Screening Framework Guidance for Providers and Users of Synthetic Oligonucleotides

AGENCY:

Office of the Secretary, Assistant Secretary for Preparedness and Response (ASPR), Department of Health and Human Services (HHS).

ACTION:

Notice.

SUMMARY:

The Assistant Secretary for Preparedness and Response is issuing this revised guidance on a screening framework guidance for providers and users of synthetic oligonucleotides. The Revised Guidance sets forth recommended baseline standards for the gene and genome synthesis industry, as well as best practices for Institutions, Principal Users, End Users, and Third-Party Vendors of oligonucleotides, regarding screening orders and maintaining records consistent with current U.S. regulations. In addition, this Revised Guidance seeks to encourage best practices to address biosecurity concerns associated with the potential misuse of synthetic oligonucleotides to bypass existing regulatory controls and commit unlawful acts.

FOR FURTHER INFORMATION CONTACT:

Dr. Mariam Lekveishvili; Division of Policy; Office of Strategy, Policy, Planning, and Requirements; Office of the Assistant Secretary for Preparedness and Response; U.S. Department of Health and Human Services; phone: (202) 260-3586; email: Mariam.Lekveishvili@hhs.gov.

SUPPLEMENTARY INFORMATION:

Questions regarding aspects of the Guidance that may be appropriate to update based on changes in technologies since the Guidance was originally issued in 2010 were published as a Notice in the Federal Register on August 26, 2020, for a period of more than 120 days for public comment. Fourteen individual responses were received. The responses to that Notice are available at the following website: https://aspr.hhs.gov/legal/syndna/Pages/comment.aspx.

Screening Framework Guidance for Providers and Users of Synthetic Oligonucleotides

Introduction: Continuing advances in oligonucleotide synthesis technology and the open availability of genetic sequence data pose potential concerns among the scientific community, the oligonucleotide synthesis industry, the U.S. Government, and the public that individuals with ill intent could exploit biotechnology for harmful purposes. The U.S. Government has acted to reduce dangers to human, animal, and plant health due to biological pathogens and toxins. For instance, it has issued the federal Select Agent Regulations, which regulate a subset of microbial organisms and toxins determined to have the potential to pose a severe threat to public health and safety, animal health, plant health, or animal or plant products. These regulations are administered by the Federal Select Agent Program (FSAP), which sets forth requirements for the possession, use, and transfer of biological select agents and toxins. A second layer of regulation is provided by the Export Administration Regulations' Commerce Control List (CCL) which identifies agents and genetic sequences that require licenses before export from the United States. However, these regulated pathogens and toxins do not represent the entirety of the potential risks to public health, agriculture, plants, animals, or the environment that could arise from the misuse of synthetic oligonucleotides. Non-regulated pathogens and toxins as well as other novel types of sequences or specific types of batch orders, may also pose significant risks if they are misused.

Individuals with no legitimate, bona fide, and peaceful need should be prevented from accessing genetic materials that could contribute to pathogenicity or harm, even when they are not from FSAP- or CCL-listed pathogens or toxins. Purchasing or synthesizing oligonucleotides could enable individuals without a legitimate and peaceful purpose to possess genetic sequences that would pose risks if misused. Such synthesis, through directly ordering either long genomic sequences or short genomic sequences—that can be used to create longer genomic-length oligonucleotides, using molecular techniques that have become increasingly available—to modify non- pathogenic strains or create pathogens or toxins de novo, has obviated the need for access to the naturally occurring agents or naturally occurring genetic material from these agents. The potential availability of dangerous agents has thereby been greatly expanded. The Revised Guidance reaffirms the need to screen for genetic sequences from regulated organisms and toxins, but also recognizes that screening should evolve to encompass sequences that are recognized to contribute to pathogenicity or toxicity, as information regarding these sequences and their verified function, as well as improved methods to screen become available (or as feasible).

This Revised Guidance is intended to guide all entities involved in the provision and use of synthetic oligonucleotides in establishing and operating a screening framework for oligonucleotide orders, including mechanisms to identify sequences obfuscated to circumvent lists of regulated organisms or toxins or sequences that are not Best Matches to any sequences in GenBank. To minimize the risk that unauthorized individuals or individuals with ill intent will obtain oligonucleotides containing SOCs, the Revised Guidance now provides recommendations to not only Providers, but also Third-Party Vendors, Institutions, Principal Users, and End Users of synthetic oligonucleotides, to use responsible business practices to maintain records of all orders and transfers of SOCs. This Revised Guidance includes recommendations for verifying the legitimacy of Customers when filling orders for synthetic oligonucleotides that encode SOCs. The Revised Guidance further provides recommendations for Manufacturers, as oligonucleotide synthesis equipment may allow individuals with malintent to circumvent regulations that restrict access to regulated pathogens and toxins or to obtain oligonucleotides containing other SOCs without a legitimate and peaceful purpose. As in the original Guidance, this Revised Guidance aims to minimize any negative impacts on the conduct of research and business operations, by leveraging ongoing best practices.

