recombinant DNA technology, is not constrained by the requirement for existing genetic material. This novel feature, along with rapid advances in DNA synthesis technology and the open availability of pathogen genome sequence data, has raised concerns in the scientific community, the dsDNA synthesis industry, the US Government, and the general public that individuals with ill intent could exploit this technology for harmful purposes.

Within the US, microbial organisms and toxins that have been determined to have the potential to pose a severe threat to public health and safety, animal health, plant health, or animal or plant products are regulated through the SAR, administered by the Department of Health and Human Services/Centers for Disease Control and Prevention (HHS/CDC) and the US Department of Agriculture/Animal and Plant Health Inspection Service (USDA/APHIS). The SAR sets forth requirements for the possession, use, and transfer of listed agents. Additionally, the EAR identifies agents and genomic sequences that require export licenses from the United States. The directed synthesis of polynucleotides could enable individuals not authorized to possess Select Agents (or, for international orders, those items listed on the CCL) to obtain them through transactions with providers of synthetic dsDNA. Such synthesis obviates the need for access to the naturally occurring agents or naturally occurring genetic material from these agents, thereby greatly expanding the potential availability of these agents.

The National Science Advisory Board for Biosecurity (NSABB) was charged with identifying the potential biosecurity concerns raised by the ability to synthesize Select Agents and providing advice on whether current US Government policies and regulations adequately cover the de novo synthesis of Select Agents. Their report entitled Addressing Biosecurity Concerns Related to the Synthesis of Select Agents was formally transmitted to the U.S. Government in March 2007. Federal Departments and Agencies with roles in life sciences research and/or security deliberated over the NSABB recommendations and identified a series of relevant policy actions targeted to promote risk management, while seeking to minimize negative impacts upon scientific progress or industrial development.

One of the formal policy actions charged Federal Departments and Agencies to identify, evaluate, and support the establishment of a screening infrastructure for use by providers and users of synthetic nucleic acids while engaging stakeholders in industry and academia. This document provides guidance to all providers of synthetic dsDNA regarding a screening framework for synthetically-derived dsDNA orders. Specific recommendations are in bold type throughout the text.

In the context of this Guidance, the following definitions are applicable:

“Provider” refers to the entity that synthesizes and distributes dsDNA. A provider is understood to be an entity synthesizing dsDNA for and distributing dsDNA to a customer, not a research scientist collaborating with a colleague.¹

“Customer” refers to the individual or organization that orders or requests synthetic dsDNA from a provider, and

“Principal user” is the individual that receives and ultimately uses the ordered or requested dsDNA.

III. Goals of Guidance

The primary goal of the Guidance is to minimize the risk that unauthorized individuals or individuals with malicious intent will obtain “toxins and agents of concern” through the use of nucleic acid synthesis technologies, and to simultaneously minimize any negative impacts on the conduct of research and business operations. The Guidance was developed, in light of providers' existing protocols, to be implemented without unnecessary cost and to be globally extensible, both for US-based providers operating abroad and for international providers.

Providers of synthetic dsDNA have two overriding responsibilities in this context:

Providers should know to whom they are distributing a product

Providers should know if the product that they are synthesizing and distributing contains, in part or in whole, a “sequence of concern”

The Guidance outlines a screening framework that will assist providers in meeting both of these responsibilities. Though certain guidance provided in this document is necessarily framed by U.S. policy and regulations, the Guidance was composed so that fundamental goals, provider responsibilities, and the screening framework could be considered for application by the international community. In particular, though the Select Agents and Toxins and the CCL-listed items that are the primary focus of the Guidance may not be relevant for all countries, the sequence screening framework can be applied to other categories of agents and toxins that may be relevant for other regions.²

IV. Overview: Synthetic dsDNA Screening Framework

Providers should establish a comprehensive and integrated screening framework that includes both customer screening and sequence screening, as well as follow-up screening when customer and/or sequence screening raises a concern.

Customer Screening–The purpose of customer screening is to establish the legitimacy of customers ordering synthetic dsDNA sequences. Providers should develop customer screening mechanisms to verify the legitimacy of a customer if the customer is an organization or confirm customer identity if the customer is an individual, to identify potential ‘red flags,’ and to conform to US trade restrictions and export control regulations.

Sequence Screening–The purpose of sequence screening is to identify when “sequences of concern” are ordered. Identification of a “sequence of concern” does not necessarily imply that the order itself is of concern. Rather, when a “sequence of concern” is ordered, further follow-up procedures should be used to determine if filling the order would raise concern. Sequence screening is recommended for all dsDNA orders.

Follow-up Screening–The purpose of follow-up screening is to verify the legitimacy of customers both at the level of the customer and the principal user, to confirm that customers and principal users placing an order are acting within their authority, and to verify the legitimacy of the end-use.

Many customers will likely volunteer information about their identity or the sequence they are ordering. Providers should corroborate this information as part of their screening framework.

The following overall screening methodology is recommended:

1. Upon receiving an order for synthetic dsDNA, the US Government recommends that providers conduct both customer screening and sequence screening. In customer screening, providers should review the information provided by the customer to verify their corporate or individual identity (as applicable), and to identify potential ‘red flags.’ Providers should also check customers against lists of denied or blocked persons and entities maintained by the Departments of Commerce, State, and Treasury.

