The much-anticipated BIOSECURE Act became U.S. law on 18 December 2025, intending to address national security concerns relating to sharing of genomic data of U.S. citizens with Contract Development and Manufacturing Organizations (CDMOs) thought to be aligned with foreign adversary governments, and also as a means to reduce reliance on biotechnology from foreign adversaries.

As enacted, the law prohibits the U.S. government from obtaining "biotechnology equipment" and "biotechnology services" (terms defined broadly) from "biotechnology companies of concern." The prohibition impacts companies with federal contracts and/or grants, as they will not be permitted to provide any such biotechnology equipment or services in the performance of those agreements. The prohibition extends to any such equipment or services "knowingly" obtained from third party subcontractors or vendors. The contracts at issue in BIOSECURE are federal acquisition contracts and federal funding awards; accordingly the law does not apply to reimbursement/payer contracts (e.g., contracts supporting federal health programs such as Medicare and Medicaid).

Unlike earlier iterations of the law, the BIOSECURE Act does not identify specific companies of concern. A biotechnology company of concern will be identified on a list to be published by the Office of Management and Budget (OMB) because the company: (1) is involved in manufacturing, distributing, providing, or procuring any biotechnology equipment or service and is listed on the Department of War's "Section 1260H" list of Chinese military companies operating in the United States; (2) meets criteria outlined in the BIOSECURE Act as determined by OMB's review in coordination with the heads of other government agencies; or, (3) is a subsidiary, parent, or successor of an entity identified in (1) or (2) and meets the criteria outlined in the BIOSECURE Act. Both lists are subject to annual update.

Companies will have a period of time to assess any compliance and business impact of BIOSECURE, as the law provides the government with a two-and-a-half-year period for implementation. Once implemented, BIOSECURE's prohibitions will only apply prospectively to federal contracts and grants awarded after the prohibitions become effective. Importantly, it also contains a five-year "grandfathering" provision allowing the supply of biotechnology equipment or services under contracts and grants provided to contractors under pre-existing contracts with companies of concern.

While the broad outlines of BIOSECURE are plain, multiple provisions leave questions unanswered that are expected to be clarified throughout implementation. In the meantime, targeted diligence can facilitate understanding of the potential impact of BIOSECURE. Critical considerations include: (1) whether arrangements with non-U.S. CDMOs are in place, (2) whether such arrangements would – or could, potentially – result in the delivery of biotechnology services or equipment under a current or future USG contract or funding award, and (3) whether there is a "safety valve" to allow a company to exit any such arrangement(s) while retaining critical assets.

Finally, as the specifics of BIOSECURE's implementation are coming into focus, the biotechnology industry continues to follow "copycat" legislation being introduced in multiple states, some of which imposes broader overall "use" restrictions not limited to government contracts.