[Federal Register Volume 75, Number 197 (Wednesday, October 13, 2010)]
[Notices]
[Pages 62820-62832]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2010-25728]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of the Secretary


Screening Framework Guidance for Providers of Synthetic Double-
Stranded DNA

AGENCY: Department of Health and Human Services, Office of the 
Secretary.

ACTION: Notice.

-----------------------------------------------------------------------

    Authority: Public Health Service Act, 42 U.S.C. 241, Section 
301; HSPD-10.

SUMMARY: To reduce the risk that individuals with ill intent may 
exploit the application of nucleic acid synthesis technology to obtain 
genetic material derived from or encoding Select Agents or Toxins and, 
as applicable, agents on the Export Administration Regulations' (EAR's) 
Commerce Control List (CCL), the U.S. Government has developed Guidance 
that provides a framework for screening synthetic double-stranded DNA 
(dsDNA). This document, the Screening Framework Guidance for Providers 
of Synthetic Double-Stranded DNA (the Guidance), sets forth recommended 
baseline standards for the gene and genome synthesis industry and other 
providers of synthetic dsDNA products regarding the screening of orders 
so that they are filled in compliance with current U.S. regulations and 
to encourage best practices in addressing biosecurity concerns 
associated with the potential misuse of their products to bypass 
existing regulatory controls. Following this Guidance is voluntary, 
though many specific recommendations serve to remind providers of their 
obligations under existing regulations. The framework includes customer 
screening and sequence screening, follow-up screening as necessary, and 
consultation with U.S. Government contacts, as needed.
    A draft version of the Guidance was published as a Federal Register 
Notice (Federal Register, Vol. 74, No. 227, November 27, 2009, 
Screening Framework Guidance for Synthetic Double-Stranded DNA 
Providers) for public consideration and comment for a period of 60 
days. Comments were reviewed and the Guidance was amended through a 
deliberative interagency process. The Response to Public Comments 
document, which precedes the final Guidance in the Supplementary 
Information section of this Notice, provides a general review of the 
decisions made to alter the Guidance in response to public comments. 
The Department of Health and Human Services (HHS) is issuing this 
document as the lead agency in a broad interagency process to draft the 
Guidance. The Guidance will be reviewed on a regular basis and revised, 
as necessary. For further details about the Guidance, to access public 
comments, and to provide ongoing feedback please refer to http://www.phe.gov/preparedness/legal/guidance/syndna.

DATES: The Guidance is effective on October 13, 2010.

FOR FURTHER INFORMATION CONTACT: Jessica Tucker, PhD, Office of Policy 
and Planning, Office of the Assistant Secretary for Preparedness and 
Response, U.S. Department of Health

[[Page 62821]]

and Human Services, 330 C Street, SW., Room 3021K, Washington, DC 
20201; phone: 202-260-0632; fax: 202-205-8674; Web site: http://www.phe.gov/preparedness/legal/guidance/syndna.

SUPPLEMENTARY INFORMATION:

Response to Public Comments on Draft Screening Framework Guidance for 
Synthetic Double-Stranded DNA Providers

I. Summary

    The draft Guidance document was posted as a Federal Register Notice 
on November 27, 2009, for a period of 60 days for public comment. 
Twenty-two individual responses were received during this time period. 
The American Association for the Advancement of Science hosted a 
meeting to solicit the views of scientists, the public, and stakeholder 
communities on January 11, 2010 during the public comment period; the 
summary report from this meeting was submitted as a formal comment. 
Public comments are available at the following Web site: http://www.phe.gov/preparedness/legal/guidance/syndna.
    An interagency working group of Federal Government representatives 
was established to review and consider the public comments that were 
received; these comments informed the changes made in the final version 
of the Guidance. In general, public comments were received in the areas 
of customer screening, customer concerns, follow-up screening, and 
sequence screening, though some comments fell outside these categories. 
This Response to Public Comments document provides a general review of 
the decisions made to alter the Guidance in response to public comments 
in these thematic areas.

A. Customer Screening and Customer Concerns

    The draft Guidance includes recommendations for providers to screen 
against a number of different lists of proscribed entities; the lists 
to screen against differ depending on whether the order is placed by a 
domestic or international customer. Regarding these recommendations, 
several comments indicated a desire for a list that combines these 
proscribed entities (or alternatively, for a list of ``approved'' 
customers). No changes were made in response to these comments. The 
indicated lists exist under several different legal authorities and are 
maintained by different government bodies. In order to ensure that 
providers are referencing the most up-to-date versions of these lists, 
the U.S. Government continues to recommend that providers consult the 
primary sources.\a\ A list of ``approved'' customers is not practicable 
as it would have to be updated very frequently, given the emergence of 
new legitimate customers on a regular basis, and it would require that 
companies share their customer lists. Customers and providers should be 
aware, however, that there are some software packages available that 
may address these requests for a centralized database of consolidated 
lists.
---------------------------------------------------------------------------

    \a\ The Department of Commerce maintains consolidated links to 
many of these lists on the following Web site: http://www.bis.doc.gov/complianceandenforcement/liststocheck.htm. 
Additionally, the ``EAR Marketplace'' also includes consolidated 
links to lists: https://bxa.ntis.gov/prohib.html.
---------------------------------------------------------------------------

    Several comments were received regarding the list of ``red flags'' 
outlined in Section V.A.2 of the Guidance. Some respondents requested 
more guidance regarding how to respond to ``red flags'' raised in the 
customer screening process. To address these concerns, the Guidance now 
clarifies that follow-up screening is recommended whenever any `red 
flag' raises cause for concern. Additionally, several respondents 
requested the deletion of the following `red flag' which appeared in 
the draft Guidance: ``An unusually large order of DNA sequences, 
including larger than normal quantities, the same order placed several 
times, or several orders of the same sequence made in a short 
timeframe.'' Some customers and providers have indicated that such 
orders are a regular part of doing business and do not pose cause for 
concern. The U.S. Government agrees with these assessments. 
Accordingly, this `red flag' has been deleted from the final Guidance 
text.
    Several comments also indicated that ``customers'' are not always 
equivalent to ``end users,'' and these respondents indicated that the 
Guidance should be clearer in advising providers to request information 
about the ``end user.'' In response to these comments, the final 
Guidance has been amended to define ``customers'' and ``principal 
users''; most initial customer screening is focused on customers, while 
follow-up screening addresses both customers and principal users. 
``Principal users'' was chosen rather than ``end users,'' to prevent 
confusion with the Department of Commerce definition of ``end user'' 
vis-[agrave]-vis export control.
    A few comments reflected an interest in altering the Guidance to 
include a process for customers to contest denied orders. No changes 
were made in response to these comments. Because providers of synthetic 
double-stranded DNA (dsDNA) already have the right to deny an order for 
multiple reasons, including issues unrelated to biosecurity concerns, a 
process to contest denied orders is not offered in this Guidance. 
Finally, a couple of comments indicated that customers should be 
notified when their orders raised any cause for concern. In follow-up 
screening, it is recommended that customers be contacted for additional 
information about their order when there is cause for concern, so 
customers will be made aware if their order raises a `red flag' for the 
provider. Therefore, no changes were made in response to these 
comments.

B. Follow-Up Screening

    A few comments requested additional clarity or recommendations 
regarding vetting orders that are placed by an individual within a 
larger organization or entity. As a result, the follow-up screening 
section has now been amended to include examples of steps that might be 
taken to address orders from customers that are organizations or 
principal users that are affiliated with a larger organization. 
Additionally, because a couple of comments indicated that unaffiliated 
customers or principal users may not have a publication record, an 
additional option was provided for vetting unaffiliated customers/
principal users wherein the customer/principal user may provide 
references that can verify their identity and the legitimacy of the 
order.

C. Sequence Screening

    The topic that elicited the most public comments was sequence 
screening. The issues raised can generally be separated into the 
following themes: type/length of DNA to screen, sequences of concern, 
and sequence screening methodology.
1. Type/Length of DNA to Screen
    In the draft Guidance, the U.S. Government recommended that orders 
of synthetic dsDNA 200 base pairs (bps) and longer should be subject to 
a screening framework. A number of public comments critiqued this 
recommendation, while a few comments supported this recommendation as 
reasonable. Some comments stated that 200 bps is too small to be 
practical for providers to implement, and recommended screening 
sequences 1 kilobase pair (kbp) and longer. A larger number of comments 
stated that a 200 bp limit is not scientifically justified, and argued 
that because most providers already screen all synthetic dsDNA orders, 
the 200 bp limit should be eliminated. Finally, a small number of 
comments recommended that oligonucleotides, in addition to dsDNA, 
should be included in a screening

