Compliance Table | Gene Synthesis Screening Information Hub

This table shares information for providers of synthetic nucleic acids (Providers) and manufacturers of benchtop nucleic acid synthesis equipment (Manufacturers) that need to screen purchase orders to identify sequences of concern (SOCs) and assess customer legitimacy, in compliance with §4(b) of the Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI EO) and the resulting US Framework for Nucleic Acid Synthesis Screening (Framework).

Please note: If you are a biofoundry, cloud lab, core facility/academic core facility, or contract research organization (CRO) that does not “synthesize and distribute synthetic nucleic acids as a transactional service,” then you are considered a Customer under the Framework. Please see the For Nucleic Acid Synthesis Customers page instead.

Section IV of the Framework provides definitions for many of the terms below. This page is for informational purposes only and does not constitute legal advice. Users should not rely on the information provided as a substitute for consultation with qualified counsel.

Compliance Action	Compliance Action Details	Provider Obligation	Manufacturer Obligation
1. Attest to implementing this screening framework through a statement that is either posted on a public website or provided to both the federally funded customer and federal funding agency	SAME REQUIREMENTS	x	x
2. Screen purchase orders for synthetic nucleic acids to identify any sequences of concern (SOCs)	Before Oct. 13, 2026: Screen purchase orders for synthetic nucleic acids to identify any SOC pursuant to the 2023 HHS Guidance. All nucleotide sequences or corresponding amino acid sequences that are Best Matches to a sequence of federally regulated agents—ie, the Biological Select Agents and Toxins (BSAT) list or, for international orders, the Commerce Control List (CCL)—are SOCs, except when the sequence is identical to a sequence found in an unregulated organism or toxin. Synthetic nucleic acids should be screened over each 200 nucleotide window within their sequences for SOCs (see below for changes that will take effect on October 13, 2026). Providers conducting this screening may determine which commercial services, open-source solutions, or in-house developed algorithms and software systems to use to make this determination. Where available, standards from the National Institute of Standards and Technology (NIST) should be applied to determine that the mechanism used by each entity is sufficient.	x
	On or After October 13, 2026: Reduce the size of the screening window and screen each 50 nucleotide window for SOCs. Providers conducting screening may determine which commercial services, open-source solutions, or in-house developed algorithms and software systems to use to make this determination, and they should undertake efforts to measure the effectiveness of this new screening criteria and improve screening over time.	x
	Apply screening methods that detect the potential for shorter nucleotide sequences to be assembled into SOCs when multiple synthetic nucleic acids are ordered by the same customer in a bulk order or in multiple orders over time.	x
	Make efforts to implement a mechanism to screen additional SOCs known to contribute to pathogenicity or toxicity, even when not derived from or encoding regulated biological agents.	x
	Integrate into benchtop nucleic acid synthesizers the capability to screen sequences for SOCs, meeting the standards as outlined in the 2023 HHS Guidance. As described in the guidance, this level of screening should be on par with the SOC screening best practices recommended for Providers in the framework, including screening against SOC databases, when available, that are updated regularly as new SOCs are identified as a required step before synthesizing the sequence, in a verifiable manner.		x
3. Screen customers who submit purchase orders of synthetic nucleic acids with SOCs, and of benchtop nucleic acid synthesis equipment, to verify legitimacy	Assess customer risk by following the 2023 HHS Guidance and industry standard “know your customer” practices.	x	x
	Develop and implement a process to assess the legitimacy of orders that have been identified by the sequence screening protocol as containing a SOC. The legitimacy of an order is determined by verifying the legitimacy of both the individual customer placing the order and their institution.	x
	Confirm the legitimacy of the individual customer by ensuring that the person (or customer) placing an order has no red flags, is affiliated with a legitimate institution, and has a legitimate need for using synthetic nucleic acids.	x	x
	Confirm the legitimacy of the institution by verifying its legal standing and that it has a life sciences-oriented mission and purpose, or uses synthetic nucleic acids for other relevant applications, and ensuring there are no red flags.	x	x
	Develop and implement a process to assess the legitimacy of orders for their equipment, such as through verified user accounts. As stated above, the legitimacy of an order is determined by verifying the legitimacy of both the individual customer placing the order and their institution—which should include verification that the institution will cooperate in ensuring that benchtop synthesizers are only accessed by legitimate end users.		x
	Implement mechanisms to track legitimate use of their equipment, including when it is potentially transferred to a new user during the lifecycle of these equipment.		x
	Ensure that proprietary and sole-use reagents for their benchtop synthesizers are only sold to legitimate customers and end users, even if they were not screened for legitimacy when initially obtaining their benchtop nucleic acid synthesizer (eg, if they acquired their equipment prior to the time this framework comes into effect).		x
	At a minimum, include a field or mechanism in their ordering system where customers can self-identify that an order contains a SOC. When an order does contain a SOC, Providers should also include a mechanism for customers to provide information that will be useful for verifying the customer’s legitimacy.	x
	Ask customers if they are the end user for the SOCs or if the order will be passed along to a third party(s), in which case the legitimacy of the third party(s) should also be assessed.	x
4. Report potentially illegitimate purchase orders of synthetic nucleic acids involving SOCs or of benchtop nucleic acid synthesis equipment	SAME RESPECTIVE REQUIREMENTS	x	x
5. Retain records relating to purchase orders for synthetic nucleic acids and benchtop nucleic acid synthesis equipment	SAME RESPECTIVE REQUIREMENTS	x	x
6. Take steps to ensure cybersecurity and information security	SAME RESPECTIVE REQUIREMENTS, except:	x	x
	Design benchtop nucleic acid synthesis equipment with security and safety in mind. Manufacturers are encouraged to adhere to the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design principles, which are intended to encourage the design and manufacturing of products that reasonably protect against exploitation of product defects.		x

Compliance Table for Providers & Benchtop Manufacturers