Guidance

UK screening guidance on synthetic nucleic acids for users and providers

Published 8 October 2024

This gene synthesis guidance from the Department for Science, Innovation and Technology (DSIT) sets baseline expectations for all individuals and organisations involved in the provision, use, and transfer of synthetic nucleic acids and benchtop equipment that synthesises nucleic acids in the UK. The guidance points to areas for further work and welcomes input from academia, industry and think tanks to shape future interventions.

The 2023 UK Biological Security Strategy outlines how the UK will become resilient to a spectrum of biological threats and a world leader in responsible innovation, making a positive impact on global health, economic and security outcomes.

This guidance contributes towards the UK’s efforts in addressing biosecurity concerns associated with the deliberate or accidental misuse of synthetic nucleic acids, whilst enabling and championing legitimate use.

For any questions about the gene synthesis guidance contact responsibleinnovation@dsit.gov.uk.

Introduction

The 2023 National Vision for Engineering Biology defines engineering biology as the ‘design, scaling and commercialisation of biology-derived products and services that can transform sectors or produce existing products more sustainably’. It draws on the tools of synthetic biology to create the next wave of innovation in the bioeconomy. Advances in nucleic acid synthesis technology and the availability of genetic sequence data have contributed to discovery and innovation across the bioeconomy, including pioneering new solutions across industries that will make future generations healthier, more prosperous and enable them to live more sustainably. The 2023 National Vision for Engineering Biology outlines the government’s collective ambition for engineering biology and recognises that this critical technology must be applied, safely, and responsibly to capture its full economic and societal potential.

Advances in engineering biology mean that companies can now ‘print’ nucleic acids with virtually any sequence and construct longer genomic sequences from short nucleic acids with greater accuracy. These advances help academics and businesses study or engineer existing or novel biological systems but could also make it easier for hostile actors to obtain the components of dangerous biological systems that could cause harm, including pathogens. Increased access to synthetic nucleic acids, coupled with developments in converging tools and technologies – such as AI – and an increase in knowledge and expertise, may exacerbate the risks of engineering biology. Introducing safeguarding mechanisms to the supply and use of synthetic nucleic acid could lower the risk of misuse.

The 2023 UK Biological Security Strategy commits the government to prevent the misuse and misapplication of engineering biology and agree a proportionate approach towards security-conscious ways of working. Addressing the risk associated with engineering biology requires a full-government, system wide approach, with points of intervention across the design-build-test-learn cycle.

This gene synthesis guidance is for all users and providers operating in the UK and supports and builds upon existing domestic legislation, developed to prevent or mitigate the accidental or deliberate misuse of engineering biology. The UK government has relevant legislation in place domestically to reduce the inherent risks associated with engineering biology. This includes:

Part 7, The Anti-terrorism, Crime and Security Act 2001 (ATCSA 2001), which regulates the ability of sites including universities and science research laboratories to obtain, store and work with certain pathogens and toxins. A person guilty of an offence under this section is liable:

a) on conviction on indictment, to imprisonment for a term not exceeding 5 years or a fine (or both); and
b) on summary conviction, to imprisonment for a term not exceeding 6 months or a fine not exceeding the statutory maximum (or both).

Schedule 5, The Anti-terrorism, Crime and Security Act 2001(ATCSA 2001), which notes the pathogens and toxins that could be used in an act of terrorism to endanger life or cause serious harm to health.

a) Any reference to a micro-organism includes:

• intact micro-organisms;
• micro-organisms which have been genetically modified by any means, but retain the ability to cause serious harm to human health;
• any nucleic acid deriving from a micro-organism listed in this schedule (synthetic or naturally derived, contiguous or fragmented, in host chromosomes or in expression vectors) that can encode infectious or replication competent forms of any of the listed micro-organisms;
• any nucleic acid sequence derived from the micro-organism which when inserted into any other living organism alters or enhances that organism’s ability to cause serious harm to human health.

b) Any reference in this schedule to a toxin includes:

• any nucleic acid sequence coding for the toxin, and
• any genetically modified micro-organism containing any such sequence.

c) Any reference in this schedule to a toxin excludes any non-toxigenic subunit.

d) A person guilty of an offence under this section is liable:

• on conviction on indictment, to imprisonment for a term not exceeding 5 years or a fine (or both); and
• on summary conviction, to imprisonment for a term not exceeding 6 months or a fine not exceeding the statutory maximum (or both).