[[Page 62822]]

framework. The U.S. Government agrees that a 200 bp limit is not 
scientifically justified and that most providers already screen all 
dsDNA orders. Therefore, the recommendation to eliminate the 200 bp 
limit was adopted, and the final Guidance now recommends that all dsDNA 
orders should be screened. Because crafting ``agents of concern'' using 
dsDNA via de novo synthesis is still easier than by using single-
stranded oligonucleotides, dsDNA is the focus of this screening 
framework. Additionally, it is likely that implementing a screening 
framework would pose a significant burden for providers of 
oligonucleotides. Nonetheless, given the rapid developments in DNA 
synthesis, the U.S. Government will continue to examine this issue and 
may make amendments accordingly.
2. ``Sequences of Concern''
    A number of comments noted that many sequences that are not unique 
to Select Agents and Toxins may pose a biosecurity risk, but that only 
those sequences unique to Select Agents and Toxins (and, for 
international orders, those sequences unique to items on the Commerce 
Control List (CCL)) are characterized as ``sequences of concern'' 
within the draft Guidance. Additionally, several comments noted that 
non-Select Agent homologs that are closely related to a Select Agent 
virulence factor or pathogenicity gene could potentially be ordered and 
then substituted for the Select Agent sequence. These comments 
variously recommended that the Guidance adopt a broader definition of 
``sequences of concern,'' establish a curated database of virulence 
genes and ``other dangerous sequences,'' and/or adopt a ``Top 
Homology'' screening approach (see discussion of Screening Methodology 
below).
    The U.S. Government recognizes that there are concerns that 
synthetic dsDNA sequences not unique to Select Agents or Toxins or CCL 
items may also pose a biosecurity concern. However, a robust screening 
framework that can be consistently implemented from provider to 
provider requires a clear set of criteria for identifying non-Select 
Agent or Toxin (or non-CCL) ``sequences of concern.'' Due to the 
complexity of determining whether a specific sequence corresponds to a 
virulence factor or pathogenicity gene or otherwise poses a biosecurity 
risk, and because current knowledge of virulence and pathogenicity is 
limited, it is not currently possible to develop clear criteria that 
providers could use to robustly, comprehensively, and consistently 
identify non-Select Agent and Toxin or non-CCL ``sequences of concern'' 
based on virulence, pathogencity, or ``other danger.''
    In addition, many pathogens and toxins not listed on the Select 
Agents and Toxins lists and the CCL could nearly as easily be obtained 
through other means. The Select Agents and Toxins lists and the CCL are 
well-defined lists of high consequence pathogens and toxins that have 
the potential to pose a severe threat to human, animal, or plant 
health. Finally, the agents on the Select Agents and Toxins lists and 
the CCL are most relevant for these purposes because a primary goal is 
to prevent access to agents otherwise subject to existing regulations.
    Consequently, in the final Guidance, the U.S. Government continues 
to define ``sequences of concern'' as those sequences unique to Select 
Agents and Toxins (and those sequences unique to items on the CCL for 
international orders).
    The sequence screening recommendations contained in this Guidance 
do not preclude the use of curated databases or the development of 
robust criteria that can consistently identify non-Select Agent and 
Toxin or non-CCL sequences that may pose a biosecurity risk. The U.S. 
Government encourages the continued development of such databases and 
criteria as additional screening tools that will improve with time as 
additional data becomes available. To advance knowledge in this arena, 
the National Academies is conducting a study that will identify the 
scientific advances necessary to predict biological function from 
nucleic acid sequences for oversight of Select Agents.
3. Screening Methodology
    Many of the comments on screening methodology echoed issues raised 
in defining ``sequences of concern.'' A number of comments criticized 
the ``Best Match'' approach to screening, arguing that it is easily 
circumvented and less robust than some current industry screening 
practices, and proposed either screening against a centralized, curated 
database of ``sequences of concern'' or adopting a ``Top Homology'' 
approach. The curated database approach is potentially very efficient, 
but requires the creation of databases identifying specific features 
such as known pathogenic sequences, virulence factors, house-keeping 
genes, etc. While the acquisition of such knowledge is progressing, at 
this time it is not possible to provide a robust database that would 
identify all or even most such sequences.
    In the ``Top Homology'' approach, human screeners examine all 
sequences that exceed a certain threshold of homology to a dsDNA order 
to determine whether or not the matching sequences are derived from 
Select Agents and Toxins or from genes variously described in public 
comments as ``genes that can be intentionally abused,'' ``risk-
associated'' genes, or genes that ``code for virulence or other threat 
characteristics.'' This approach shares some similarities with ``Best 
Match,'' though the ``Top Homology'' approach considers all sequences 
that exceed a certain threshold and ``Best Match'' considers the top 
``hit.'' As with the customized database approach, a ``Top Homology'' 
approach could not be meaningfully implemented without a clear set of 
effective criteria for determining in a consistent and non-arbitrary 
manner when an order should trigger further customer review. However, 
the clear and effective criteria needed to make such an approach work 
are difficult to determine. The ``Best Match'' approach flags only the 
top ``hit,'' which meets the stated goal of identifying sequences 
unique to Select Agents and Toxins (and, for international orders, 
sequences unique to items on the CCL).
    As a result, the U.S. Government continues to recommend the use of 
the ``Best Match'' approach for screening. As stated above, the U.S. 
Government recognizes that there are concerns that synthetic dsDNA 
sequences not unique to Select Agents or Toxins or CCL items may also 
pose a biosecurity concern. The U.S. Government also recognizes that 
many providers have already instituted measures to address these 
concerns. The Guidance sets forth recommended baseline standards for 
providers regarding the screening of orders so they are filled in 
compliance with current U.S. regulations and to encourage best 
practices in addressing biosecurity concerns. As such, the ongoing 
development of best practices in this area is commendable and 
encouraged, particularly in light of the continued advances in DNA 
sequencing and synthesis technologies and the accelerated rate of 
sequence submissions to public databases such as GenBank.
    Minor wording changes have been made to clarify or alter the 
technical details of the screening methodology, including language to 
address the high sequence similarity of some Select Agents and Toxins 
with some attenuated strains of Select Agents and Toxins that have been 
excluded from regulation. The U.S. Government recognizes that continued 
research and

[[Page 62823]]

development may lead to new and improved screening methodologies. As 
new methods are developed, U.S. guidance may change accordingly. In 
addition, the sequence screening methodology recommendations contained 
in this Guidance do not preclude the use of other screening approaches 
that providers assess to be equivalent or superior to the ``Best 
Match'' approach.
    It is significant to note that sequence screening is simply a 
trigger for further customer screening and decision-making and does not 
by itself provide a basis for determining that filling an order is 
likely to pose a threat.
    Beyond ``Best Match'' comments, some public comments requested that 
additional software screening recommendations be provided; for example, 
software packages, additional screening parameters, etc. It is not the 
policy of the U.S. Government to recommend specific, proprietary 
software packages. As a result, additional screening parameters are not 
provided as these details are specific to individual screening 
packages. Finally, the recommendation to ``separately'' screen 
international orders against both the Select Agents and Toxins lists 
and the CCL that appeared in the draft Guidance was altered to indicate 
that, for international orders, screening should cover the CCL in 
addition to the Select Agents and Toxins lists. Whether these screens 
are conducted separately or simultaneously is up to the provider.

D. Other Issues

    In the draft Guidance, the screening framework indicated that 
customer screening should precede sequence screening. Several comments 
noted that the order of screening is irrelevant, as long as both 
customer and sequence screening occur for every order. The U.S. 
Government agrees with these comments, and has altered the final 
Guidance to remove the recommendation that screening occur in a 
particular order.
    Finally, the recommendations in the draft Guidance were directed to 
``commercial'' providers. Some comments indicated that the U.S. 
Government should recommend that all providers of synthetic dsDNA 
follow the recommended screening framework. The U.S. Government agrees 
with these comments. In order to effectively meet biosecurity goals, 
this recommendation was adopted, and the final Guidance is directed to 
all providers of synthetic dsDNA. Accordingly, when the final Guidance 
refers to ``orders'' of synthetic dsDNA, this term does not necessarily 
imply a commercial transaction.
    The Guidance will be reviewed on a regular basis and revised, as 
necessary. The U.S. Government recognizes that as the technology, the 
industry, and the nature of the biosecurity risk change, the Guidance 
will have to be altered, accordingly.

Screening Framework Guidance for Providers of Synthetic Double-Stranded 
DNA

I. Summary

    Synthetic biology, the developing interdisciplinary field that 
focuses on both the design and fabrication of novel biological 
components and systems as well as the re-design and fabrication of 
existing biological systems, is poised to become the next significant 
transforming technology for the life sciences and beyond. Synthetic 
biology is not constrained by the requirement of using existing genetic 
material and thus has great potential to be used to generate organisms, 
both currently existing and novel, including pathogens that could 
threaten public health, agriculture, plants, animals, the environment, 
or materiel. In the United States, many such pathogens, as well as 
certain toxins, are defined by specific existing regulations: Namely, 
the Select Agent Regulations (SAR) and, for international orders, the 
Export Administration Regulations (EAR). To reduce the risk that 
individuals with ill intent may exploit the application of nucleic acid 
synthesis technology to obtain genetic material derived from or 
encoding Select Agents or Toxins and, as applicable, agents on EAR's 
Commerce Control List (CCL), the U.S. Government has developed Guidance 
that provides a framework for screening synthetic double-stranded DNA 
(dsDNA). This Guidance sets forth recommended baseline standards for 
the gene and genome synthesis industry and other providers of synthetic 
dsDNA products regarding the screening of orders so that they are 
filled in compliance with current U.S. regulations and to encourage 
best practices in addressing biosecurity concerns associated with the 
potential misuse of their products to bypass existing regulatory 
controls.
    Following this Guidance is voluntary, though many specific 
recommendations serve to remind providers of their obligations under 
existing regulations. Briefly, upon receiving an order for synthetic 
dsDNA, the U.S. Government recommends that providers perform customer 
screening and sequence screening. If either customer screening or 
sequence screening raises any concerns, providers should perform 
follow-up screening. If follow-up screening does not resolve concerns 
about the order or there is reason to believe a customer may 
intentionally or inadvertently violate U.S. laws, providers should 
contact designated entities within the U.S. Government for further 
information and assistance. This Guidance also provides recommendations 
regarding proper records retention protocols and screening software.