In sequence screening, the US Government recommends screening the ordered sequence to identify sequences derived from or encoding Select Agents and Toxins³ and, for international customers, providers should also screen the ordered sequence to identify sequences derived from or encoding items on the CCL.⁴ Scenarios of concern may include:

a. If an ordered dsDNA product can be classified as a Select Agent or Toxin based on the SAR^3,5 or is identified as a “sequence of concern” (defined in Section V.B.1.), additional customer verification steps should be performed and may in some cases be required.

b. If an ordered dsDNA product can be classified as a Select Agent or Toxin based on the SAR,^3,5 providers must be registered under the SAR to possess the dsDNA product. Transfer of the material from the provider must be done in accordance with APHIS and CDC procedures using the APHIS/CDC Form 2 to obtain authorization for and to document the transfer. Additional information on the transfer of Select Agents and Toxins is available at http://www.selectagents.gov.

c. Additional restrictions or licensing requirements may apply for international orders if they include an item that is listed on the CCL.⁶

2. If sequence screening or customer screening raises any concerns, providers should pursue follow-up screening to verify the legitimacy of the customer, the principal user and the end-use of the ordered sequence. The goal of follow-up screening is to assist the provider in determining whether to fill the order. If the provider encounters a scenario where they would benefit from additional assistance in assessing an order, the provider is encouraged to seek advice from the relevant US Government Departments and Agencies by contacting the nearest FBI Field Office Weapons of Mass Destruction (WMD) Coordinator. The WMD Coordinator can be reached by contacting the local FBI Field Office and asking to be connected to the FBI WMD Coordinator.

V. Details: Synthetic dsDNA Screening Framework

This section provides details of the steps involved in the recommended screening framework. These steps include customer screening, sequence screening, and follow-up screening.

A. Customer Screening

Customer screening encompasses two overarching responsibilities of providers: customer verification and identification of any ‘red flags.’

1. Customer Verification

(a) The US Government recommends that, for every order, providers of synthetic dsDNA gather the following information to verify a customer's identity:

Customer's full name and contact information

Billing address and shipping address (if not the same)

Customer's institutional or corporate affiliation (if applicable)

(b) To ensure compliance with US regulations concerning exports and sanctioned individuals and countries, the US Government recommends that, for every order, providers of synthetic dsDNA screen customers against several lists of proscribed entities (described in Section VI).

Lack of affiliation with an institution or firm does not automatically indicate that a customer's order should be denied. In such cases, the US Government recommends conducting follow-up screening .

Additionally, the US Government recognizes that many providers have instituted measures and procedures to properly vet customers. The ongoing development of best practices in customer screening is commendable and encouraged, particularly as methodologies and resources become available to further assist with customer screening.

The US Government recommends that companies retain records of customer orders for at least eight years based on the statute of limitations set forth by US Code of Federal Crimes and Procedures, Title 18 Section 3286. ⁷

The US Government recommends archiving [ sic ] the following information: customer information (point-of-contact name, organization, address, and phone number), order sequence information (nucleotide sequences ordered, vector used), and order information (date placed and shipped, shipping address, and receiver name).

2. ‘Red Flags.’

In reviewing the customer's order information, providers should take into account any circumstances in the proposed transaction that may indicate that the order may be intended for an inappropriate end-use, customer, or destination. These are known as ‘red flags.’

The following is an illustrative list of indicators that can help in identifying suspicious orders of synthetic dsDNA:

A customer whose identity is not clear, who appears evasive about their identity or affiliations, or whose information cannot be confirmed or verified (e.g., addresses do not match, not a legitimate company, no website, cannot be located in trade directories, etc.).

A customer who would not be expected in the course of their normal business to place such an order (e.g., no connection to life science research, biotechnology or requirement for DNA synthesis services).

A customer that requests unusual labeling or shipping procedures (e.g., requests to misidentify the goods on the packaging, requests to deliver to a private address, or requests to change the customer's name after the order is placed, but before it is shipped).

A customer proposing an unusual method of payment (e.g., arranging payment in cash, personal credit card or through a non-bank third party) or offering to pay unusually favorable payment terms, such as a willingness to pay a higher than expected price.

A customer that requests unusual confidentiality conditions regarding the order, particularly with respect to the final destination or the destruction of transaction records.

If a review of customer information reveals one or more ‘red flags,’ the US Government recommends that providers conduct follow-up screening . If providers are unsure about whether to fill an order, they should contact the US Government for further information (described in Section VII).

B. Sequence Screening

Sequence screening, which identifies whether a requested sequence is a “sequence of concern,” is intended to serve as a trigger for further follow-up screening and does not by itself provide a basis for determining whether an order poses a risk. Providers should screen all orders of dsDNA.

1. Identifying “Sequences of Concern.”

The US Government recommends that dsDNA orders be screened for sequences derived from or encoding Select Agents and Toxins and, for foreign orders, for dsDNA derived from or encoding CCL-listed agents, toxins, or genetic elements. The US Government chose the pathogens and toxins identified by HHS and USDA as “Select Agents and Toxins” as an appropriate list of “agents of concern” against which providers should screen orders since:

the list is comprised of high consequence pathogens and toxins that have the potential to pose a severe threat to human, animal, or plant health or to animal or plant products

their possession, use, and transfer are managed through Federal regulations.

The Select Agents and Toxins lists are reviewed biennially and updated as needed to address biosecurity concerns.⁸

The US Government reminds providers to screen for items on the CCL for international orders to ensure they are in compliance with the EAR. As a member of the Australia Group, the United States requires exporters through the EAR to obtain export licenses for exports of reading-frame length nucleic acid sequences from pathogens listed under Export Control Classification Numbers (ECCNs) 1C351, 1C352, 1C353, and 1C354.⁹ The EAR also requires exporters to obtain licenses for exports of reading-frame length nucleic acid sequences from pathogens on the Select Agent list not listed elsewhere on the CCL (ECCN 1C360). The EAR requirements specifically apply to genetic elements that encode toxins or sub-units of controlled toxins or genetic elements associated with pathogenicity of controlled microorganisms.

Therefore, for the purposes of this Guidance, Select Agents and Toxins are classified as “agents of concern,” and “sequences of concern” are dsDNA sequences derived from or encoding Select Agents and Toxins. For international orders, “agents of concern” also include items on the EAR's CCL, and “sequences of concern” include those dsDNA sequences derived from or encoding those items. The US Government may revisit these definitions in the future in light of experience with implementation of the Guidance and scientific and technological developments.