Biological Weapons Act 1974, prohibits the development, production, stockpiling, acquisition or retention of any biological agent or toxin of a type and in a quantity that has no justification for prophylactic, protective or other peaceful purposes or any weapon, equipment or means of delivery designed to use biological agents or toxins for hostile purposes or in an armed conflict. A person guilty of an offence is liable on conviction on indictment to imprisonment for life.

Chemical Weapons Act 1996, prohibits and criminalises the development, production, acquisition, transfer, stockpiling and use of chemical weapons and relevant toxins. A person guilty of an offence is liable on conviction on indictment to imprisonment for life.

Genetically Modified Organisms (Contained Use) Regulations 2014. These regulations apply to any contained use of genetically modified microorganisms in contained use of genetically modified microorganisms in contained use settings. GMO(CU) requires permission for activities involving genetic modification to be granted by the Health and Safety Executive (HSE). Activities that involve introduction of synthetic nucleic acids into an organism are covered under the requirements of GMO(CU). Although GMO(CU) does not consider naked nucleic acid, oligonucleotides, synthetic DNA, or plasmids to be micro-organisms, full-length copies of the genomes of viruses (whether recombinant or synthetically made) that have the potential to be infectious in their own right are considered to be microorganisms.

Specified Animal Pathogens Orders (SAPO), for the regulation of animal pathogens that are not endemic to the UK. SAPO prohibits any person from having in their possession any specified animal pathogen listed in Part 1 of Schedule 1 of SAPO without a licence. This includes any nucleic acid derived from an animal pathogen listed in that schedule that could produce that pathogen when introduced into a biological system in which the nucleic acid is capable of replicating. Those who wish to possess or work with a specified animal pathogen or a carrier (in which a specified animal pathogen may be present) in England, Scotland or Wales need to complete an application for a SAPO license. SAPO licenses are issued by HSE on behalf on Defra and the devolved administrations.

The Importation of Animal Pathogens Order (IAPO), for the regulation of the import of animal pathogens to the UK.

Control of Substances Hazardous to Health Regulations 2002 (COSHH). COSHH requires employers to prevent or control exposure to substances that are hazardous to health, including the protection of workers from risks related to exposure to hazardous biological agents at work. This requires the UK to classify biological agents that are or may be a hazard to human health. The Approved List of biological agents provides the classification of biological agents as referred to in COSHH. It is produced by the Advisory Committee on Dangerous Pathogens (ACDP) and is relevant to risk assessment for work with biological agents and the application of appropriate control measures. Nucleic acids with harmful properties would be covered under the requirements of COSHH.

The UK also plays an active role in promoting relevant international obligations and commitments, such as:

The Biological and Toxins Weapons Convention:: The BTWC came into force in 1975 and effectively prohibits the development, production, acquisition, transfer, stockpiling and use of biological and toxin weapons which could threaten human, other animal and plant health. The UK was one of the originators of the BTWC and since entry into force, has been an active participant and recognised global leader on the BTWC. The UK is also one of three Depositary States for the Convention.

The Chemical Weapons Convention (CWC): The CWC entered into force in 1997, it includes prohibitions on the development, production, acquisition, transfer, stockpiling and use of chemical weapons and relevant toxins. It requires states to submit regular declarations to the Organisation for the Prohibition of Chemical Weapons (OCPW) on the production, processing, consumption, and import and export of certain dual-use chemicals and allow the OPCW to carry out inspections on their territories.

The Australia Group: A co-operative and voluntary group of 42 member states and the EU, which through the harmonisation of export controls, seeks to ensure that exports do not contribute to the development or acquisition of chemical and biological weapons. The Australia Group Common Control Lists include the pathogens and toxins subject to export controls.