II. Introduction

    Synthetic biology, unlike traditional recombinant DNA technology, 
is not constrained by the requirement for existing genetic material. 
This novel feature, along with rapid advances in DNA synthesis 
technology and the open availability of pathogen genome sequence data, 
has raised concerns in the scientific community, the dsDNA synthesis 
industry, the U.S. Government, and the general public that individuals 
with ill intent could exploit this technology for harmful purposes.
    Within the U.S., microbial organisms and toxins that have been 
determined to have the potential to pose a severe threat to public 
health and safety, animal health, plant health, or animal or plant 
products are regulated through the SAR, administered by the Department 
of Health and Human Services/Centers for Disease Control and Prevention 
(HHS/CDC) and the U.S. Department of Agriculture/Animal and Plant 
Health Inspection Service (USDA/APHIS). The SAR sets forth requirements 
for the possession, use, and transfer of listed agents. Additionally, 
the EAR identifies agents and genomic sequences that require export 
licenses from the United States. The directed synthesis of 
polynucleotides could enable individuals not authorized to possess 
Select Agents (or, for international orders, those items listed on the 
CCL) to obtain them through transactions with providers of synthetic 
dsDNA. Such synthesis obviates the need for access to the naturally 
occurring agents or naturally occurring genetic material from these 
agents, thereby greatly expanding the potential availability of these 
agents.
    The National Science Advisory Board for Biosecurity (NSABB) was 
charged with identifying the potential biosecurity concerns raised by 
the ability to synthesize Select Agents and providing advice on whether 
current U.S. Government policies and regulations adequately cover the 
de novo synthesis of Select Agents. Their report entitled Addressing 
Biosecurity Concerns Related to the Synthesis of Select Agents was 
formally transmitted to the U.S. Government in March 2007.

[[Page 62824]]

Federal Departments and Agencies with roles in life sciences research 
and/or security deliberated over the NSABB recommendations and 
identified a series of relevant policy actions targeted to promote risk 
management, while seeking to minimize negative impacts upon scientific 
progress or industrial development.
    One of the formal policy actions charged Federal Departments and 
Agencies to identify, evaluate, and support the establishment of a 
screening infrastructure for use by providers and users of synthetic 
nucleic acids while engaging stakeholders in industry and academia. 
This document provides guidance to all providers of synthetic dsDNA 
regarding a screening framework for synthetically-derived dsDNA orders. 
Specific recommendations are in bold type throughout the text.
    In the context of this Guidance, the following definitions are 
applicable:
    ``Provider'' refers to the entity that synthesizes and distributes 
dsDNA. A provider is understood to be an entity synthesizing dsDNA for 
and distributing dsDNA to a customer, not a research scientist 
collaborating with a colleague.\1\ ``Customer'' refers to the 
individual or organization that orders or requests synthetic dsDNA from 
a provider, and ``Principal user'' is the individual that receives and 
ultimately uses the ordered or requested dsDNA.
---------------------------------------------------------------------------

    \1\ Transfers of synthetic dsDNA should be evaluated for 
conformance with the SAR and EAR even when dealing with 
collaborating laboratories.
---------------------------------------------------------------------------

III. Goals of Guidance

    The primary goal of the Guidance is to minimize the risk that 
unauthorized individuals or individuals with malicious intent will 
obtain ``toxins and agents of concern'' through the use of nucleic acid 
synthesis technologies, and to simultaneously minimize any negative 
impacts on the conduct of research and business operations. The 
Guidance was developed, in light of providers' existing protocols, to 
be implemented without unnecessary cost and to be globally extensible, 
both for U.S.-based providers operating abroad and for international 
providers.
    Providers of synthetic dsDNA have two overriding responsibilities 
in this context:
     Providers should know to whom they are distributing a 
product.
     Providers should know if the product that they are 
synthesizing and distributing contains, in part or in whole, a 
``sequence of concern''.
    The Guidance outlines a screening framework that will assist 
providers in meeting both of these responsibilities. Though certain 
guidance provided in this document is necessarily framed by U.S. policy 
and regulations, the Guidance was composed so that fundamental goals, 
provider responsibilities, and the screening framework could be 
considered for application by the international community. In 
particular, though the Select Agents and Toxins and the CCL-listed 
items that are the primary focus of the Guidance may not be relevant 
for all countries, the sequence screening framework can be applied to 
other categories of agents and toxins that may be relevant for other 
regions.\2\
---------------------------------------------------------------------------

    \2\ The CCL items that are on the Australia Group Common Control 
Lists are relevant for all Australia Group members (see http://www.australiagroup.net/en/index.html).
---------------------------------------------------------------------------

IV. Overview: Synthetic dsDNA Screening Framework

    Providers should establish a comprehensive and integrated screening 
framework that includes both customer screening and sequence screening, 
as well as follow-up screening when customer and/or sequence screening 
raises a concern.
     Customer Screening--The purpose of customer screening is 
to establish the legitimacy of customers ordering synthetic dsDNA 
sequences. Providers should develop customer screening mechanisms to 
verify the legitimacy of a customer if the customer is an organization 
or confirm customer identity if the customer is an individual, to 
identify potential `red flags,' and to conform to U.S. trade 
restrictions and export control regulations.
     Sequence Screening--The purpose of sequence screening is 
to identify when ``sequences of concern'' are ordered. Identification 
of a ``sequence of concern'' does not necessarily imply that the order 
itself is of concern. Rather, when a ``sequence of concern'' is 
ordered, further follow-up procedures should be used to determine if 
filling the order would raise concern. Sequence screening is 
recommended for all dsDNA orders.
     Follow-up Screening--The purpose of follow-up screening is 
to verify the legitimacy of customers both at the level of the customer 
and the principal user, to confirm that customers and principal users 
placing an order are acting within their authority, and to verify the 
legitimacy of the end-use.
    Many customers will likely volunteer information about their 
identity or the sequence they are ordering. Providers should 
corroborate this information as part of their screening framework.
    The following overall screening methodology is recommended:
    1. Upon receiving an order for synthetic dsDNA, the U.S. Government 
recommends that providers conduct both customer screening and sequence 
screening. In customer screening, providers should review the 
information provided by the customer to verify their corporate or 
individual identity (as applicable), and to identify potential ``red 
flags.'' Providers should also check customers against lists of denied 
or blocked persons and entities maintained by the Departments of 
Commerce, State, and Treasury.
    In sequence screening, the U.S. Government recommends screening the 
ordered sequence to identify sequences derived from or encoding Select 
Agents and Toxins \3\ and, for international customers, providers 
should also screen the ordered sequence to identify sequences derived 
from or encoding items on the CCL.\4\ Scenarios of concern may include:
---------------------------------------------------------------------------

    \3\ Please see http://www.selectagents.gov to access the most 
recent Select Agents and Toxins lists.
    \4\ Visit http://www.access.gpo.gov/bis/ear/ear_data.html to 
access the most recent Commerce Control List and review the Export 
Administration Regulations. The pathogens on the Commerce Control 
List are derived from the Select Agents and Toxins lists and the 
Australia Group's three pathogen control lists. As a member of the 
Australia Group, the United States has made a commitment to control 
exports of pathogens and their genetic elements on these lists.
---------------------------------------------------------------------------

    a. If an ordered dsDNA product can be classified as a Select Agent 
or Toxin based on the SAR \3\ \5\ or is identified as a ``sequence of 
concern'' (defined in Section V.B.1.), additional customer verification 
steps should be performed and may in some cases be required.
---------------------------------------------------------------------------

    \5\ The CDC/APHIS national Select Agent registry Web site 
(http://www.selectagents.gov) contains a guidance document entitled 
``Applicability of the Select Agent Regulations to Issues of 
Synthetic Genomics'' to assist providers in identifying 
synthetically derived Select Agent materials that would fall under 
the current regulations. The regulation of Select Agents and Toxins 
currently includes (1) nucleic acids that can produce infectious 
forms of any Select Agent viruses and (2) Recombinant nucleic acids 
that encode for the functional form(s) of any of the regulated 
toxins if the nucleic acids: (i) Can be expressed in vivo or in 
vitro, or (ii) Are in a vector or recombinant host genome and can be 
expressed in vivo or in vitro.
---------------------------------------------------------------------------

    b. If an ordered dsDNA product can be classified as a Select Agent 
or Toxin based on the SAR,  3 5 providers must be registered 
under the SAR to possess the dsDNA product. Transfer of the material 
from the provider must be done in accordance with APHIS and CDC 
procedures using the APHIS/CDC Form 2 to obtain authorization for and 
to document the transfer. Additional information on the transfer of 
Select Agents and Toxins is available at http://www.selectagents.gov.
    c. Additional restrictions or licensing requirements may apply for

[[Page 62825]]

international orders if they include an item that is listed on the 
CCL.\6\
---------------------------------------------------------------------------

    \6\ See Category 1, ECCN 1C353 of the CCL available at http://www.bis.doc.gov.
---------------------------------------------------------------------------

    2. If sequence screening or customer screening raises any concerns, 
providers should pursue follow-up screening to verify the legitimacy of 
the customer, the principal user and the end-use of the ordered 
sequence. The goal of follow-up screening is to assist the provider in 
determining whether to fill the order. If the provider encounters a 
scenario where they would benefit from additional assistance in 
assessing an order, the provider is encouraged to seek advice from the 
relevant U.S. Government Departments and Agencies by contacting the 
nearest FBI Field Office Weapons of Mass Destruction (WMD) Coordinator. 
The WMD Coordinator can be reached by contacting the local FBI Field 
Office and asking to be connected to the FBI WMD Coordinator.