Because the CCL and the Select Agents and Toxins lists are not identical, it is recommended that providers ensure that international orders are screened to identify sequences derived from or encoding items on the Select Agents and Toxins lists and the CCL.

If a customer orders a synthetic dsDNA product that meets the definition of a Select Agent or Toxin,^3,5 domestic providers and customers must be in compliance with the CDC and APHIS Select Agent Regulations (42 CFR part 73, 7 CFR part 331, and 9 CFR part 121) in order to fill the order. A provider of such regulated dsDNA must be registered with CDC or APHIS in order to synthesize these materials. In addition, the provider must obtain an approved transfer form from CDC or APHIS and, for interstate transfers, a permit from APHIS (when applicable) in order to ship such products. International providers are advised that the receiving party must obtain an import permit from CDC and/or APHIS and an approved transfer form in order to receive such products. All providers are advised that receivers must hold a permit in order to receive through importation or interstate transport any product that meets the definition of “plant pest” (as defined at 7 CFR part 330), or any organism or its derivative which may introduce or disseminate any contagious or infectious disease of animals (9 CFR part 122).

The US Government recognizes that there are concerns that synthetic dsDNA sequences not unique to Select Agents or Toxins or CCL items may also pose a biosecurity concern. The US Government also recognizes that many providers have already instituted measures to address these concerns. The ongoing development of best practices in this area is commendable and encouraged, particularly in light of the continued advances in DNA sequencing and synthesis technologies and the accelerated rate of sequence submissions to public databases such as the National Institutes of Health's GenBank. However, due to the complexity of determining pathogenicity and because research in this area is ongoing and many such agents are not currently encompassed by regulations in the US, generating a comprehensive list of such agents to screen against is not currently feasible and hence is not provided in this Guidance.

2. Technical Goals and Recommendations for Sequence Screening

The US Government developed the following list of specific technical goals and recommendations for a sequence screening methodology to ensure the reliable and accurate detection of synthetic dsDNA sequences derived from or encoding “sequences or agents of concern:”

The US Government recommends that the sequence screening method be able to identify sequences unique to Select Agents and Toxins; to meet their obligations under existing regulations, for international orders, screening should also be able to identify sequences unique to CCL-listed agents, toxins, and genetic elements. Many DNA sequences encode genes that are required to maintain normal cellular physiology, otherwise known as “house-keeping genes.” These “house-keeping genes” are highly conserved between pathogenic and nonpathogenic species. Screening methodologies that recognize highly conserved sequences such as “house-keeping genes” as positive “hits” for “sequences of concern” offer little biosecurity benefit and may impede the screening efforts. Such methodologies would produce a larger number of “hits” adding extra burden for screeners and potentially resulting in actual “sequences of concern” being overlooked. Additionally, such a system may hamper scientific research by falsely assigning sequences from closely related microbes as “sequences of concern.”

The US Government recommends that sequence screening be performed for both DNA strands and the resultant polypeptides derived from translations using the three alternative reading frames on each DNA strand (or six-frame translation). Each amino acid is encoded by a codon, a three nucleotide sequence of DNA. The correspondence from codon to amino acid is not unique. A given amino acid may be encoded by one to six distinct codons, which means that an amino acid polypeptide can be encoded by many different DNA sequences. Consequently, to determine whether a nucleotide sequence is derived from or encodes a “sequence or agent of concern,” it is necessary to screen the six-frame translation polypeptides encoded by the DNA sequences in addition to the DNA sequences themselves.

The US Government recommends that sequence alignment methods should enable the detection of any “sequences of concern” in a dsDNA order. The screening routine should be capable of local sequence alignments. A sequence screening system that assesses only the overall sequence length without any local checks may not detect a “sequence of concern” embedded within a larger, benign sequence. In order to ensure that “sequences of concern” embedded within larger sequences are not overlooked, when screening orders longer than 200 base pairs (bps), providers should use screening techniques able to detect “sequences of concern” as short as 200 bps in length. One method that providers may consider using involves comparing overlapping 200 bp nucleotide segments (nucleotides 1–200, 2–201, etc.) and corresponding 66 amino acid sequences, over the length of the dsDNA order, to a public sequence database such as GenBank using a sequence alignment tool.

3. Sequence Screening Methodology

The US Government recommends a “Best Match” approach for sequence screening to determine whether a query sequence is derived from or encodes a Select Agent or Toxin or, for international orders, a sequence from a CCL-listed item. In this approach, the query sequence is aligned with a database of known sequences (such as GenBank) to identify the sequence with the greatest percent identity (the “Best Match”) over each 200 bp nucleic acid segment and corresponding amino acid sequence (or over the entire query sequence for those dsDNA orders shorter than 200 bps). Advantages of the “Best Match” approach include: it is automatically adaptable as new sequences are added to GenBank, it is adaptable to entirely synthetic genes, it can be accomplished using publicly available databases and tools, and it does not require provider discretion in setting similarity cut-off criteria.

In this approach, a query sequence is deemed to be a “hit,” and the order should be investigated further by the provider in follow-up screening, if the nucleotide sequence, over any span of 200 or more nucleotides (or fewer than 200 nucleotides if the query sequence is shorter than 200 bps), or if any of the six derivable 66 amino acid open reading frame (ORF) translations, is more closely related to the sequence of a Select Agent or Toxin (or CCL item, when applicable) than to any other sequence in GenBank. Due to the high sequence similarity of some Select Agents and Toxins with some attenuated strains of Select Agents and Toxins that have been excluded from regulation,¹⁰ sequences that are “Best Matches” to these excluded strains should still be considered a “hit” and the order should be subject to follow-up screening.