The UK plays a leading role in supporting other relevant international mechanisms and initiatives to reduce the threats of weapons of mass destruction. We were an original signatory to the Geneva Protocol (1925), prohibiting the use of chemical and biological weapons. We support the UN Secretary General’s Mechanism for the Investigation of Alleged Use of Chemical and Biological Weapons. And we play a leading role on the Committee established by UN Security Council Resolution 1540, which obliges states to prevent the proliferation of weapon of mass destruction (WMDs) to non-state actors.

Definitions (keywords)

Keyword	Definition
Synthetic nucleic acid	Molecules that have been synthetically constructed outside of living cells, that are constructed by joining nucleic acid molecules. The definition includes sequences of any length
Customer user	The individual or entity (such as an institution) that orders or requests synthetic nucleic acids from a provider, or that purchases synthesis equipment from a manufacturer
Principal user	The individual who originates an order or request for synthetic nucleic acids or synthesises nucleic acids and oversees the use of ordered or synthesised nucleic acids in the laboratory. The principal user may also be the end user
End user	The individual who uses the synthetic nucleic acids
Provider	Any organisation that synthesises and distributes synthetic nucleic acids to a user
Benchtop manufacturer	An organisation that produces and sells benchtop equipment for synthesising nucleic acids. Manufacturers may provide equipment to users or third-party vendors
Third-Party vendor	An entity that orders synthetic nucleic acids from providers and sells them or their constructs, with or without reformulation, or re-sells benchtop equipment for synthesising nucleic acids
Sequences of concern (SOC)	A nucleotide sequence that is known to contribute to pathogenicity, virulence, or toxicity. SOCs are sequences that are a best match to current and future iterations of regulated agents, except when the sequence is also found in an unregulated organism or toxin. Key regulation includes: - Schedule 5 of the Anti-terrorism, Crime and Security Act 2001 - Group 3 and 4 in Schedule 1 of the Special Animal Pathogens Order (SAPO) - Hazard group 3 and 4 in the Approved List of biological agents under the Schedule 3 of Control of Substances Hazardous to Health Regulations 2002 (COSHH) - Human and animal pathogens and toxins for export controls in the UK Consolidated Strategic Export Controls List
Benchtop nucleic acid synthesis equipment	Benchtop nucleic acid synthesis equipment sold by Benchtop Manufacturers that is intended to be used to synthesise nucleic acids for use. Any equipment that is sold with the intent to synthesise nucleic acid by a user individually or in a core research facility in an institution is considered ‘benchtop equipment.’

Guidance recommendations

This gene synthesis guidance sets out expected standards of responsible practice to address the current level of biosecurity risk associated with access to synthetic nucleic acid.

It is likely that new risks will emerge and new technological and policy approaches will also appear to address them. We will continue to monitor the changing engineering biology landscape and work with stakeholders, such as the UK Biosecurity Leadership Council, to update and strengthen the gene synthesis guidance when necessary.

This gene synthesis guidance is intended to assist all entities involved in the provision and use of synthetic nucleic acids operating in the UK. The UK is also working internationally to promote screening practices and align approaches with its partners where appropriate.

Figure 1: The recommendations set out in this gene synthesis guidance

The recommendations include:

• customer screening
• sequence screening
• and if the transaction is deemed as suspicious, screening legitimacy of use

Customer screening

Providers and third-party vendors

• Providers and third-party vendors should know and document who they are distributing to.
• Upon receiving an order for synthetic nucleic acids, providers and third-party vendors should verify the identity of the customer see customer screening methodology.
• Providers and third-party vendors should implement adequate security and cybersecurity measures to protect the intellectual property and identity of customer.
• Providers should retain customer screening information and refer to it for repeat orders. At least every 18 months the provider should ask the customer to update their information.