V. Details: Synthetic dsDNA Screening Framework

    This section provides details of the steps involved in the 
recommended screening framework. These steps include customer 
screening, sequence screening, and follow-up screening.

A. Customer Screening

    Customer screening encompasses two overarching responsibilities of 
providers: customer verification and identification of any ``red 
flags.''
1. Customer Verification
    (a) The U.S. Government recommends that, for every order, providers 
of synthetic dsDNA gather the following information to verify a 
customer's identity:
     Customer's full name and contact information
     Billing address and shipping address (if not the same)
     Customer's institutional or corporate affiliation (if 
applicable)
    (b) To ensure compliance with U.S. regulations concerning exports 
and sanctioned individuals and countries, the U.S. Government 
recommends that, for every order, providers of synthetic dsDNA screen 
customers against several lists of proscribed entities (described in 
Section VI).
    Lack of affiliation with an institution or firm does not 
automatically indicate that a customer's order should be denied. In 
such cases, the U.S. Government recommends conducting follow-up 
screening.
    Additionally, the U.S. Government recognizes that many providers 
have instituted measures and procedures to properly vet customers. The 
ongoing development of best practices in customer screening is 
commendable and encouraged, particularly as methodologies and resources 
become available to further assist with customer screening.
    The U.S. Government recommends that companies retain records of 
customer orders for at least eight years based on the statute of 
limitations set forth by U.S. Code of Federal Crimes and Procedures, 
Title 18 Section 3286.\7\
---------------------------------------------------------------------------

    \7\ The eight-year statute of limitations in Section 3286 
applies to the offense defined by Title 18 Section 175(b) 
(possession of biological agents with no reasonable justification).
---------------------------------------------------------------------------

    The U.S. Government recommends archiving the following information: 
customer information (point-of-contact name, organization, address, and 
phone number), order sequence information (nucleotide sequences 
ordered, vector used), and order information (date placed and shipped, 
shipping address, and receiver name).
2. ``Red Flags''
    In reviewing the customer's order information, providers should 
take into account any circumstances in the proposed transaction that 
may indicate that the order may be intended for an inappropriate end-
use, customer, or destination. These are known as ``red flags.''
    The following is an illustrative list of indicators that can help 
in identifying suspicious orders of synthetic dsDNA:
     A customer whose identity is not clear, who appears 
evasive about their identity or affiliations, or whose information 
cannot be confirmed or verified (e.g., addresses do not match, not a 
legitimate company, no Web site, cannot be located in trade 
directories, etc.).
     A customer who would not be expected in the course of 
their normal business to place such an order (e.g., no connection to 
life science research, biotechnology or requirement for DNA synthesis 
services).
     A customer that requests unusual labeling or shipping 
procedures (e.g., requests to misidentify the goods on the packaging, 
requests to deliver to a private address, or requests to change the 
customer's name after the order is placed, but before it is shipped).
     A customer proposing an unusual method of payment (e.g., 
arranging payment in cash, personal credit card or through a non-bank 
third party) or offering to pay unusually favorable payment terms, such 
as a willingness to pay a higher than expected price.
     A customer that requests unusual confidentiality 
conditions regarding the order, particularly with respect to the final 
destination or the destruction of transaction records.
    If a review of customer information reveals one or more ``red 
flags,'' the U.S. Government recommends that providers conduct follow-
up screening. If providers are unsure about whether to fill an order, 
they should contact the U.S. Government for further information 
(described in Section VII).

B. Sequence Screening

    Sequence screening, which identifies whether a requested sequence 
is a ``sequence of concern,'' is intended to serve as a trigger for 
further follow-up screening and does not by itself provide a basis for 
determining whether an order poses a risk. Providers should screen all 
orders of dsDNA.
1. Identifying ``Sequences of Concern''
    The U.S. Government recommends that dsDNA orders be screened for 
sequences derived from or encoding Select Agents and Toxins and, for 
foreign orders, for dsDNA derived from or encoding CCL-listed agents, 
toxins, or genetic elements. The U.S. Government chose the pathogens 
and toxins identified by HHS and USDA as ``Select Agents and Toxins'' 
as an appropriate list of ``agents of concern'' against which providers 
should screen orders since:
     The list is comprised of high consequence pathogens and 
toxins that have the potential to pose a severe threat to human, 
animal, or plant health or to animal or plant products
     Their possession, use, and transfer are managed through 
Federal regulations.
    The Select Agents and Toxins lists are reviewed biennially and 
updated as needed to address biosecurity concerns.\8\
---------------------------------------------------------------------------

    \8\ A list of biological agents and toxins that affect humans 
has been promulgated by HHS/CDC (HHS Select Agents and Toxins, 42 
CFR 73.3). A list of biological agents that affect animals and 
animal products has been promulgated by USDA/APHIS/Veterinary 
Services (USDA Select Agents and Toxins, 9 CFR 121.3). A list of 
agents that affect plants and plant products has been promulgated by 
USDA/APHIS/Plant Protection and Quarantine (USDA Select Agents and 
Toxins, 7 CFR 331.3). Additionally, HHS and USDA promulgated a list 
of ``overlap'' agents that affect both humans and animals (42 CFR 
73.4 and 9 CFR 121.4).
---------------------------------------------------------------------------

    The U.S. Government reminds providers to screen for items on the 
CCL for international orders to ensure they are in compliance with the 
EAR. As a member of the Australia Group, the United States requires 
exporters through

[[Page 62826]]

the EAR to obtain export licenses for exports of reading-frame length 
nucleic acid sequences from pathogens listed under Export Control 
Classification Numbers (ECCNs) 1C351, 1C352, 1C353, and 1C354.\9\ The 
EAR also requires exporters to obtain licenses for exports of reading-
frame length nucleic acid sequences from pathogens on the Select Agent 
list not listed elsewhere on the CCL (ECCN 1C360). The EAR requirements 
specifically apply to genetic elements that encode toxins or sub-units 
of controlled toxins or genetic elements associated with pathogenicity 
of controlled microorganisms.
---------------------------------------------------------------------------

    \9\ Definitions of terms pertinent to exports can be found in 
Part 772 of the EAR. Part 734 (15 CFR chapter VII, subchapter C) 
describes the scope of the EAR and explains certain key terms and 
principles used in the EAR. The EAR provisions are subject to 
change, as they are regularly updated pursuant to multilateral 
agreements.
---------------------------------------------------------------------------

