March 5, 2024

The BIOSECURE Act and Its Potential Implications

Proposed federal legislation known as the BIOSECURE Act is being considered in both the U.S. House of Representatives and the U.S. Senate.1 In general, the BIOSECURE Act would prohibit U.S. federal funding (including loans, grants, and contracts (including contract extensions and renewals)) in connection with biotechnology equipment or services produced or provided by Chinese biotechnology service providers that are named in the legislation (BGI Genomics, MGI, Complete Genomics, and WuXi AppTec) as well as certain other to-be-identified entities that are subject to the control of a “foreign adversary” (defined by law to be China, North Korea, Iran, Cuba, and Russia). The BIOSECURE Act would also prohibit federal loans and grants to, and federal contracts (including contract extensions and renewals) with, any entity that uses biotechnology equipment or services from one of these entities in performance of the government contract. If passed in its current form, the BIOSECURE Act could have implications for pharmaceutical and biotechnology companies that receive U.S. federal funding or have procurement contracts with the U.S. government and depend upon the equipment or services of the biotechnology service providers covered by the law.2


The BIOSECURE Act does not propose a blanket prohibition on biotech and pharmaceutical companies from partnering or transacting with the entities covered by the law. Likewise, the current draft of the BIOSECURE Act would not impose penalties on companies that engage with these entities. The BIOSECURE Act has two core areas of focus:

  • First, the legislation would prohibit federal agencies from directly procuring services from or funding (by federal loan or grant) a “biotechnology equipment or service” from a “biotechnology company of concern” (defined below).
  • Second, the legislation would also prohibit federal agencies from entering into, extending, or renewing a contract with, or expending federal grant or loan funds to, an entity that either:
    • uses biotechnology equipment or service from a biotechnology company of concern in performing the contract; or
    • enters into a contract (with a third party) that will require the direct use of the biotechnology equipment or service from a biotechnology company of concern.

As a result, companies that contract with any “biotechnology company of concern” could themselves become ineligible to receive federal contracts, loans, or grants. Additionally, the range of potential downstream impacts that the BIOSECURE Act could have on commercial contracting should be monitored if this legislation advances.

Key Definitions – “Biotechnology Companies of Concern” and “Biotechnology Equipment or Services”

The BIOSECURE Act instructs the Office of Management and Budget to develop a list of the ‘‘biotechnology companies of concern’’ that would be subject to the law. This term is defined to include BGI Genomics, MGI, Complete Genomics, Wuxi AppTec – by name – and any subsidiary, parent affiliate, or successor of these companies.

Additionally, the BIOSECURE Act directs the U.S. government to identify other entities for inclusion as biotechnology companies of concern, specifically any entity that is subject to the control or jurisdiction or acts on behalf of a “foreign adversary” (defined by law to be China, Cuba, Iran, North Korea, and Russia), provided that the entity is involved in the manufacturing, distribution, provision, or procurement of a biotechnology equipment or service, and poses a risk to the national security of the United States, based on:

  • engaging in joint research with, being supported by, or being affiliated with a foreign adversary’s military, internal security forces, or intelligence agencies;
  • providing multiomic data obtained via biotechnology equipment or services to the government of a foreign adversary; or
  • obtaining human multiomic data via the biotechnology equipment or services without express and informed consent.3

Importantly, the BIOSECURE Act applies to “biotechnology equipment or services,” which is broadly defined to include:

  • Equipment, components, accessories, software, firmware, or other digital components designed for use in the research, development, production, or analysis of biological materials – this includes genetic sequencers, mass spectrometers, polymerase chain reaction machines, or any other instrument, apparatus, machine, or device; or
  • Services for the research, development, production, analysis, detection, or provision of information, including data storage and transmission related to biological materials. This includes advising, consulting, or support services with respect to (1) the use or implementation of the equipment described above and (2) disease detection, genealogical information, and related services.

The legislation also gives the Director of the Office of Management and Budget authority to identify any other service, instrument, apparatus, machine, component, accessory, device, software, or firmware that is to be considered a “biotechnology equipment or service” under the law.

This broad definition of biotechnology equipment or services could have implications, as noted above, for pharmaceutical, biotech, and other medical products companies that work with one of the “biotechnology companies of concern” to collect data, conduct research, use such equipment or engage in such services on the company’s behalf, or provide critical goods, materials, and supplies used to conduct such research or to make medical products. The outcome of these questions could turn on both the final text of the BIOSECURE Act (if the legislation proceeds) as well as the facts and circumstances of each individual entity’s relationships or engagement with a biotechnology company of concern.

The BIOSECURE Act also includes a waiver mechanism, authorizing the head of the U.S. federal agency to waive the prohibition for up to 365 days on a case-by-case basis.