Benchtop manufacturers

• Only distribute equipment capable of synthesising nucleic acids containing SOCs to users whose:
  • legitimacy has been verified, and
  • implemented mechanisms to ensure that the devices are only operated by legitimate users.
• Manufacturers whose benchtop nucleic acid synthesisers require the use of proprietary and sole-use reagents (i.e., reagents that can only be obtained from the manufacturer of their devices and do not have common applications other than the operation of their devices) should screen users purchasing those reagents to verify their legitimacy. This should take place even when they were not screened when obtaining their nucleic acid synthesiser (i.e., when they acquired their device prior to the issuance of this gene synthesis guidance).
• Manufacturers should implement mechanisms to track legitimate use of their equipment, including when it is potentially transferred to a new user during the lifecycle of the equipment.
• Manufacturers are encouraged to have a closed loop system in which operation of their devices relies upon obtaining reagents only available from the manufacturers (who establish the legitimacy of users whenever they obtain these reagents).

Users

• Users should be forthcoming in providing data on their identity and legitimacy.
• Users should notify the transfer of their benchtop synthesisers to new users.

Customer screening: methodology

Verification of customer legitimacy should include collection and review of the following pieces of information:

• name and address of customer
• if the customer is not an individual, the name of an individual who is authorised by the customer to acquire synthetic DNA
• a statement of the nature of the user’s purpose

In addition to the above, one or more piece of the following information should be requested:

• name of the institutional biosafety officer
• publication history
• open researcher and contributor identifier
• VAT registration number [if UK based], ie the number allocated by the Commissioners for His Majesty’s Revenue and Customs to a person registered under the Value Added Tax Act 1994

The same criteria should be applied to verify the legitimacy of any user of synthetic nucleic acid or benchtop nucleic acid synthesis equipment.

Providers should retain customer screening information and refer to it for repeat orders. At least every 18 months the provider should ask the customer to update their information.

Sequence screening

Providers

• Providers should know if the product they are synthesising or distributing contains sequences of concern (SOCs).
• Upon receiving an order for synthetic nucleic acids, providers should perform sequence screening. At a minimum, DNA or RNA molecules (single or double-stranded) 50 nucleotides or longer should be screened see sequence screening methodology.
• Providers should notify users when their order contains SOCs and maintain records.
• If a SOC is identified, providers should follow up with users to verify the legitimacy of the order.
  • If a user raises an order for synthetic nucleic acids containing a SOC listed in Schedule 5 of the ATCSA, the provider must ask the user to provide proof that they have notified the Home Office through Part 7 of the ATCSA.

• If a user raises an order for synthetic nucleic acids containing a SOC that is:
  
  a) derived from a pathogen listed in Group 3 or 4 under Schedule 1 of SAPO, and
  b), could produce that pathogen when introduced into a biological system in which the nucleic acid is capable of replicating. The provider must ask the user to provide proof that they have obtained a license from HSE.
  

• Providers who undertake screening measures aligned to the gene synthesis guidance should note this on their website.

Benchtop manufacturers

• Manufacturers should integrate into benchtop nucleic acid synthesisers the capability to screen sequences for SOCs and to authenticate legitimate users, using the sequence screening methodology listed in this gene synthesis guidance. This level of screening should include screening against SOC databases, when available, that are updated regularly as new SOCs are identified
• Manufacturers should implement this recommendation using measures that ensure cybersecurity considerations are addressed to protect the identity of the users and ensure adherence to UK GDPR.
• Manufacturers should not store databases of SOCs that include sequences from unregulated pathogens or toxins on the device itself in an unencrypted manner or a manner that could allow users to extract the database. Manufacturers should consider using methods of screening that protect the contents of the order from disclosure.
• Manufacturers are encouraged to include mechanisms to ensure the integrity of the synthesis process to prevent circumvention of the SOC screening methodology through manipulation of the devices or reagents.

Users

• It is a legal requirement to notify the Home Office before keeping or using any harmful nucleic acids in the dangerous substance listed in Schedule 5 of the Anti-Terrorism, Crime and Security Act.
• If users use benchtop devices to synthesise pathogenic sequences derived from microorganisms listed in Schedule 5 of ATCSA they must first notify the Home Office.
• It is a legal requirement to obtain a license from HSE if possessing any specified animal pathogen listed in Part 1 of Schedule 1 of SAPO. This includes any nucleic acid derived from an animal pathogen listed in Schedule 1 that could produce that pathogen when introduced into a biological system in which the nucleic acid is capable of replicating.