Institutional policies and procedures already in place for safe possession, use, and transfer of these materials, as well as federal and international guidance, such as the Department of Health and Human Services, Centers for Disease Control and Prevention, and National Institutes of Health Biosafety in Microbiological & Biomedical Laboratories (BMBL) and the World Health Organization Laboratory Biosafety Manual, should be used wherever possible to complement the measures suggested in this Revised Guidance to maximize safe and secure practices while seeking to minimize the burden on legitimate life science research.

Request for Comments: A request for public comments on the issues covered in this Notice was published in the Federal Register (85 FR 52611, August 26, 2020, Review and Revision of the Screening Framework Guidance for Providers of Synthetic Double-Stranded DNA ) for public consideration and comment for a period of more than 120 days. This Revised Guidance was drafted through a deliberative interagency process to address the topics raised in public comments as well as other concerns from the interagency.

The Office of the Assistant Secretary for Preparedness and Response (ASPR) within the Department of Health and Human Services (HHS) is submitting this Revised Guidance for public consideration and comment for a period of 60 days. ASPR is the lead agency in a broad interagency process considering possible changes to the Guidance and whether to issue the proposed Revised Guidance as final guidance. The public is encouraged to submit written comments on the proposed changes to the Guidance, whether additional measures would be needed to best ensure safety and security in life sciences research and innovation, whether the suggested scope of screening and intended audience is feasible, and whether impacts are expected from implementing this Revised Guidance. Comments may be submitted at the following website: https://aspr.hhs.gov/legal/syndna/Pages/comment.aspx.

Definitions: The following definitions are applicable:

Customer: For the purposes of this Revised Guidance, the individual or organization, such as an Institution, that orders or requests synthetic oligonucleotide from a Provider, or that purchases benchtop synthesis equipment from a Manufacturer.

End User: The laboratorian that possesses and uses synthetic oligonucleotides that they have received from a Customer, Principal User, or another End User.

Manufacturer: An entity that produces and sells equipment for synthesizing oligonucleotides. Manufacturers may provide equipment to Institutions, Principal Users, or Third-Party Vendors.

Principal User: The individual that originates the order or synthesizes oligonucleotides themselves and oversees the use of ordered or synthesized sequences in the laboratory. The Principal User may also be the End User.

Provider: The entity that synthesizes and distributes oligonucleotides. A Provider is understood to be an entity synthesizing oligonucleotides for and distributing oligonucleotides to a Customer, rather than a research scientist collaborating with a colleague.

Sequence of Concern (SOC): Sequences derived from or encoding select agents and toxins or items on the CCL, except when also found in unregulated organisms; or sequences that contribute to toxicity or pathogenicity, whether derived from or encoding regulated or unregulated biological agents.

Synthetic oligonucleotides subject to screening: DNA or RNA, single- or double-stranded, of lengths 50 base pairs (bp) or longer if ordered in quantities of less than one micromole, or lengths 20 bp or longer if ordered in quantities of one micromole or greater.

Third-Party Vendor: An entity that orders oligonucleotides from Providers and sells the oligonucleotides in turn, with or without reformulation, or resells equipment for synthesizing oligonucleotides.

Verifying Legitimacy: Information that would allow Providers, Manufacturers, Principal Users, or End Users to authenticate the recipient of materials or equipment as a legitimate member of the scientific community. Information such as proposed end-use of the order, institutional or corporate affiliation (if applicable), the name of a biosafety officer (if available), proof of registration or licensing with FSAP or DOC (if applicable), or other proof of a legitimate research program (such as a publication history or business licenses) may be helpful for such verification.

Goals and Scope of the Guidance

Goals: This Revised Guidance has two parallel goals. As in the original Guidance, a primary goal is to minimize the risk that unauthorized individuals or individuals with malicious intent will use nucleic acid synthesis technologies to obtain organisms for which possession, use, and transfer is regulated by FSAP and CCL. The Revised Guidance also aims to limit the potential for individuals with malicious intent to use synthetic oligonucleotides to create novel high-risk pathogens using sequences from unregulated organisms.