    Therefore, for the purposes of this Guidance, Select Agents and 
Toxins are classified as ``agents of concern,'' and ``sequences of 
concern'' are dsDNA sequences derived from or encoding Select Agents 
and Toxins. For international orders, ``agents of concern'' also 
include items on the EAR's CCL, and ``sequences of concern'' include 
those dsDNA sequences derived from or encoding those items. The U.S. 
Government may revisit these definitions in the future in light of 
experience with implementation of the Guidance and scientific and 
technological developments.
    Because the CCL and the Select Agents and Toxins lists are not 
identical, it is recommended that providers ensure that international 
orders are screened to identify sequences derived from or encoding 
items on the Select Agents and Toxins lists and the CCL.
    If a customer orders a synthetic dsDNA product that meets the 
definition of a Select Agent or Toxin,\3\ \5\ domestic providers and 
customers must be in compliance with the CDC and APHIS Select Agent 
Regulations (42 CFR part 73, 7 CFR part 331, and 9 CFR part 121) in 
order to fill the order. A provider of such regulated dsDNA must be 
registered with CDC or APHIS in order to synthesize these materials. In 
addition, the provider must obtain an approved transfer form from CDC 
or APHIS and, for interstate transfers, a permit from APHIS (when 
applicable) in order to ship such products. International providers are 
advised that the receiving party must obtain an import permit from CDC 
and/or APHIS and an approved transfer form in order to receive such 
products. All providers are advised that receivers must hold a permit 
in order to receive through importation or interstate transport any 
product that meets the definition of ``plant pest'' (as defined at 7 
CFR part 330), or any organism or its derivative which may introduce or 
disseminate any contagious or infectious disease of animals (9 CFR part 
122).
    The U.S. Government recognizes that there are concerns that 
synthetic dsDNA sequences not unique to Select Agents or Toxins or CCL 
items may also pose a biosecurity concern. The U.S. Government also 
recognizes that many providers have already instituted measures to 
address these concerns. The ongoing development of best practices in 
this area is commendable and encouraged, particularly in light of the 
continued advances in DNA sequencing and synthesis technologies and the 
accelerated rate of sequence submissions to public databases such as 
the National Institutes of Health's GenBank. However, due to the 
complexity of determining pathogenicity and because research in this 
area is ongoing and many such agents are not currently encompassed by 
regulations in the U.S., generating a comprehensive list of such agents 
to screen against is not currently feasible and hence is not provided 
in this Guidance.
2. Technical Goals and Recommendations for Sequence Screening
    The U.S. Government developed the following list of specific 
technical goals and recommendations for a sequence screening 
methodology to ensure the reliable and accurate detection of synthetic 
dsDNA sequences derived from or encoding ``sequences or agents of 
concern:''
    The U.S. Government recommends that the sequence screening method 
be able to identify sequences unique to Select Agents and Toxins; to 
meet their obligations under existing regulations, for international 
orders, screening should also be able to identify sequences unique to 
CCL-listed agents, toxins, and genetic elements. Many DNA sequences 
encode genes that are required to maintain normal cellular physiology, 
otherwise known as ``house-keeping genes.'' These ``house-keeping 
genes'' are highly conserved between pathogenic and non-pathogenic 
species. Screening methodologies that recognize highly conserved 
sequences such as ``house-keeping genes'' as positive ``hits'' for 
``sequences of concern'' offer little biosecurity benefit and may 
impede the screening efforts. Such methodologies would produce a larger 
number of ``hits'' adding extra burden for screeners and potentially 
resulting in actual ``sequences of concern'' being overlooked. 
Additionally, such a system may hamper scientific research by falsely 
assigning sequences from closely related microbes as ``sequences of 
concern.''
    The U.S. Government recommends that sequence screening be performed 
for both DNA strands and the resultant polypeptides derived from 
translations using the three alternative reading frames on each DNA 
strand (or six-frame translation). Each amino acid is encoded by a 
codon, a three nucleotide sequence of DNA. The correspondence from 
codon to amino acid is not unique. A given amino acid may be encoded by 
one to six distinct codons, which means that an amino acid polypeptide 
can be encoded by many different DNA sequences. Consequently, to 
determine whether a nucleotide sequence is derived from or encodes a 
``sequence or agent of concern,'' it is necessary to screen the six-
frame translation polypeptides encoded by the DNA sequences in addition 
to the DNA sequences themselves.
    The U.S. Government recommends that sequence alignment methods 
should enable the detection of any ``sequences of concern'' in a dsDNA 
order. The screening routine should be capable of local sequence 
alignments. A sequence screening system that assesses only the overall 
sequence length without any local checks may not detect a ``sequence of 
concern'' embedded within a larger, benign sequence. In order to ensure 
that ``sequences of concern'' embedded within larger sequences are not 
overlooked, when screening orders longer than 200 base pairs (bps), 
providers should use screening techniques able to detect ``sequences of 
concern'' as short as 200 bps in length. One method that providers may 
consider using involves comparing overlapping 200 bp nucleotide 
segments (nucleotides 1-200, 2-201, etc.) and corresponding 66 amino 
acid sequences, over the length of the dsDNA order, to a public 
sequence database such as GenBank using a sequence alignment tool.
3. Sequence Screening Methodology
    The U.S. Government recommends a ``Best Match'' approach for 
sequence screening to determine whether a query sequence is derived 
from or encodes a Select Agent or Toxin or, for international orders, a 
sequence from a CCL-listed item. In this approach, the query sequence 
is aligned with a database of known sequences (such as GenBank) to 
identify the sequence with the greatest percent identity (the ``Best

[[Page 62827]]

Match'') over each 200 bp nucleic acid segment and corresponding amino 
acid sequence (or over the entire query sequence for those dsDNA orders 
shorter than 200 bps). Advantages of the ``Best Match'' approach 
include: It is automatically adaptable as new sequences are added to 
GenBank, it is adaptable to entirely synthetic genes, it can be 
accomplished using publicly available databases and tools, and it does 
not require provider discretion in setting similarity cut-off criteria.
    In this approach, a query sequence is deemed to be a ``hit,'' and 
the order should be investigated further by the provider in follow-up 
screening, if the nucleotide sequence, over any span of 200 or more 
nucleotides (or fewer than 200 nucleotides if the query sequence is 
shorter than 200 bps), or if any of the six derivable 66 amino acid 
open reading frame (ORF) translations, is more closely related to the 
sequence of a Select Agent or Toxin (or CCL item, when applicable) than 
to any other sequence in GenBank. Due to the high sequence similarity 
of some Select Agents and Toxins with some attenuated strains of Select 
Agents and Toxins that have been excluded from regulation,\10\ 
sequences that are ``Best Matches'' to these excluded strains should 
still be considered a ``hit'' and the order should be subject to 
follow-up screening.
---------------------------------------------------------------------------

    \10\ Information about attenuated strains that are not subject 
to the requirements of 42 CFR part 73, 9 CFR part 121, and 7 CFR 
part 331 can be accessed at http://www.selectagents.gov/Exclusions.html.
---------------------------------------------------------------------------

    The ``Best Match'' approach is intended to minimize the number of 
sequence hits due to genes that are shared among both Select Agents or 
Toxins and non-Select Agents or Toxins (or for genes shared among CCL 
and non-CCL items, when applicable). Nonetheless, some harmless 
sequences in Select Agents or Toxins (or CCL items) or those that are 
routinely used in scientific research may result in a ``hit'' during 
this sequence screen. The U.S. Government recommends that providers 
develop, maintain, and document protocols to determine if a sequence 
``hit'' qualifies as a true ``sequence of concern;'' protocols that are 
no longer current should be maintained for at least eight years. 
Additionally, providers should keep screening records of all ``hits'' 
for at least eight years, even if the order was deemed acceptable. In 
cases where the provider is unable to make the determination, advice 
can be sought from the relevant U.S. Government Departments and 
Agencies by contacting the nearest FBI Field Office Weapons of Mass 
Destruction Coordinator.
    As noted in Section V.B.1 above, the U.S. Government recognizes 
that there are concerns that synthetic dsDNA sequences not unique to 
Select Agents or Toxins or CCL items may also pose a biosecurity 
concern. The U.S. Government also recognizes that many providers have 
already instituted measures to address these concerns. The ongoing 
development of best practices in this area is commendable and 
encouraged, particularly in light of the continued advances in DNA 
sequencing and synthesis technologies and the accelerated rate of 
sequence submissions to public databases such as GenBank.
    To this end, providers may also choose to use other screening 
approaches that they assess to be equivalent or superior to the ``Best 
Match'' approach or that supplement it, including customized database 
approaches or approaches that evaluate the biological risk associated 
with non-Select Agent and Toxin sequences or, for international orders, 
sequences not associated with items on the CCL. These sequence 
screening recommendations do not preclude the use of curated databases 
of non-Select Agent or Toxin or non-CCL sequences for sequence 
screening. The U.S. Government encourages the development of such 
databases as an additional screening tool that will improve with time 
as additional data become available. Whatever sequence screening 
approach a provider adopts, the approach should meet the technical 
requirements outlined in Section V.B.2; additionally, the provider may 
choose to develop additional criteria to address non-Select Agent and 
Toxin or non-CCL sequences. If the provider determines that an ordered 
product poses a biosecurity risk, the provider should conduct follow-up 
screening accordingly. The U.S. Government recommends that providers 
develop, maintain, and document their sequence screening protocols 
within company records; protocols that are no longer current should be 
maintained for at least eight years.
    The U.S. Government recognizes that continued research and 
development may lead to new and improved screening methodologies. As 
new methods are developed, U.S. Guidance may change accordingly.

C. Follow-Up Screening

    The purpose of follow-up screening is to verify the legitimacy of 
the customer and the principal user, to confirm that the customer and 
principal user placing an order are acting within their authority, and 
to verify the legitimacy of the end-use.
    Follow-up screening should be conducted if customer screening or 
sequence screening raises any concerns. In any case where there are 
abnormal circumstances surrounding the order or the customer has 
ordered a ``sequence of concern,'' the U.S. Government recommends that 
providers ask for information about the customer and principal user, 
including the proposed end-use of the order, to help assess the 
legitimacy of their order.\11\ Sample end-uses of ordered synthetic 
dsDNA could include, but are not limited to:
---------------------------------------------------------------------------

    \11\ As statutory precedent for requesting information about 
proposed end-use, providers and customers should be aware of U.S. 
Code Title 18 Section 175(b), which states in part that ``Whosoever 
knowingly possesses any biological agent, toxin, or delivery system 
of a type or in a quantity that, under the circumstances, is not 
reasonably justified by a prophylactic, protective, bona fide 
research, or other peaceful purpose, shall be fined under this 
title, imprisoned not more than 10 years, or both.''
---------------------------------------------------------------------------

     Identification of pathogenicity genes via marker-deletion 
mutagenesis.
     Training for threat agent detection.
     Production of organism for experimental research studies.
    If not conducted previously, providers should gather the following 
information to verify a principal user's identity:
     Principal user's full name and contact information.
     Billing address and shipping address (if not the same).
     Principal user's institutional or corporate affiliation 
(if applicable)
    If the customer or principal user is affiliated with an institution 
or firm, providers should contact the relevant biological safety 
officer, supervisor, lab director, director of research, or other 
relevant institutional representative in order to confirm the order, 
verify the customer's and principal user's identity, and verify the 
legitimacy of the order. If the customer or principal user is not 
affiliated with an institution or firm, providers should also conduct a 
literature review of the customer's or principal user's past research 
to verify his or her identity and the legitimacy of the order. If a 
literature review results in no publications, providers should request 
the unaffiliated customer or principal user provide references that can 
verify their identity and the legitimacy of the order. Additionally, 
the U.S. Government recommends that providers screen principal users 
against several lists of proscribed entities (described in Section VI), 
if this