If a user raises an order for synthetic nucleic acids that could be considered, by COSHH definitions, as a ‘harmful substance’, the user must assess the risk from the substance hazardous to health and apply measures to prevent or control exposure to that substance.

Sequence screening: methodology

Providers should screen orders to determine whether they contain SOCs.

Providers should use the best match screening approach with a local sequence alignment technique. By using the best match approach, the sequence with the greatest percent identity over each 16 amino acid or 50 nucleotides window, in all six reading frames, should be considered the Best Match, regardless of the statistical significance or percent identity. Providers are encouraged to determine whether synthetic nucleic acid orders contain sequences that are best matches over the appropriate windows to any SOC. The best match approach is intended to reduce the number of hits on sequences that are shared among SOC’s and non-SOC’s. Providers can use other screening methods if they assess it to be superior to the best match approach.

Some synthetic nucleic acid orders may be appropriate for screening even if all components of the order are nucleic acids shorter than the screening window length. In some cases, orders of short nucleic acids may be intended to construct longer nucleic acids that themselves may constitute SOCs. To minimise the risk of this scenario, this gene synthesis guidance encourages screening all sequences ordered by an individual User, using a short sequence alignment software package. If there is alignment between any constitutes of a User’s order with a SOC, or if the sequences could be constructed to form a SOC, providers should undertake follow-up screening to establish legitimacy.

We understand that there are challenges to existing screening methods and encourage academics, industry, think tanks and consortia to consider developing methods to:

• Develop a database for screening SOCs – provided that substantial measures are taken to prevent such a database from being misused. These measures should aim to ensure database confidentiality and integrity and compliance with applicable laws.
• Detect SOCs that may be broken up among multiple providers or among multiple orders to a single provider over a period of time to evade screening. These measures should comply with UK GDPR and Intellectual Property rights.
• Determine which sequences from pathogens should not cause concern and therefore do not need to be screened against.
• Continue to explore new, more accurate, screening methodologies.

We welcome the development of standards for DNA synthesis, such as the ISO 20688- 2:2024, and we encourage metrology institutes to support the development of standards for screening and synthesis, including guidelines, protocols, and reference materials.

Suspicious transactions

Providers and benchtop manufacturers should take all practicable measures to identify a suspicious order, follow-up with the user and if concerns are not alleviated they should be reported to biological.reporting@met.police.uk. A transaction is suspicious if there are reasonable grounds for suspecting that the material in question is intended for illicit use – this includes any indication that the material may be intended for an inappropriate end-use, user or destination.

The following is a list of indicators that can help in identifying suspicious transactions involving synthetic nucleic acids containing SOCs or benchtop nucleic acid synthesisers.

A transaction should be classified as suspicious if the sequence/s are best match to a SOC, and the user:

• appears unfamiliar with the intended use of the sequence or cannot explain it plausibly
• Intends to buy sequences in quantities or combinations uncommon for research or business without a plausible reason
• is unwilling to provide proof of identity or place of residence
• insists on using unusual methods of payments
• cannot provide information that can be confirmed or verified (e.g address does not match, cannot find information about the company)
• requests unusual labelling or shipping procedures (e.g., requests to misidentify the goods on the packaging, or requests to change the recipient’s name after the order is placed, but before it is shipped)
• requests unusual confidentiality conditions regarding the order, particularly with respect to the final destination or the destruction of transaction records
• requests the order be sent to an address without a legitimate business or research justification for the location

If a review of information reveals one or more suspicious traits, providers are encouraged to authenticate the order by conducting follow up screening. Providers should ask the user to outline the proposed end-use of the order, in addition to providing further clarification on any of the concerns listed above.

Screening order legitimacy

If a provider deems the transaction as ‘suspicious’, they should conduct follow-up screening, focusing on the legitimacy of use. Providers should contact users to understand the purpose and end-use of the order.