The “Best Match” approach is intended to minimize the number of sequence hits due to genes that are shared among both Select Agents or Toxins and non-Select Agents or Toxins (or for genes shared among CCL and non-CCL items, when applicable). Nonetheless, some harmless sequences in Select Agents or Toxins (or CCL items) or those that are routinely used in scientific research may result in a “hit” during this sequence screen. The US Government recommends that providers develop, maintain, and document protocols to determine if a sequence “hit” qualifies as a true “sequence of concern;” protocols that are no longer current should be maintained for at least eight years. Additionally, providers should keep screening records of all “hits” for at least eight years, even if the order was deemed acceptable. In cases where the provider is unable to make the determination, advice can be sought from the relevant US Government Departments and Agencies by contacting the nearest FBI Field Office Weapons of Mass Destruction Coordinator.

As noted in Section V.B.1 above, the US Government recognizes that there are concerns that synthetic dsDNA sequences not unique to Select Agents or Toxins or CCL items may also pose a biosecurity concern. The US Government also recognizes that many providers have already instituted measures to address these concerns. The ongoing development of best practices in this area is commendable and encouraged, particularly in light of the continued advances in DNA sequencing and synthesis technologies and the accelerated rate of sequence submissions to public databases such as GenBank.

To this end, providers may also choose to use other screening approaches that they assess to be equivalent or superior to the “Best Match” approach or that supplement it, including customized database approaches or approaches that evaluate the biological risk associated with non-Select Agent and Toxin sequences or, for international orders, sequences not associated with items on the CCL. These sequence screening recommendations do not preclude the use of curated databases of non-Select Agent or Toxin or non-CCL sequences for sequence screening. The US Government encourages the development of such databases as an additional screening tool that will improve with time as additional data become available. Whatever sequence screening approach a provider adopts, the approach should meet the technical requirements outlined in Section V.B.2; additionally, the provider may choose to develop additional criteria to address non-Select Agent and Toxin or non-CCL sequences. If the provider determines that an ordered product poses a biosecurity risk, the provider should conduct follow-up screening accordingly. The US Government recommends that providers develop, maintain, and document their sequence screening protocols within company records; protocols that are no longer current should be maintained for at least eight years.

The US Government recognizes that continued research and development may lead to new and improved screening methodologies. As new methods are developed, US Guidance may change accordingly.

C. Follow-Up Screening

The purpose of follow-up screening is to verify the legitimacy of the customer and the principal user, to confirm that the customer and principal user placing an order are acting within their authority, and to verify the legitimacy of the end-use.

Follow-up screening should be conducted if customer screening or sequence screening raises any concerns. In any case where there are abnormal circumstances surrounding the order or the customer has ordered a “sequence of concern,” the US Government recommends that providers ask for information about the customer and principal user, including the proposed end-use of the order, to help assess the legitimacy of their order.¹¹ Sample end-uses of ordered synthetic dsDNA could include, but are not limited to:

Identification of pathogenicity genes via marker-deletion mutagenesis

Training for threat agent detection

Production of organism for experimental research studies

If not conducted previously, providers should gather the following information to verify a principal user's identity:

Principal user's full name and contact information

Billing address and shipping address (if not the same)

Principal user's institutional or corporate affiliation (if applicable)

If the customer or principal user is affiliated with an institution or firm, providers should contact the relevant biological safety officer, supervisor, lab director, director of research, or other relevant institutional representative in order to confirm the order, verify the customer's and principal user's identity, and verify the legitimacy of the order. If the customer or principal user is not affiliated with an institution or firm, providers should also conduct a literature review of the customer's or principal user's past research to verify his or her identity and the legitimacy of the order. If a literature review results in no publications, providers should request the unaffiliated customer or principal user provide references that can verify their identity and the legitimacy of the order. Additionally, the US Government recommends that providers screen principal users against several lists of proscribed entities (described in Section VI), if this step wasn't already performed as part of customer screening .

Providers may consider other steps that could be implemented as part of follow-up screening. For example, when the customer is an institution or firm, providers may consider the following steps: check the customer's contact information against standard industry and institutional directories and listings; where the customer is known by reputation, check that the contact information matches its Web page; and/or confirm customer identity though government contacts. When the customer or principal user is affiliated with an institution or firm, providers may consider the following steps: check whether the institution's or firm's usual paperwork has been used to place the order; check that shipments will be delivered to the institution's or firm's usual address; check that the customer's and principal user's supervisors have been copied on the order or can confirm the order; check that the order has been certified by the institution or firm; and/or check that the end-use has been reviewed and approved by the institutional biosafety committee or another relevant institutional committee.

It is important to note that a provider's decision to pursue follow-up screening does not necessarily imply that the US Government will be contacted. However, in cases where follow-up screening cannot resolve concerns raised by customer screening or sequence screening, or when providers are otherwise unsure about whether to fill an order, the US Government recommends that providers contact relevant agencies as described in Section VII. Providers should retain records of any follow-up screening , even if the order was ultimately filled, for at least eight years.

VI. Recommended Processes for Domestic and International Orders

This section outlines recommendations for specific screening processes for orders from domestic and international customers. The customer screening, sequence screening, and follow-up screening protocols that are referenced in this section are defined and described in Section V. Most of the information provided in this section serves as a reminder to providers to ensure they are meeting their legal obligations not to conduct unapproved business transactions with certain proscribed entities.

A. Domestic Orders

Once a domestic customer order is received, the provider should conduct both customer screening and sequence screening, in no particular order.