Historical Context

The draft legislation is similar to Section 889 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year 2019 (Section 889) and the Federal Acquisition Regulation (FAR) provisions that implemented this law, which prohibited the purchase of covered telecommunications equipment and services from vendors who sell products containing spyware—the so-called “Huawei ban.”4 That legislation was focused on certain Chinese telecommunications companies of concern and aimed to prevent U.S. federal agencies from funding those companies in any way. The application and evolution of Section 889, which remains in effect, may offer helpful insights for navigating the BIOSECURE Act.

Related List-Based Export and Trade Restrictions

The U.S. Department of Commerce, Bureau of Industry and Security (BIS) added several BGI entities to the Entity List on March 2, 2023, citing concerns about the collection of genetic data and contribution to monitoring and surveillance by the Chinese government. BGI Genomics Co., Ltd. is also named on the Department of Defense’s Chinese Military Companies List (the “1260H List”).

A February 12, 2024 letter from four of the original sponsors of the House and Senate versions of the BIOSECURE Act addressed to the Secretaries of Defense, Commerce, and Energy – with copies to the Secretaries of State and Energy – clarifies the BIOSECURE Act’s drafters’ concerns over these entities’ alleged ties to the Chinese military and Chinese Communist Party. The letter calls on the agencies to designate WuXi AppTec and WuXi Biologics on BIS’s Entity List, Treasury’s Non-SDN Chinese Military-Industrial Complex Companies List, and DoD’s 1260H List. BIS had previously listed certain WuXi entities on its Unverified List in February 2022, but those more modest restrictions were lifted in October 2022 after completion of routine end-use inspections of facilities in China.

WuXi provides services across all stages of the discovery, research, development, and manufacture of pharmaceutical products, serving as a well-known partner to large pharmaceutical and emerging biotechnology companies alike. WuXi has publicly denied the allegations raised in the letter, stating that it does not pose a national security risk and does not collect human genome data in its existing businesses.

Looking Ahead

The BIOSECURE Act is in the early stages of legislation in Congress, and it is therefore difficult to predict its final language or even whether it will become law. The fact that similar bills are pending in both the U.S. House of Representatives and U.S. Senate increases the potential likelihood of the BIOSECURE Act’s passage into law, and is moving even more quickly, with a markup scheduled for March 6. Given both bills’ bipartisan support, there is some momentum to the legislation. If passed, the BIOSECURE Act will most directly impact pharmaceutical and biotechnology companies that receive federal funding or support federal contracts through the use of biotechnology equipment or services provided by the named entities in the BIOSECURE Act. Pharmaceutical and biotechnology companies based or active in the United States may want to monitor how the prohibition on federal funding and federal contracting is defined and applied in the final language, as well as the waiver mechanism, to assess the potential impact to their businesses.

Companies might consider whether they need to update (or implement) processes for list-based screening of their counterparties, including vendors, suppliers, and other partners, to ensure the prompt discovery and identification of potentially impacted entities. Following any such designation, companies may want to evaluate the applicable trade restrictions to determine whether the restrictions may implicate their relationship with the target entity.

Finally, in addition to the Congressional activity that has resulted in the BIOSECURE Act, on February 28, 2024, the Biden administration issued an Executive Order to limit the distribution of certain government-related data and bulk sensitive personal data, including human genomic data, to countries of national security concern. The Department of Justice published an Advance Notice of Proposed Rulemaking on February 29, 2024, seeking comments on a regulatory regime that would prohibit or restrict certain “covered data transactions” involving a “country of concern”—identified as the People’s Republic of China (including Hong Kong and Macau), Russia, Iran, North Korea, Cuba, and Venezuela. A separate alert on these developments is forthcoming. A separate alert on these developments is available here.


[1] The Senate introduced an original bill (S. 3558) on December 20, 2023 that does not have a title; however, given their similar texts, we refer to the collective proposed legislation from both the House and the Senate as the “BIOSECURE Act.”  
[2] As of February 29, 2024, the Senate bill (S. 3558) was referred to the Senate Homeland and Governmental Affairs Committee on January 31, 2024, and a markup of that bill is slated to occur in committee on March 6, 2024. The House bill (H.R. 7085) was referred to the House Oversight and Accountability Committee on January 25, 2024, and there has been no additional movement since that time.
[3] “Multiomic” data is defined to include genomics, epigenomics, transcriptomics, proteomics, and metabolomics.
[4] Indeed, the February 12, 2024 letter notes that WuXi AppTec is “dubbed . . . as the ‘Huawei’ of China’s pharmaceutical sector.”


This informational piece, which may be considered advertising under the ethical rules of certain jurisdictions, is provided on the understanding that it does not constitute the rendering of legal advice or other professional advice by Goodwin or its lawyers. Prior results do not guarantee a similar outcome.