Providers

• If the order contains a SOC listed in Schedule 5 of the ATCSA, the Provider must ask the user to provide proof that the user has notified the Home Office under Part 7 of the ATCSA and undertake follow-up screening to determine the legitimacy and purpose of the order
• If the order contains SOC’s that are derived from an animal pathogen listed in in Group 3 or 4 in Schedule 1 of SAPO, that could produce that pathogen when introduced into a biological system in which the nucleic acid is capable of replicating, providers must ask the user to provide proof that they have obtained a licence through HSE
• If the order contains sequences they deem to be SOC’s, but are not listed in existing legislation, the provider should undertake follow-up screening to determine the legitimacy and purpose of the order

Users

• Users who know that their synthetic nucleic acid order contains SOCs should pre-emptively provide information that will assist the provider or third-party vendor in verifying the legitimacy of their use.
• When requested by providers, users should be forthcoming in providing information on the purpose of the end-use of their order.

If providers’ concerns are not alleviated through follow-up conversations, they should not fulfil the order, and should contact biological.reporting@met.police.uk.

Record keeping

Providers, third-party vendors and benchtop manufacturers

• For all orders, providers, third-party vendors and benchtop manufacturers should retain user information for at least 3 years.
• Providers, third-party vendors and benchtop manufacturers should maintain records of orders of SOCs for 3 years. This should include;
  • Records of user orders including the following information
  • User information (point-of contact name, organisation, address, email, and phone number), sequences requested including the vector used (if available).
  • Order information (date placed and shipped, shipping address, receiver name).
  • Records of protocols for sequence screening and for determining whether a sequence hit, or match, qualifies as a SOC.
  • Records of screening documentation of all sequence alignment matches or hits, even if the order was deemed acceptable.
  • Records of any follow-up screening, regardless of whether the order was ultimately filled.
  • The ultimate decision of any SOC orders, with documentation of reasoning for final decision (fulfil vs deny).
• Providers should aim to ensure security and integrity of their operations, including protecting against malign use, and guarding the intellectual property of the users and the integrity of their internal SOC-screening process and database.

Benchtop manufacturers

• Manufacturers are encouraged to include a data logging function to maintain a record of the nucleic acids synthesised on their equipment.
• Manufacturers should ensure the secure architecture, operation, trust, validation, and cyber incident response processes for their operations.
• Manufacturers should aim to ensure that their cybersecurity practices protect the intellectual property and identity of users and the SOC-screening process and database. In implementing these recommendations, manufacturers should refer to cybersecurity regulation and standards, such as UK GDPR, Data Protection Act 2018 and PAS 555.

Users

• Users should maintain records of the orders they have placed that contain SOCs for at least 3 years.
• Users should record transfers of synthetic nucleic acids containing SOCs to other individuals for at least 3 years.
• Users with in-house nucleic acid synthesis capabilities, including synthesis equipment, are encouraged to apply these recommendations for use or transfers of synthetic nucleic acids containing SOCs.

All individuals and organisations involved in the provision, use, and transfer of synthetic nucleic acids should comply with UK GDPR.

Compliance with export controls

The Export Control Joint Unit (ECJU) administers the UK’s system of export controls and licensing for military and dual-use items. The ECJU are responsible for implementing the UK Strategic Export Control Lists, which sets out what types of goods are controlled. Types of controlled goods include items specifically designed or modified for military use and their components, dual-use items that can be used for civil or military purposes, and associated technology and software.

It is the responsibility of the exporter to apply for a licence from the Export Control Joint Unit (ECJU) if any of the following apply:

• your items are on the consolidated control list
• you have concerns, or you have been informed of concerns about the intended end-use or the end-user
• your items are covered by trade sanctions

Apply for a licence using the online system, Licensing for International Trade (LITE), also known as the apply for a Standard Individual Export Licence (SIEL) Service.

Following up with the UK government in cases where malintent is suspected

If sequence or customer screening raises concerns that are not alleviated through follow-up screening, providers, third-party vendors, and manufacturers should not fulfil the order and should contact biological.reporting@met.police.uk.

Universities, research institutions and industry bodies are encouraged to help users understand that only individuals with legitimate and peaceful purpose should obtain synthetic nucleic acids containing SOCs. Benchtop manufacturers should also help to facilitate this where possible.

For any questions about this gene synthesis guidance contact responsibleinnovation@dsit.gov.uk.