1. Customer Screening

In addition to verifying the customer identity and identifying any ‘red flags,’ providers should be aware of regulatory and statutory prohibitions for US persons from dealing with certain foreign persons, entities and companies. In order to avoid violating US law, providers are encouraged to check the customer against several lists of proscribed entities before filling each order, including the:

Department of Treasury Office of Foreign Assets Control (OFAC) list of Specially Designated Nationals and Blocked Persons (SDN List)

Department of State list of persons engaged in proliferation activities

Department of Commerce Denied Persons List (DPL)

According to US regulations, no US persons or entities may conduct business transactions with individuals or entities on the SDN List without a license from OFAC. This list is maintained by OFAC. OFAC only provides a license to deal with individuals on the SDN List in extremely limited circumstances.¹²

According to US regulations, no US persons or entities may conduct business transactions with individuals sanctioned by the Department of State for engaging in proliferation activities. ¹³

Additionally, the US Government recommends that providers screen customers against the DPL for domestic orders. This list includes those firms and individuals whose export privileges have been denied. While the Department of Commerce only regulates exports and therefore does not require that companies screen their domestic customers against the list, it recommends that they do so, to avoid unwittingly passing on sensitive technology or materials to U.S. residents known to be involved in proliferation activities.⁴

Because the updated lists are available online, providers should ensure they are using the most recently updated lists when screening customers or principal users against these lists.

If there are concerns after consulting these lists, providers should seek assistance from the US Government as outlined in Section VII.

2. Sequence Screening

Providers should also conduct sequence screening. If a “sequence of concern” is identified, providers should conduct follow-up screening.

B. International Orders

Once an order from an international customer is received, the provider should conduct customer screening and sequence screening, in no particular order. Providers are reminded that genetic elements of the Select Agents and Toxins, microorganisms and toxins (proteins) are controlled for export. Exporters should make sure they are in compliance with the EAR when exporting genetic elements from CCL-listed items.⁴

1. Customer Screening

In addition to verifying the customer identity, identifying any ‘red flags,’ and complying with the rules described for domestic orders, all providers who export products from the United States to international customers must comply with the US export laws, including the International Emergency Economic Powers Act,¹⁴ the Trading with the Enemy Act,¹⁵ and any implementing US Government regulations or Presidential Executive orders. Certain transactions with sanctioned countries may be permitted but may require a license from OFAC and/or the Department of Commerce's Bureau of Industry and Security (BIS). Currently, most transactions involving Cuba, Iran, and Sudan are prohibited. In order to comply with the US export laws and regulations, providers must first determine whether a given transaction with a sanctioned country is permitted, and, if not permitted without a license or approval, obtain any appropriate export licenses or other US Government permissions prior to exporting any product to sanctioned countries.

According to US regulations, no US persons or entities may conduct transactions with individuals or entities on the SDN List without a license from OFAC. This list is maintained by OFAC. OFAC only provides a license to deal with individuals on the SDN List in extremely limited circumstances.¹²

According to US regulations, no US persons or entities may conduct business transactions with individuals sanctioned by the Department of State for engaging in proliferation activities. ¹³

Some products may not have a specific number on the CCL and so will be designated as EAR99 for export purposes. Items designated as EAR99 do not require a license unless they are exported to countries on the embargoed list, to banned individuals, or for prohibited end-uses. As a result, before filling an international order for any dsDNA product that cannot be classified under an Export Control Classification Number (ECCN), providers must consult several lists of such individuals and organizations according to the EAR.⁴ If the customer appears on any of these lists, additional action is required and an export license may be necessary, depending on the list.¹⁶ These lists include the DPL, the Entity List (EL),¹⁷ and the Unverified List (UL).¹⁸

In addition to the SDN List and proliferation sanctions notifications, providers must not conduct business with persons and entities on the DPL based on the EAR.⁴ The DPL includes parties that have been denied export and reexport privileges.

In accordance with the EAR, exports to persons or entities on the EL require an export license.^4,17 The EL contains a list of names of certain international persons—including businesses, research institutions, government and private organizations, individuals, and other types of legal persons—that are subject to specific license requirements for the export, reexport and/or transfer (in-country) of specified items. On an individual basis, the persons on the EL are subject to licensing requirements and policies supplemental to those found elsewhere in the EAR.

The presence of a party on the UL in a transaction is a “red flag” that should be resolved before proceeding with the transaction.^4,18 The UL includes names and countries of foreign persons who in the past were parties to a transaction with respect to which BIS could not conduct a pre-license check (PLC) or a post-shipment verification (PSV) for reasons outside of the US Government's control. Additional “red flags” can be found in Supplement No. 3 to Part 732 of the EAR.

To avoid violating US laws and regulations, providers should consult these lists whenever an international customer places an order. Because the updated lists are available online, providers should ensure they are using the most recently updated lists when screening customers or principal users against these lists.

Additionally, US persons or entities may not export, reexport, or transfer (in-country) an item subject to the EAR without a license if, at the time of export, reexport, or transfer (in-country) the exporter knows that the item will be used in the design, development, production, stockpiling, or use of biological weapons in or by any country or destination, worldwide.

If any of these checks reveals cause for concern, the provider should proceed according to the details provided in Section VII.

If an order involves an export, according to the EAR, both the provider and customer are required to maintain documentary evidence of the transaction and are prohibited from misrepresenting or concealing material facts in licensing processes and all export control documents.⁴

If customer screening raises any concerns, providers should conduct follow-up screening.

2. Sequence Screening

Providers should also perform sequence screening. The US Government reminds providers to conduct sequence screening on orders from international customers to determine whether they are governed by and to ensure compliance with the EAR.⁴

The US Government recommends that, in addition to screening for sequences unique to Select Agents and Toxins, providers use a “Best Match” approach to identify sequences unique to pathogens, toxins, and genetic elements on the CCL when an order is placed by an international customer. If the ordered dsDNA is controlled under ECCN 1C353 (which covers genetic elements and genetically modified organisms) and is capable of encoding a protein, an export license is necessary for all international orders, according to the EAR.⁴ Because the EAR's CCL and the Select Agents and Toxins lists are not identical, it is recommended that providers ensure that international orders are screened to identify sequences unique to Select Agents and Toxins and CCL-listed items.