Scope: The Revised Guidance pertains to the sale or transfer of synthetic oligonucleotides, i.e., DNA and RNA, whether single- or double-stranded. The Revised Guidance recommends that a database of known SOCs for pathogens, toxins, or otherwise illicit or dangerous substances is developed and used to determine if the purchase or transfer includes SOCs. It also recommends methods to ensure the legitimacy of Customers, Principal Users, and End Users of synthetic oligonucleotides. The Revised Guidance also aims to ensure that entities maintain records of transfers for oligonucleotides containing SOCs.

The Revised Guidance was developed to align with Providers' and Customers' existing protocols and business practices; to be implemented without unnecessary cost; and to minimize any negative impacts on the conduct of research and business operations. Where practical to do so, entities can use existing business practices to verify the legitimacy of Principal Users and End-Users and to track the transfer of materials containing SOCs. Many Providers have already instituted measures to address these concerns. The ongoing development of best practices in this area is commendable and encouraged, particularly in light of the continued advances in oligonucleotide sequencing and synthesis technologies.

Recommendations for Providers, Users, and Manufacturers: The Revised Guidance aims to ensure that Customers, Principal Users, and End Users ordering SOCs are legitimate. It also recommends that Manufacturers install certain safeguards in oligonucleotide synthesis equipment that ensure only legitimate customers can synthesize SOCs. It also recommends that transfers of SOCs, from Principal Users to End Users, and from Third-Party Vendors to Principal Users and End Users, are reported to the original Customer, such as the Institution that originated the order. This Revised Guidance encourages entities transferring synthetic oligonucleotides containing SOCs ( i.e., the Third-Party Vendor, Principal User, or Institution) to know to whom they are transferring and to conduct screening to verify that the recipients have a legitimate, bona fide, and peaceful purpose to use the oligonucleotides. The Revised Guidance recommends that the Customers who place these orders use responsible business practices to maintain records of transfers.

Principal Users and End Users are best positioned to understand the nature of the oligonucleotides and oversee and shepherd their responsible use. Users may also transfer oligonucleotides to other End Users, such as colleagues, and certain recommendations are made for this case in the Revised Guidance. To this end, Customers are encouraged to streamline the screening of their synthetic oligonucleotide orders by providing verification of their legitimacy to Providers and Third-Party Vendors, if they know that their order contains SOCs. Information such as proposed end-use of the order, institutional or corporate affiliation (if applicable), the name of a biosafety officer (if available), proof of registration or licensing with FSAP or DOC (if applicable), or other proof of a legitimate research program (such as a publication history or business licenses) will be helpful to the Provider or Third-Party Vendor of the synthetic oligonucleotides in verifying legitimacy. Preemptively providing this information is likely to limit the time and expense for Providers in fulfilling these orders in a manner that ensures safety and security.

Providers and Third-Party Vendors of synthetic oligonucleotides are encouraged to do the following in this context:

• Know to whom they are distributing a product.
• Know if the product that they are synthesizing and/or distributing contains, in part or in whole, SOCs.
• Notify Customers and Principal Users when their order contains SOCs.

• Implement adequate cybersecurity measures to protect the intellectual property and identity of Customers.

• Where follow-up screening does not resolve concerns about an order, report the order to the FBI.
• This Revised Guidance recommends archiving for at least 8 years the following information for orders containing SOCs: Customer information (point-of-contact name, organization, address, email, and phone number), order sequence information (nucleotide sequences ordered, vector used), and order information (date placed and shipped, shipping address, receiver name).

Customers, Principal Users, and End Users of synthetic oligonucleotides are encouraged to develop best practices in four main areas in this context:

• Customers, Principal Users, and End Users who know that their synthetic oligonucleotide order contains SOCs are encouraged to preemptively provide information that will assist the Provider or Third-Party Vendor in verifying their legitimacy.
• Customers, Principal Users, End Users, and Third-Party Vendors are encouraged to only transfer synthetic oligonucleotides containing SOCs to suitable and trustworthy individuals with a scientifically sound reason to use these oligonucleotides.
• Customers, Principal Users, End Users, and Third-Party Vendors are also encouraged to maintain records of these transfers and to communicate them to their biosafety officer, or equivalent, using the responsible business practices in place in their organizations.
• The Revised Guidance recommends recording transfers of oligonucleotides containing SOCs from Principal Users and End Users to any other individuals not listed in the original order, such as through a Material Transfer Agreement (MTA) or another sample tracking process. The Revised Guidance also recommends that records of SOCs and their transfers are retained for at least 8 years. Business practices already in place at Institutions may be used to fulfill this recommendation.
• Institutions with in-house oligonucleotide synthesis capabilities are also encouraged to apply these recommendations for use or transfers of oligonucleotides synthesized in-house.