[[Page 62828]]

step wasn't already performed as part of customer screening.
    Providers may consider other steps that could be implemented as 
part of follow-up screening. For example, when the customer is an 
institution or firm, providers may consider the following steps: Check 
the customer's contact information against standard industry and 
institutional directories and listings; where the customer is known by 
reputation, check that the contact information matches its Web page; 
and/or confirm customer identity though government contacts. When the 
customer or principal user is affiliated with an institution or firm, 
providers may consider the following steps: Check whether the 
institution's or firm's usual paperwork has been used to place the 
order; check that shipments will be delivered to the institution's or 
firm's usual address; check that the customer's and principal user's 
supervisors have been copied on the order or can confirm the order; 
check that the order has been certified by the institution or firm; 
and/or check that the end-use has been reviewed and approved by the 
institutional biosafety committee or another relevant institutional 
committee.
    It is important to note that a provider's decision to pursue 
follow-up screening does not necessarily imply that the U.S. Government 
will be contacted. However, in cases where follow-up screening cannot 
resolve concerns raised by customer screening or sequence screening, or 
when providers are otherwise unsure about whether to fill an order, the 
U.S. Government recommends that providers contact relevant agencies as 
described in Section VII. Providers should retain records of any 
follow-up screening, even if the order was ultimately filled, for at 
least eight years.

VI. Recommended Processes for Domestic and International Orders

    This section outlines recommendations for specific screening 
processes for orders from domestic and international customers. The 
customer screening, sequence screening, and follow-up screening 
protocols that are referenced in this section are defined and described 
in Section V. Most of the information provided in this section serves 
as a reminder to providers to ensure they are meeting their legal 
obligations not to conduct unapproved business transactions with 
certain proscribed entities.

A. Domestic Orders

    Once a domestic customer order is received, the provider should 
conduct both customer screening and sequence screening, in no 
particular order.
1. Customer Screening
    In addition to verifying the customer identity and identifying any 
``red flags,'' providers should be aware of regulatory and statutory 
prohibitions for U.S. persons from dealing with certain foreign 
persons, entities and companies. In order to avoid violating U.S. law, 
providers are encouraged to check the customer against several lists of 
proscribed entities before filling each order, including the:
     Department of Treasury Office of Foreign Assets Control 
(OFAC) list of Specially Designated Nationals and Blocked Persons (SDN 
List).
     Department of State list of persons engaged in 
proliferation activities.
     Department of Commerce Denied Persons List (DPL).
    According to U.S. regulations, no U.S. persons or entities may 
conduct business transactions with individuals or entities on the SDN 
List without a license from OFAC. This list is maintained by OFAC. OFAC 
only provides a license to deal with individuals on the SDN List in 
extremely limited circumstances.\12\
---------------------------------------------------------------------------

    \12\ Additional information, including the SDN List, is 
available at: http://www.treas.gov/offices/enforcement/ofac/sdn/.
---------------------------------------------------------------------------

    According to U.S. regulations, no U.S. persons or entities may 
conduct business transactions with individuals sanctioned by the 
Department of State for engaging in proliferation activities.\13\
---------------------------------------------------------------------------

    \13\ Announcements of such sanctions determinations are printed 
in the Federal Register and are maintained on the Department of 
State's Web site (http://www.state.gov/t/isn/c15231.htm).
---------------------------------------------------------------------------

    Additionally, the U.S. Government recommends that providers screen 
customers against the DPL for domestic orders. This list includes those 
firms and individuals whose export privileges have been denied. While 
the Department of Commerce only regulates exports and therefore does 
not require that companies screen their domestic customers against the 
list, it recommends that they do so, to avoid unwittingly passing on 
sensitive technology or materials to U.S. residents known to be 
involved in proliferation activities.\4\
    Because the updated lists are available online, providers should 
ensure they are using the most recently updated lists when screening 
customers or principal users against these lists.
    If there are concerns after consulting these lists, providers 
should seek assistance from the U.S. Government as outlined in Section 
VII.
2. Sequence Screening
    Providers should also conduct sequence screening. If a ``sequence 
of concern'' is identified, providers should conduct follow-up 
screening.

B. International Orders

    Once an order from an international customer is received, the 
provider should conduct customer screening and sequence screening, in 
no particular order. Providers are reminded that genetic elements of 
the Select Agents and Toxins, microorganisms and toxins (proteins) are 
controlled for export. Exporters should make sure they are in 
compliance with the EAR when exporting genetic elements from CCL-listed 
items.\4\
1. Customer Screening
    In addition to verifying the customer identity, identifying any 
``red flags,' and complying with the rules described for domestic 
orders, all providers who export products from the United States to 
international customers must comply with the U.S. export laws, 
including the International Emergency Economic Powers Act,\14\ the 
Trading with the Enemy Act,\15\ and any implementing U.S. Government 
regulations or Presidential Executive orders. Certain transactions with 
sanctioned countries may be permitted but may require a license from 
OFAC and/or the Department of Commerce's Bureau of Industry and 
Security (BIS). Currently, most transactions involving Cuba, Iran, and 
Sudan are prohibited. In order to comply with the U.S. export laws and 
regulations, providers must first determine whether a given transaction 
with a sanctioned country is permitted, and, if not permitted without a 
license or approval, obtain any appropriate export licenses or other 
U.S. Government permissions prior to exporting any product to 
sanctioned countries.
---------------------------------------------------------------------------

    \14\ Visit http://www.treas.gov/offices/enforcement/ofac/legal/statutes/ieepa.pdf for additional information.
    \15\ Visit http://www.treas.gov/offices/enforcement/ofac/legal/statutes/twea.pdf for additional information.
---------------------------------------------------------------------------

    According to U.S. regulations, no U.S. persons or entities may 
conduct transactions with individuals or entities on the SDN List 
without a license from OFAC. This list is maintained by OFAC. OFAC only 
provides a license to deal with individuals on the SDN List in 
extremely limited circumstances.\12\
    According to U.S. regulations, no U.S. persons or entities may 
conduct business transactions with individuals sanctioned by the 
Department of State

[[Page 62829]]

for engaging in proliferation activities.\13\
    Some products may not have a specific number on the CCL and so will 
be designated as EAR99 for export purposes. Items designated as EAR99 
do not require a license unless they are exported to countries on the 
embargoed list, to banned individuals, or for prohibited end-uses. As a 
result, before filling an international order for any dsDNA product 
that cannot be classified under an Export Control Classification Number 
(ECCN), providers must consult several lists of such individuals and 
organizations according to the EAR.\4\ If the customer appears on any 
of these lists, additional action is required and an export license may 
be necessary, depending on the list.\16\ These lists include the DPL, 
the Entity List (EL),\17\ and the Unverified List (UL).\18\
---------------------------------------------------------------------------

    \16\ A general review of export control basics is available at 
http://www.bis.doc.gov/licensing/exportingbasics.htm.
    \17\ The Entity List is found in Supplement No. 4 to Part 744 of 
the EAR and can be found on the Web site http://www.bis.doc.gov/entities/default.htm. It is updated periodically.
    \18\ The Unverified List is found on the Web site http://www.bis.doc.gov/enforcement/unverifiedlist/unverified_parties.html. 
It is updated periodically.
---------------------------------------------------------------------------

    In addition to the SDN List and proliferation sanctions 
notifications, providers must not conduct business with persons and 
entities on the DPL based on the EAR.\4\ The DPL includes parties that 
have been denied export and reexport privileges.
    In accordance with the EAR, exports to persons or entities on the 
EL require an export license.4 17 The EL contains a list of 
names of certain international persons--including businesses, research 
institutions, government and private organizations, individuals, and 
other types of legal persons--that are subject to specific license 
requirements for the export, reexport and/or transfer (in-country) of 
specified items. On an individual basis, the persons on the EL are 
subject to licensing requirements and policies supplemental to those 
found elsewhere in the EAR.
    The presence of a party on the UL in a transaction is a ``red 
flag'' that should be resolved before proceeding with the transaction. 
4 18 The UL includes names and countries of foreign persons 
who in the past were parties to a transaction with respect to which BIS 
could not conduct a pre-license check (PLC) or a post-shipment 
verification (PSV) for reasons outside of the U.S. Government's 
control. Additional ``red flags'' can be found in Supplement No. 3 to 
Part 732 of the EAR.
    To avoid violating U.S. laws and regulations, providers should 
consult these lists whenever an international customer places an order. 
Because the updated lists are available online, providers should ensure 
they are using the most recently updated lists when screening customers 
or principal users against these lists.
    Additionally, U.S. persons or entities may not export, reexport, or 
transfer (in-country) an item subject to the EAR without a license if, 
at the time of export, reexport, or transfer (in-country) the exporter 
knows that the item will be used in the design, development, 
production, stockpiling, or use of biological weapons in or by any 
country or destination, worldwide.
    If any of these checks reveals cause for concern, the provider 
should proceed according to the details provided in Section VII.
    If an order involves an export, according to the EAR, both the 
provider and customer are required to maintain documentary evidence of 
the transaction and are prohibited from misrepresenting or concealing 
material facts in licensing processes and all export control 
documents.\4\
    If customer screening raises any concerns, providers should conduct 
follow-up screening.
2. Sequence Screening
    Providers should also perform sequence screening. The U.S. 
Government reminds providers to conduct sequence screening on orders 
from international customers to determine whether they are governed by 
and to ensure compliance with the EAR.\4\
    The U.S. Government recommends that, in addition to screening for 
sequences unique to Select Agents and Toxins, providers use a ``Best 
Match'' approach to identify sequences unique to pathogens, toxins, and 
genetic elements on the CCL when an order is placed by an international 
customer. If the ordered dsDNA is controlled under ECCN 1C353 (which 
covers genetic elements and genetically modified organisms) and is 
capable of encoding a protein, an export license is necessary for all 
international orders, according to the EAR.\4\ Because the EAR's CCL 
and the Select Agents and Toxins lists are not identical, it is 
recommended that providers ensure that international orders are 
screened to identify sequences unique to Select Agents and Toxins and 
CCL-listed items.
    If a ``sequence of concern'' is identified, providers should 
conduct follow-up screening.