If a “sequence of concern” is identified, providers should conduct follow-up screening.

VII. Contacting the US Government

In cases where follow-up screening cannot resolve an issue raised by either customer screening or sequence screening , the US Government recommends that providers contact one of the following agencies for further information:

Federal Bureau of Investigation (FBI)

If an order raises concerns based on customer screening or sequence screening and follow-up screening does not sufficiently verify the customer's identity, the principal user's identity, and the order's intended end-use, providers should contact the Weapons of Mass Destruction (WMD) Coordinator at their nearest FBI Field Office. Providers should also contact the WMD Coordinator if follow-up screening reveals that the customer or principal user has no legitimate need for the order.

CDC and APHIS Select Agent Regulatory Programs (Select Agent Programs)

If necessary, the CDC and APHIS Select Agent regulatory programs can be contacted through the national Select Agent website (www.selectagents.gov). The CDC program can be contacted directly via e-mail at lrsat@cdc.gov or by fax at 404-718-2096. The APHIS program can be contacted directly via e-mail at Agricultural.Select.Agent.Program@aphis.usda.gov or by fax at 301-734-3652.

Department of Commerce

If sequence screening reveals that an order from an international customer contains a Select Agent or “sequence of concern,” providers should contact the nearest field office of the Department of Commerce's Office of Export Enforcement. Providers should also contact the Office of Export Enforcement if they receive an international order from a country currently subject to a U.S. trade embargo or a customer or principal user that is on one of the proscribed lists described in Section VI. The Department of Commerce will contact other U.S. Government agencies as necessary. The supervisory office is in Washington, D.C. and the phone number is 202-482-1208. Locations and contact information for all field offices are available at www.bis.doc.gov/about/programoffices.htm Assistance from an export counselor at the Department of Commerce is available by calling 202-482-4811.

Scenarios

If providers encounter one of the following scenarios and are unable to resolve issues raised by customer screening or sequence screening, they can contact one of the following US Government agencies for assistance, using the contact information provided above:

Provider receives synthetic dsDNA order and a customer flag (suspicious customer) is identified in customer screening. Follow-up screening does not resolve the concerns. Recommend the provider contact the nearest FBI Field Office WMD Coordinator. FBI contacts other Departments and Agencies, as appropriate.

Provider receives a synthetic dsDNA order that is for a Select Agent or Toxin. Provider should refer to the Select Agent Regulations and follow necessary protocols. If necessary, the provider should contact the appropriate Select Agent Program (CDC or APHIS).

a. CDC or APHIS may contact FBIHQ as appropriate.

Provider receives a synthetic dsDNA order that incorporates a “sequence of concern”; follow-up screening reveals no legitimate purpose¹¹ for order or research requirement. Provider should contact the FBI WMD Coordinator. FBI contacts the CDC or APHIS as appropriate.

Provider receives an international synthetic dsDNA order incorporating a Select Agent or Toxin or a “sequence of concern” and DOC denies the export license. DOC contacts the FBI as appropriate.

Provider receives a synthetic dsDNA order from a customer that is listed on one or more restricted lists, which prohibits the fulfillment of the order. Provider should contact the FBI WMD Coordinator. FBI contacts DOC as appropriate.

VIII. Customer and Sequence Screening Software and Expertise

There are a variety software packages that can assist with the verification of customers (and principal users, if necessary) and screening against the necessary lists of proscribed entities. Providers should be aware that commercially available software packages may not necessarily address all aspects of customer screening recommended by the US Government.

In addition to a sequence database and screening method, appropriate sequence screening software must be selected by providers of synthetic dsDNA. The US Government recommends that providers select a sequence screening software tool that utilizes a local sequence alignment technique; a popular and publicly available suite of algorithms that meets this requirement is the BLAST family of tools, and other tools are available. BLAST is available for download for free at the National Center for Biotechnology Information website.¹⁹ Similar tools are also freely or commercially available, or could be designed by the provider to meet their sequence screening needs. Specific criteria for the statistical significance of the hit (BLAST's e-values) or percent identity values will not be recommended because these details depend on the specific screening protocol. By utilizing the “Best Match” approach, the sequence with the greatest percent identity over each 66 amino acid or 200 bp fragment should be considered the “Best Match,” regardless of the statistical significance or percent identity.

The US Government recommends that providers of synthetic dsDNA have the necessary expertise in-house to perform the sequence screenings, analyze the results and conduct the appropriate follow-up research to evaluate the significance of dubious sequence matches. Such follow-up research could include comparing the ordered sequence to information found in the published literature about Select Agents and Toxins (or, when applicable, items on the CCL) or with information found in other databases of Select Agents and Toxins (or items on the CCL).

The US Government recognizes that continued research and development on new and improved bioinformatics tools is desirable. As new methods are developed, US Guidance may change accordingly.

IX. Records Retention

The US Government recommends that providers:

Retain records of customer orders for at least eight years based on the statute of limitations set forth by US Code of Federal Crimes and Procedures, Title 18 Section 3286.⁷

Archive the following information: customer information (point-of-contact name, organization, address, and phone number), order sequence information (nucleotide sequences ordered, vector used), and order information (date placed and shipped, shipping address, and receiver name).

Develop, maintain, and document protocols to determine if a sequence “hit” qualifies as a true “sequence of concern;” protocols that are no longer current should be maintained for at least eight years.

Keep screening records of all “hits” for at least eight years, even if the order was deemed acceptable.

Develop, maintain, and document their sequence screening protocols within company records; protocols that are no longer current should be maintained for at least eight years.

Retain records of any follow-up screening , even if the order was ultimately filled, for at least eight years.