Manufacturers of benchtop synthesis equipment are encouraged to consider three areas for developing best practices in this context:

• Manufacturers should screen Customers seeking oligonucleotide synthesizers to ensure customer legitimacy, and that the equipment is appropriate for their needs. If the Customer indicates plans to produce SOCs, Manufacturers should develop prescreening mechanisms to determine legitimate use.
• Manufacturers and their Customers should implement mechanisms to track continuously the legitimacy of users of their equipment, including when it is potentially transferred to new Principal and End Users during the lifecycle of these equipment (see CUSTOMER SCREENING for criteria to verify legitimacy of User).

• Manufacturers should provide the capability into their oligonucleotide synthesizers to enable secure internet connectivity to screen sequences for SOCs and to authenticate legitimate users. Manufacturers are also encouraged to include a data logging function to maintain a record of the oligos synthesized on the equipment. Furthermore, Manufacturers should develop a mechanism to authenticate the user of these equipment before synthesizing oligonucleotides containing SOCs.

Sequence Screening Methodology: Providers should screen orders to determine whether they contain SOCs. Appropriate sequence screening software must be selected by providers of synthetic oligonucleotides. This Revised Guidance recommends that providers use a local sequence alignment technique, such as the BLAST family of tools. BLAST is available for download for free at the National Center for Biotechnology Information (NCBI) website. Similar tools are also freely or commercially available or could be designed by the provider to meet their sequence screening needs. Specific criteria for the statistical significance of the hit (BLAST's e-values) or percent identity values are not included in this Revised Guidance because these details depend on the specific screening protocol. Providers are encouraged to determine whether synthetic oligonucleotide orders contain sequences that are Best Matches over 50 bp windows to any SOC. By using the Best Match approach, the sequence with the greatest percent identity over each 16 amino acid or 50 bp fragment, in all six reading frames, should be considered the Best Match, regardless of the statistical significance or percent identity. The Best Match approach is intended to minimize the number of sequence hits due to sequences that are shared among both SOCs and non-SOCs.

These sequence screening recommendations do not preclude the use of a curated database of sequences that may contribute to pathogenicity or toxicity to identify SOCs. This Revised Guidance recognizes that a database of known sequences that contribute to pathogenicity and toxicity in humans, animals, and plants, and that have a direct and harmful impact on a host, may not yet exist, and encourages the development of such a database for screening SOCs, provided that measures are taken to prevent such a database from being misused. These measures should include establishing a security office, protocols, and personnel reliability program, based on an assessment of risk, to guide selection, implementation, and monitoring of cybersecurity and information security capabilities and protection. Measures should ensure database confidentiality and integrity (including user access controls and sequence encryption in transit and at rest) and compliance with applicable laws such that sequences of concern data are protected against unauthorized access, exfiltration, or other use. Providers may also choose to use other screening approaches that they assess to be equivalent or superior to the Best Match approach or supplement it, including a customized database or approaches that evaluate the biological risk associated with non-select agents and toxins sequences or, for international orders, sequences not associated with items on the CCL. This Revised Guidance encourages the continued development of best practices to address risks associated with oligonucleotide synthesis technologies.

Although no curated database of sequences from regulated and unregulated pathogens that pose no biosecurity concerns ( i.e., white list of genes that pose no pathogenic risk) is presently available, Providers may wish to consider developing solutions for determining which sequences from pathogens, regulated or unregulated, should not cause concern (such as housekeeping genes).

Providers, Third-Party Vendors, and professional consortia are encouraged to develop secure mechanisms designed to respect privacy, security, commercial, Intellectual Property, and other concerns to detect SOCs that may be broken up among multiple Providers or Vendors, or among multiple orders at a single Provider or Vendor over a period of time, to evade screening.

Batch Orders: Some synthetic oligonucleotide orders may be appropriate for screening even if all components of the order are oligonucleotides shorter than 50 bp in length. In some cases, orders of oligonucleotides in quantities of one micromole or more may indicate that the Customer, Principal User, or End User may intend to use molecular biological techniques to ligate oligonucleotides into larger oligonucleotide complexes. Such an approach could be used to construct 50 bp or longer oligonucleotides that themselves may constitute SOCs. To minimize the risk in this scenario, this Revised Guidance encourages screening all constituents of batch orders of oligonucleotides 20 bp or longer if ordered in quantities of one micromole or greater, using a short oligonucleotide alignment software package. If the resulting ungapped alignment of any constituents of the batch order is a Best Match to any 50 bp window of any SOC, Providers should consider that order as containing SOCs and perform standard follow-up Customer screening.