VII. Contacting the U.S. Government

    In cases where follow-up screening cannot resolve an issue raised 
by either customer screening or sequence screening, the U.S. Government 
recommends that providers contact one of the following agencies for 
further information:

Federal Bureau of Investigation (FBI)

    If an order raises concerns based on customer screening or sequence 
screening and follow-up screening does not sufficiently verify the 
customer's identity, the principal user's identity, and the order's 
intended end-use, providers should contact the Weapons of Mass 
Destruction (WMD) Coordinator at their nearest FBI Field Office. 
Providers should also contact the WMD Coordinator if follow-up 
screening reveals that the customer or principal user has no legitimate 
need for the order.

CDC and APHIS Select Agent Regulatory Programs (Select Agent Programs)

    If necessary, the CDC and APHIS Select Agent regulatory programs 
can be contacted through the national Select Agent Web site (http://www.selectagents.gov). The CDC program can be contacted directly via e-
mail at [email protected] or by fax at 404-718-2096. The APHIS program can 
be contacted directly via e-mail at 
[email protected] or by fax at 301-734-
3652.

Department of Commerce

    If sequence screening reveals that an order from an international 
customer contains a Select Agent or ``sequence of concern,'' providers 
should contact the nearest field office of the Department of Commerce's 
Office of Export Enforcement. Providers should also contact the Office 
of Export Enforcement if they receive an international order from a 
country currently subject to a U.S. trade embargo or a customer or 
principal user that is on one of the proscribed lists described in 
Section VI. The Department of Commerce will contact other U.S. 
Government agencies as necessary. The supervisory office is in 
Washington, DC and the phone number is 202-482-1208. Locations and 
contact information for all field offices are available at http://www.bis.doc.gov/about/programoffices.htm. Assistance from an export 
counselor at the Department of Commerce is available by calling 202-
482-4811.

[[Page 62830]]

Scenarios

    If providers encounter one of the following scenarios and are 
unable to resolve issues raised by customer screening or sequence 
screening, they can contact one of the following U.S. Government 
agencies for assistance, using the contact information provided above:
    1. Provider receives synthetic dsDNA order and a customer flag 
(suspicious customer) is identified in customer screening. Follow-up 
screening does not resolve the concerns. Recommend the provider contact 
the nearest FBI Field Office WMD Coordinator. FBI contacts other 
Departments and Agencies, as appropriate.
    2. Provider receives a synthetic dsDNA order that is for a Select 
Agent or Toxin. Provider should refer to the Select Agent Regulations 
and follow necessary protocols. If necessary, the provider should 
contact the appropriate Select Agent Program (CDC or APHIS).
    a. CDC or APHIS may contact FBIHQ as appropriate.
    3. Provider receives a synthetic dsDNA order that incorporates a 
``sequence of concern;'' follow-up screening reveals no legitimate 
purpose \11\ for order or research requirement. Provider should contact 
the FBI WMD Coordinator. FBI contacts the CDC or APHIS as appropriate.
    4. Provider receives an international synthetic dsDNA order 
incorporating a Select Agent or Toxin or a ``sequence of concern'' and 
DOC denies the export license. DOC contacts the FBI as appropriate.
    5. Provider receives a synthetic dsDNA order from a customer that 
is listed on one or more restricted lists, which prohibits the 
fulfillment of the order. Provider should contact the FBI WMD 
Coordinator. FBI contacts DOC as appropriate.

VIII. Customer and Sequence Screening Software and Expertise

    There are a variety software packages that can assist with the 
verification of customers (and principal users, if necessary) and 
screening against the necessary lists of proscribed entities. Providers 
should be aware that commercially available software packages may not 
necessarily address all aspects of customer screening recommended by 
the U.S. Government.
    In addition to a sequence database and screening method, 
appropriate sequence screening software must be selected by providers 
of synthetic dsDNA. The U.S. Government recommends that providers 
select a sequence screening software tool that utilizes a local 
sequence alignment technique; a popular and publicly available suite of 
algorithms that meets this requirement is the BLAST family of tools, 
and other tools are available. BLAST is available for download for free 
at the National Center for Biotechnology Information Web site.\19\ 
Similar tools are also freely or commercially available, or could be 
designed by the provider to meet their sequence screening needs. 
Specific criteria for the statistical significance of the hit (BLAST's 
e-values) or percent identity values will not be recommended because 
these details depend on the specific screening protocol. By utilizing 
the ``Best Match'' approach, the sequence with the greatest percent 
identity over each 66 amino acid or 200 bp fragment should be 
considered the ``Best Match,'' regardless of the statistical 
significance or percent identity.
---------------------------------------------------------------------------

    \19\ http://blast.ncbi.nlm.nih.gov/Blast.cgi.
---------------------------------------------------------------------------

    The U.S. Government recommends that providers of synthetic dsDNA 
have the necessary expertise in-house to perform the sequence 
screenings, analyze the results and conduct the appropriate follow-up 
research to evaluate the significance of dubious sequence matches. Such 
follow-up research could include comparing the ordered sequence to 
information found in the published literature about Select Agents and 
Toxins (or, when applicable, items on the CCL) or with information 
found in other databases of Select Agents and Toxins (or items on the 
CCL).
    The U.S. Government recognizes that continued research and 
development on new and improved bioinformatics tools is desirable. As 
new methods are developed, U.S. Guidance may change accordingly.

IX. Records Retention

    The U.S. Government recommends that providers:
     Retain records of customer orders for at least eight years 
based on the statute of limitations set forth by U.S. Code of Federal 
Crimes and Procedures, Title 18 Section 3286.\7\
     Archive the following information: Customer information 
(point-of contact name, organization, address, and phone number), order 
sequence information (nucleotide sequences ordered, vector used), and 
order information (date placed and shipped, shipping address, and 
receiver name).
     Develop, maintain, and document protocols to determine if 
a sequence ``hit'' qualifies as a true ``sequence of concern;'' 
protocols that are no longer current should be maintained for at least 
eight years.
     Keep screening records of all ``hits'' for at least eight 
years, even if the order was deemed acceptable.
     Develop, maintain, and document their sequence screening 
protocols within company records; protocols that are no longer current 
should be maintained for at least eight years.
     Retain records of any follow-up screening, even if the 
order was ultimately filled, for at least eight years.
    If an order involves an export, according to the EAR, both the 
provider and customer are required to maintain documentary evidence of 
the transaction and are prohibited from misrepresenting or concealing 
material facts in licensing process and all export control 
documents.\4\

X. Appendix to Screening Framework Guidance for Providers of Synthetic 
Double-Stranded DNA

Summary of Recommendations

    The field of synthetic genomics is evolving rapidly. This document 
is intended to provide guidance to providers of synthetic double-
stranded DNA (dsDNA) regarding the screening of orders so that they are 
filled in compliance with current U.S. regulations and to encourage 
best practices in addressing biosecurity concerns associated with the 
potential misuse of their products to bypass existing regulatory 
controls. The U.S. Government recommends that all orders of synthetic 
dsDNA be subject to a screening framework that incorporates both 
sequence screening and customer screening.

Customer Screening

    The U.S. Government recommends that, for every order, providers of 
synthetic dsDNA:
    (1) Gather the following information to verify a customer's 
identity:
     Customer's full name and contact information.
     Billing address and shipping address (if not the same).
     Customer's institutional or corporate affiliation (if 
applicable).
    (2) Screen customers against several lists of proscribed entities 
(described in Section VI).
    In cases where the customer is not affiliated with an institution 
or firm, the U.S. Government recommends that the provider conduct 
follow-up screening.
    If a review of customer information reveals one or more ``red 
flags,' the U.S. Government recommends that providers conduct follow-up 
screening.