X. Appendix to Screening Framework Guidance for Providers of Synthetic Double-Stranded Dna

Summary of Recommendations

The field of synthetic genomics is evolving rapidly. This document is intended to provide guidance to providers of synthetic double-stranded DNA (dsDNA) regarding the screening of orders so that they are filled in compliance with current U.S. regulations and to encourage best practices in addressing biosecurity concerns associated with the potential misuse of their products to bypass existing regulatory controls. The US Government recommends that all orders of synthetic dsDNA be subject to a screening framework that incorporates both sequence screening and customer screening.

Customer Screening

The US Government recommends that, for every order, providers of synthetic dsDNA:

(1) Gather the following information to verify a customer's identity:

Customer's full name and contact information

Billing address and shipping address (if not the same)

Customer's institutional or corporate affiliation (if applicable)

(2) Screen customers against several lists of proscribed entities (described in Section VI).

In cases where the customer is not affiliated with an institution or firm, the US Government recommends that the provider conduct follow-up screening.

If a review of customer information reveals one or more ‘red flags,’ the US Government recommends that providers conduct follow-up screening.

Sequence Screening

The US Government recommends that:

Ordered sequences be screened using a “Best Match” approach to identify sequences that are unique to Select Agents and Toxins.

For international orders, ordered sequences be screened using a “Best Match” approach to identify sequences that are unique to pathogens, toxins, and genetic elements on the Commerce Control List (CCL), in addition to screening for sequences that are unique to Select Agents and Toxins.

Sequence screening be performed for both DNA strands and the resultant polypeptides derived from translations using the three alternative reading frames on each DNA strand (or six-frame translation).

Sequence alignment methods should enable the detection of any “sequences of concern” in a dsDNA order.

In order to ensure that “sequences of concern” embedded within larger sequences are not overlooked, when screening orders longer than 200 bps, providers should use screening techniques able to detect “sequences of concern” as short as 200 bps in length.

If a customer orders a synthetic dsDNA product that meets the definition of a Select Agent or Toxin,²⁰ domestic providers and customers must be in compliance with the CDC and APHIS Select Agent Regulations (42 CFR part 73, 7 CFR part 331, and 9 CFR part 121) in order to fill the order.

Follow-up Screening

Providers should conduct follow-up screening if sequence screening or customer screening raises any concerns. In follow-up screening, the US Government recommends that providers ask for information about the customer and principal user, including the proposed end-use of the order, to help assess the legitimacy of their order. Providers should gather the following information to verify a principal user's identity:

Principal user's full name and contact information

Billing address and shipping address (if not the same)

Principal user's institutional or corporate affiliation (if applicable)

If the customer or principal user is associated with an institution or firm, providers should contact the relevant biological safety officer, supervisor, lab director, director of research, or other relevant institutional representative to confirm the order, verify the customer's and principal user's identity, and verify the legitimacy of the order. If the customer or principal user is not affiliated with an institution or firm, providers should also conduct a literature review of the customer's or principal user's past research to verify his or her identity and the legitimacy of the order. If a literature review results in no publications, providers should request the unaffiliated customer or principal user provide references that can verify their identity and the legitimacy of the order. Additionally, providers should screen principal users against several lists of proscribed entities (described in Section VI), if this step wasn't already performed as part of customer screening.

Domestic Orders

The US Government reminds providers of the following:

According to US regulations, no US persons or entities may conduct transactions with individuals or entities on the list of Specially Designated Nationals and Blocked Persons (SDN List) without a license from the Department of the Treasury Office of Foreign Assets Control (OFAC).²¹

According to US regulations, no US persons or entities may conduct business transactions with individuals sanctioned by the Department of State for engaging in proliferation activities.²²

The US Government recommends that providers check domestic customers against the most recent Department of Commerce Denied Persons List (DPL).²³

In order to avoid violating U.S. law, providers are encouraged to check the customer against the most recent versions of these lists of proscribed entities before filling each order.

International Orders

The US Government reminds providers of the following:

All providers who export products from the United States to international customers must comply with the US export laws, including the International Emergency Economic Powers Act (IEEPA),²⁴ the Trading with the Enemy Act,²⁵ and any implementing US Government regulations or Presidential Executive Orders. Certain transactions with sanctioned countries may be permitted, but most require a license from OFAC and/or the Department of Commerce's Bureau of Industry and Security (BIS). Most transactions involving Cuba, Iran, and Sudan are prohibited. In order to comply with the US export laws and regulations, providers must first determine whether a given transaction with a sanctioned country is permitted, and, if not permitted without a license or approval, obtain any appropriate export licenses or other US Government permissions prior to exporting any product to sanctioned countries.

According to US regulations, no US persons or entities may conduct business transactions with individuals and entities on the SDN List without a license from OFAC.²¹

According to US regulations, no US persons or entities may conduct business transactions with individuals sanctioned by the Department of State for engaging in proliferation activities.²²

The Export Administration Regulations (EAR) require that providers have an export license from BIS prior to exporting a synthetic nucleic acid that is controlled by an Export Control Classification Number (ECCN) and is capable of encoding a protein.²³

US persons or entities may not export, reexport, or transfer (in-country) an item subject to the EAR without a license if, at the time of export, reexport, or transfer (in-country) the exporter knows that the item will be used in the design, development, production, stockpiling, or use of biological weapons in or by any country or destination, worldwide.²³

In accordance with the EAR, providers must not conduct business with persons and entities on the DPL.²³

In accordance with the EAR, exports to persons or entities on the Entity List require an export license and are subject to licensing requirements and policies in addition to those elsewhere in the EAR.²⁶

The presence of a party on the UL in a transaction is a ‘red flag’ that should be resolved before proceeding with the transaction.²⁷

In accordance with the EAR, if an order involves an export, both the provider and customer are required to maintain documentary evidence of the transaction and are prohibited from misrepresenting or concealing material facts in licensing processes and all export control documents.²³

In order to avoid violating US laws and regulations, providers are encouraged to check the international customer against the most recent versions of these lists of proscribed entities before filling each order.