Customer Screening: In addition to verifying the Customer identity for all orders, verifying legitimacy of Customers and Users is recommended when orders contain SOCs and for orders of benchtop synthesis equipment. Customers and Users are encouraged to streamline the Customer screening process by providing verification of their legitimacy when submitting an order containing SOCs. Information about the proposed end-use of the order, institutional or corporate affiliation (if applicable), the name of a biosafety officer (if available), proof of registration or licensing with FSAP or DOC (if applicable), or other proof of a legitimate research program (such as a publication history or business licenses) will be helpful to the Provider or Third-Party Vendor.

This Revised Guidance encourages Customers and Principal Users to also verify the legitimacy of End Users receiving SOCs. Records of such verification and transfer can be created and maintained by using business practices that document such transfers ( e.g., MTAs). The Principal User is best positioned to determine the legitimacy of any End User to whom SOCs are transferred. Keeping a record of such transfers should not cause undue burden on the essential research carried out across the biotechnology enterprise, and may therefore entail only a minor adaptation of responsible business practices already in place.

Providers should be aware of regulatory and statutory prohibitions for U.S. persons from dealing with certain foreign persons, entities, and companies. Providers are encouraged to check the Customer against the International Trade Administration consolidated list of individuals and entities for which the United States Government maintains restrictions on certain exports, reexports, or transfers of items. In the event that a company, entity, or person on the list appears to match that of a Customer or User, additional due diligence should be conducted before proceeding. There may be a strict export prohibition, requirement for seeking a license application, evaluation of Customers and Users to ensure it does not result in an activity prohibited by any U.S. export regulations, or other restriction. Before taking further action, to ensure full compliance with all the terms and conditions of the restrictions placed on the parties on this list, the Provider must check the official publication of restricted parties in the Federal Register . They should also check the official lists of restricted parties maintained on the websites of the Departments of Commerce, State, and the Treasury.

Following up with the U.S. Government in Cases Where Malintent is Suspected by Providers or Third-Party Vendors: If sequence or Customer screening raises concerns that are not alleviated through follow-up screening, Providers and Third-Party Vendors are encouraged to contact the nearest FBI Field Office Weapons of Mass Destruction (WMD) Coordinator. Institutions are encouraged to work with their Principal Users and End Users to help them understand that only individuals with legitimate, bona fide, and peaceful need should obtain oligonucleotides containing SOCs.

Records Retention: The Revised Guidance recommends that Providers, Third-Party Vendors, and Manufacturers:

• Using responsible business practices, retain records of Customer orders for at least 8 years.
• Archive the following information: Customer information (point-of contact name, organization, address, email, and phone number), order sequence information (nucleotide sequences ordered, vector used), and order information (date placed and shipped, shipping address, receiver name).
• Develop and document protocols for sequence screening and for determining whether a sequence hit qualifies as a SOC and maintain records of these protocols—even if no longer current—for at least 8 years.
• Retain screening documentation of all hits for at least 8 years, even if the order was deemed acceptable.
• Retain records of any follow-up screening, even if the order was ultimately filled, for at least 8 years.

Periodic Review, Evaluation, and Improvement of This Guidance: This Revised Guidance is addressing biosecurity risks that have emerged in a dynamic and rapidly developing technological landscape. It is likely that new risks will emerge and that new technological approaches will also appear to address biosecurity risks. As such, this Revised Guidance encourages the further development of mechanisms to detect SOCs and screening strategies for sequences that contribute to pathogenicity and toxicity. For instance, strategies may be used by malicious Customers to obfuscate SOCs, including engineering pathogenic or toxic proteins with completely novel sequences. In such cases, synthetic oligonucleotide orders may contain 50 bp windows that are not a match to any known sequence. Although there are likely several legitimate explanations for orders of sequences with no matches in nature ( e.g., oligonucleotides to populate microarrays or to store digital information), in such cases, it may be possible to use predictive bioinformatic algorithms to screen sequences that are not a match to any known sequences to determine if they could produce proteins that are structurally and functionally identical to SOCs. This Revised Guidance encourages Providers to continue to develop these methods to best ensure the safety of the synthetic oligonucleotide research enterprise. Likewise, while there is not a comprehensive and curated database available presently for sequences that may contribute to pathogenicity or toxicity by enabling the circumvention of medical countermeasures (MCM), such as therapeutics or vaccines, such information may become increasingly available in coming years. This Revised Guidance encourages the identification of such MCM-evasive sequences and may revisit the definition of SOCs in the future, given advances in this field.