[[Page 62831]]

Sequence Screening

    The U.S. Government recommends that:
     Ordered sequences be screened using a ``Best Match'' 
approach to identify sequences that are unique to Select Agents and 
Toxins.
     For international orders, ordered sequences be screened 
using a ``Best Match'' approach to identify sequences that are unique 
to pathogens, toxins, and genetic elements on the Commerce Control List 
(CCL), in addition to screening for sequences that are unique to Select 
Agents and Toxins.
     Sequence screening be performed for both DNA strands and 
the resultant polypeptides derived from translations using the three 
alternative reading frames on each DNA strand (or six-frame 
translation).
     Sequence alignment methods should enable the detection of 
any ``sequences of concern'' in a dsDNA order.
     In order to ensure that ``sequences of concern'' embedded 
within larger sequences are not overlooked, when screening orders 
longer than 200 bps, providers should use screening techniques able to 
detect ``sequences of concern'' as short as 200 bps in length.
    If a customer orders a synthetic dsDNA product that meets the 
definition of a Select Agent or Toxin,\20\ domestic providers and 
customers must be in compliance with the CDC and APHIS Select Agent 
Regulations (42 CFR part 73, 7 CFR part 331, and 9 CFR part 121) in 
order to fill the order.
---------------------------------------------------------------------------

    \20\ Please see http://www.selectagents.gov to access the most 
recent Select Agents and Toxins lists. The CDC/APHIS national Select 
Agent registry Web site (http://www.selectagents.gov) contains a 
guidance document entitled ``Applicability of the Select Agent 
Regulations to Issues of Synthetic Genomics'' to assist providers in 
identifying synthetically derived Select Agent materials that would 
fall under the current regulations.
---------------------------------------------------------------------------

Follow-Up Screening

    Providers should conduct follow-up screening if sequence screening 
or customer screening raises any concerns. In follow-up screening, the 
U.S. Government recommends that providers ask for information about the 
customer and principal user, including the proposed end-use of the 
order, to help assess the legitimacy of their order. Providers should 
gather the following information to verify a principal user's identity:
     Principal user's full name and contact information.
     Billing address and shipping address (if not the same).
     Principal user's institutional or corporate affiliation 
(if applicable).
    If the customer or principal user is associated with an institution 
or firm, providers should contact the relevant biological safety 
officer, supervisor, lab director, director of research, or other 
relevant institutional representative to confirm the order, verify the 
customer's and principal user's identity, and verify the legitimacy of 
the order. If the customer or principal user is not affiliated with an 
institution or firm, providers should also conduct a literature review 
of the customer's or principal user's past research to verify his or 
her identity and the legitimacy of the order. If a literature review 
results in no publications, providers should request the unaffiliated 
customer or principal user provide references that can verify their 
identity and the legitimacy of the order. Additionally, providers 
should screen principal users against several lists of proscribed 
entities (described in Section VI), if this step wasn't already 
performed as part of customer screening.

Domestic Orders

    The U.S. Government reminds providers of the following:
     According to U.S. regulations, no U.S. persons or entities 
may conduct transactions with individuals or entities on the list of 
Specially Designated Nationals and Blocked Persons (SDN List) without a 
license from the Department of the Treasury Office of Foreign Assets 
Control (OFAC).\21\
---------------------------------------------------------------------------

    \21\ Additional information, including the SDN List, is 
available at: http://www.treas.gov/offices/enforcement/ofac/sdn/.
---------------------------------------------------------------------------

     According to U.S. regulations, no U.S. persons or entities 
may conduct business transactions with individuals sanctioned by the 
Department of State for engaging in proliferation activities.\22\
---------------------------------------------------------------------------

    \22\ Announcements of such sanctions determinations are printed 
in the Federal Register and are maintained on the Department of 
State's Web site (http://www.state.gov/t/isn/c15231.htm).
---------------------------------------------------------------------------

    The U.S. Government recommends that providers check domestic 
customers against the most recent Department of Commerce Denied Persons 
List (DPL).\23\
---------------------------------------------------------------------------

    \23\ Visit http://www.access.gpo.gov/bis/ear/ear_data.html to 
access the most recent Commerce Control List and review the Export 
Administration Regulations.
---------------------------------------------------------------------------

    In order to avoid violating U.S. law, providers are encouraged to 
check the customer against the most recent versions of these lists of 
proscribed entities before filling each order.

International Orders

    The U.S. Government reminds providers of the following:
     All providers who export products from the United States 
to international customers must comply with the U.S. export laws, 
including the International Emergency Economic Powers Act (IEEPA),\24\ 
the Trading with the Enemy Act,\25\ and any implementing U.S. 
Government regulations or Presidential Executive Orders. Certain 
transactions with sanctioned countries may be permitted, but most 
require a license from OFAC and/or the Department of Commerce's Bureau 
of Industry and Security (BIS). Most transactions involving Cuba, Iran, 
and Sudan are prohibited. In order to comply with the U.S. export laws 
and regulations, providers must first determine whether a given 
transaction with a sanctioned country is permitted, and, if not 
permitted without a license or approval, obtain any appropriate export 
licenses or other U.S. Government permissions prior to exporting any 
product to sanctioned countries.
---------------------------------------------------------------------------

    \24\ Visit http://www.treas.gov/offices/enforcement/ofac/legal/statutes/ieepa.pdf for additional information.
    \25\ Visit http://www.treas.gov/offices/enforcement/ofac/legal/statutes/twea.pdf for additional information.
---------------------------------------------------------------------------

     According to U.S. regulations, no U.S. persons or entities 
may conduct business transactions with individuals and entities on the 
SDN List without a license from OFAC.\21\
     According to U.S. regulations, no U.S. persons or entities 
may conduct business transactions with individuals sanctioned by the 
Department of State for engaging in proliferation activities.\22\
     The Export Administration Regulations (EAR) require that 
providers have an export license from BIS prior to exporting a 
synthetic nucleic acid that is controlled by an Export Control 
Classification Number (ECCN) and is capable of encoding a protein.\23\
     U.S. persons or entities may not export, reexport, or 
transfer (in-country) an item subject to the EAR without a license if, 
at the time of export, reexport, or transfer (in-country) the exporter 
knows that the item will be used in the design, development, 
production, stockpiling, or use of biological weapons in or by any 
country or destination, worldwide.\23\
     In accordance with the EAR, providers must not conduct 
business with persons and entities on the DPL.\23\
     In accordance with the EAR, exports to persons or entities 
on the Entity List require an export license and are subject to 
licensing requirements and policies in addition to those elsewhere in 
the EAR.\26\
---------------------------------------------------------------------------

    \26\ The Entity List is found in Supplement No. 4 to Part 744 of 
the EAR and can be found on the website http://www.bis.doc.gov/entities/default.htm. It is updated periodically.

---------------------------------------------------------------------------

[[Page 62832]]

     The presence of a party on the UL in a transaction is a 
``red flag'' that should be resolved before proceeding with the 
transaction.\27\
---------------------------------------------------------------------------

    \27\ The Unverified List is found on the Web site http://www.bis.doc.gov/enforcement/unverifiedlist/unverified_parties.html. 
It is updated periodically.
---------------------------------------------------------------------------

     In accordance with the EAR, if an order involves an 
export, both the provider and customer are required to maintain 
documentary evidence of the transaction and are prohibited from 
misrepresenting or concealing material facts in licensing processes and 
all export control documents.\23\
    In order to avoid violating U.S. laws and regulations, providers 
are encouraged to check the international customer against the most 
recent versions of these lists of proscribed entities before filling 
each order.
    The U.S. Government recommends that providers utilize a ``Best 
Match'' approach to identify sequences unique to pathogens, toxins, and 
genetic elements on the Commerce Control List for international orders, 
as well as identifying sequences unique to Select Agent and Toxins.

Contacting the U.S. Government

    In cases where follow-up screening cannot resolve concerns raised 
by either customer screening or sequence screening, or when providers 
are otherwise unsure about whether to fill an order, the U.S. 
Government recommends that providers contact relevant agencies as 
described in Section VII.

Customer and Sequence Screening Software and Expertise

    Providers should be aware that commercially available customer 
screening software packages may not necessarily address all aspects of 
customer screening recommended by the U.S. Government.
    The U.S. Government recommends that:
     Providers select a sequence screening software tool that 
utilizes a local sequence alignment technique.
     Providers have the necessary expertise in-house to perform 
the sequence screenings, analyze the results, and conduct the 
appropriate follow-up research to evaluate the significance of dubious 
sequence matches.

Records Retention

    The U.S. Government recommends that providers:
     Retain records of customer orders for at least eight years 
based on the statute of limitations set forth by U.S. Code of Federal 
Crimes and Procedures, Title 18 Section 3286.\28\
---------------------------------------------------------------------------

    \28\ Section 3286 specifies that no person shall be prosecuted, 
tried, or punished for any noncapital offense involving certain 
violations unless the indictment is found or the information is 
instituted within 8 years after the offense was committed. This 
statute of limitations applies to Title 18 Section 175(b) 
(possession of biological agents with no reasonable justification).
---------------------------------------------------------------------------

     Archive the following information: customer information 
(point-of-contact name, organization, address, and phone number), order 
sequence information (nucleotide sequences ordered, vector used), and 
order information (date placed and shipped, shipping address, and 
receiver name).
     Develop, maintain, and document protocols to determine if 
a sequence ``hit'' qualifies as a true ``sequence of concern;'' 
protocols that are no longer current should be maintained for at least 
eight years.
     Keep screening records of all ``hits'' for at least eight 
years, even if the order was deemed acceptable.
     Develop, maintain, and document their sequence screening 
protocols within company records; protocols that are no longer current 
should be maintained for at least eight years.
     Retain records of any follow-up screening, even if the 
order was ultimately filled, for at least eight years.

    Dated: October 6, 2010.
Kathleen Sebelius,
Secretary, U.S. Department of Health and Human Services.
[FR Doc. 2010-25728 Filed 10-12-10; 8:45 am]
BILLING CODE 4150-37-P