The US Government recommends that providers utilize a “Best Match” approach to identify sequences unique to pathogens, toxins, and genetic elements on the Commerce Control List for international orders, as well as identifying sequences unique to Select Agent and Toxins.

Contacting the US Government

In cases where follow-up screening cannot resolve concerns raised by either customer screening or sequence screening, or when providers are otherwise unsure about whether to fill an order, the US Government recommends that providers contact relevant agencies as described in Section VII.

Customer and Sequence Screening Software and Expertise

Providers should be aware that commercially available customer screening software packages may not necessarily address all aspects of customer screening recommended by the US Government.

The US Government recommends that:

Providers select a sequence screening software tool that utilizes a local sequence alignment technique.

Providers have the necessary expertise in-house to perform the sequence screenings, analyze the results, and conduct the appropriate follow-up research to evaluate the significance of dubious sequence matches.

Records Retention

The US Government recommends that providers:

Retain records of customer orders for at least eight years based on the statute of limitations set forth by US Code of Federal Crimes and Procedures, Title 18 Section 3286.²⁸

Develop, maintain, and document protocols to determine if a sequence “hit” qualifies as a true “sequence of concern”; protocols that are no longer current should be maintained for at least eight years.

Keep screening records of all “hits” for at least eight years, even if the order was deemed acceptable.

Develop, maintain, and document their sequence screening protocols within company records; protocols that are no longer current should be maintained for at least eight years.

Retain records of any follow-up screening, even if the order was ultimately filled, for at least eight years.

Footnotes

1

Transfers of synthetic dsDNA should be evaluated for conformance with the SAR and EAR even when dealing with collaborating laboratories.

2

The CCL items that are on the Australia Group Common Control Lists are relevant for all Australia Group members (see ).

3

Please see to access the most recent Select Agents and Toxins lists.

4

Visit to access the most recent Commerce Control List and review the Export Administration Regulations. The pathogens on the Commerce Control List are derived from the Select Agents and Toxins lists and the Australia Group's three pathogen control lists. As a member of the Australia Group, the United States has made a commitment to control exports of pathogens and their genetic elements on these lists.

5

The CDC/APHIS national Select Agent registry website () contains a guidance document entitled “Applicability of the Select Agent Regulations to Issues of Synthetic Genomics” to assist providers in identifying synthetically derived Select Agent materials that would fall under the current regulations. The regulation of Select Agents and Toxins currently includes (1) Nucleic acids that can produce infectious forms of any Select Agent viruses and (2) Recombinant nucleic acids that encode for the functional form(s) of any of the regulated toxins if the nucleic acids: (i) Can be expressed in vivo or in vitro, or (ii) Are in a vector or recombinant host genome and can be expressed in vivo or in vitro.

6

See Category 1, ECCN 1C353 of the CCL available at

7

The eight-year statute of limitations in Section 3286 applies to the offense defined by Title 18 Section 175(b) (possession of biological agents with no reasonable justification).

8

A list of biological agents and toxins that affect humans has been promulgated by HHS/CDC (HHS Select Agents and Toxins, 42 CFR §73.3). A list of biological agents that affect animals and animal products has been promulgated by USDA/APHIS/Veterinary Services (USDA Select Agents and Toxins, 9 CFR §121.3). A list of agents that affect plants and plant products has been promulgated by USDA/APHIS/Plant Protection and Quarantine (USDA Select Agents and Toxins, 7 CFR §331.3). Additionally, HHS and USDA promulgated a list of “overlap” agents that affect both humans and animals (42 CFR §73.4 and 9 CFR §121.4).

9

Definitions of terms pertinent to exports can be found in Part 772 of the EAR. Part 734 (15 CFR chapter VII, subchapter C) describes the scope of the EAR and explains certain key terms and principles used in the EAR. The EAR provisions are subject to change, as they are regularly updated pursuant to multilateral agreements.

10

Information about attenuated strains that are not subject to the requirements of 42 CFR Part 73, 9 CFR Part 121, and 7 CFR Part 331 can be accessed at

11

As statutory precedent for requesting information about proposed end-use, providers and customers should be aware of US Code Title 18 Section 175(b), which states in part that “Whosoever knowingly possesses any biological agent, toxin, or delivery system of a type or in a quantity that, under the circumstances, is not reasonably justified by a prophylactic, protective, bona fide research, or other peaceful purpose, shall be fined under this title, imprisoned not more than 10 years, or both.”

12

Additional information, including the SDN List, available at

13

Announcements of such sanctions determinations are printed in the Federal Register and are maintained on the Department of State's website ().

14

Visit for additional information.

15

Visit for additional information.

16

A general review of export control basics is available at

17

The Entity List is found in Supplement No. 4 to Part 744 of the EAR and can be found on the website It is updated periodically.

18

The Unverified List is found on the website It is updated periodically.

19

20

Please see to access the most recent Select Agents and Toxins lists. The CDC/APHIS national Select Agent registry website (www.selectagents.gov) contains a guidance document entitled “Applicability of the Select Agent Regulations to Issues of Synthetic Genomics” to assist providers in identifying synthetically derived Select Agent materials that would fall under the current regulations.

21

Additional information, including the SDN List, is available at

22

Announcements of such sanctions determinations are printed in the Federal Register and are maintained on the Department of State's website ().

23

Visit to access the most recent Commerce Control List and review the Export Administration Regulations.

24

Visit for additional information.

25

Visit for additional information.

26

The Entity List is found in Supplement No. 4 to Part 744 of the EAR and can be found on the website It is updated periodically.

27

The Unverified List is found on the website It is updated periodically.

28

Section 3286 specifies that no person shall be prosecuted, tried, or punished for any noncapital offense involving certain violations unless the indictment is found or the information is instituted within 8 years after the offense was committed. This statute of limitations applies to Title 18 Section 175(b)(possession of biological agents with no reasonable justification).