The bill authorizes the Attorney General to permit privately owned and operated forensic DNA laboratories that meet specified accreditation and audit requirements to directly upload qualifying DNA profiles to the National DNA Index System (NDIS). It requires the Department of Justice and the FBI to issue implementing regulations — including eligibility, security, and procedural safeguards — within six months of enactment and directs conforming updates to NDIS manuals and policies.
This is a structural change to how CODIS/NDIS is populated: instead of requiring private-lab results to be mediated through public labs, qualifying private labs would become direct submitters. For practitioners this means faster potential matches and altered chain-of-custody and compliance obligations for private labs, new regulatory work for DOJ/FBI, and fresh legal and operational questions for law enforcement, defense counsel, and privacy advocates.
At a Glance
What It Does
The bill instructs the Attorney General to allow eligible private forensic DNA labs to upload qualifying DNA profiles directly into NDIS and mandates DOJ/FBI to promulgate rules, eligibility criteria, security safeguards, and procedures within six months. It also defines eligibility floor terms (five years ISO/IEC 17025 accreditation, biennial external audits, compliance with FBI Quality Assurance Standards and NDIS MOU/Operational Procedures) and limits private labs to submissions only (no query/search privileges).
Who It Affects
Accredited private forensic DNA laboratories that meet ISO/IEC 17025 and FBI Quality Assurance Standards are directly affected; public forensic labs, law enforcement agencies that rely on CODIS leads, victims awaiting forensic results, and DOJ/FBI as the implementing regulators are also impacted. Defense attorneys and privacy advocates will see new evidentiary and access issues to monitor.
Why It Matters
The bill changes the bottleneck in DNA indexing from a public-lab-only gatekeeping model to a mixed public-private submission model — potentially accelerating investigative leads and reducing backlogs. At the same time it creates a concentrated set of compliance, security, and legal risks that regulators and operators must resolve quickly to preserve chain-of-custody, privacy protections, and the integrity of the index.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
At its core the bill removes the prohibition that has historically required public forensic laboratories to perform the final CODIS/NDIS upload for DNA profiles generated by private labs. Under the Act, the Attorney General must allow ‘‘eligible’’ privately owned forensic DNA testing labs to submit qualifying profiles directly to NDIS.
The Authority to act is conditional: DOJ and the FBI must adopt regulations specifying how eligibility is determined, how uploads occur, and what safeguards protect the system and privacy.
The statute sets minimum definitional requirements for eligibility: a private lab must have at least five consecutive years of ISO/IEC 17025 accreditation from a nationally recognized nonprofit forensic association, pass external audits every two years showing compliance with FBI Quality Assurance Standards, demonstrate compliance with federal limited-access rules for DNA samples and records, and follow the NDIS Memorandum of Understanding and Operational Procedures Manual. The bill also clarifies the scope of access: private labs can submit qualifying profiles but are not granted query/search/retrieval rights in NDIS.Operationally, the bill forces rapid regulatory work.
DOJ and the FBI have six months after enactment to write rules that translate the Act’s eligibility and security touchstones into actionable procedures — for example, how to validate accreditation histories, how to onboard and authenticate private submitters, what cryptographic or physical safeguards are required, how to document chain-of-custody, and what audit and enforcement mechanisms will apply. The Attorney General must also coordinate and update existing NDIS manuals and Memoranda of Understanding to accommodate a new class of submitter.For stakeholders this will change workflow and legal exposure in several ways: private labs that meet the statutory floor will need to maintain and document multi-year accreditation histories and pass recurring external audits; law enforcement agencies will need new intake and case management procedures to incorporate direct submissions; and courts and defense counsel will confront novel questions about the provenance, custody, and audit trail for DNA profiles uploaded by private entities.
The bill leaves many technical and procedural details to the implementing regulations and updated NDIS manuals, so the practical shape of compliance, oversight, and liability will depend heavily on how DOJ and the FBI define those rules.
The Five Things You Need to Know
DOJ and the FBI must issue implementing regulations — including eligibility criteria, upload procedures, and security/privacy safeguards — within six months of enactment.
An eligible private lab must have at least five consecutive years of ISO/IEC 17025 accreditation from a nationally recognized nonprofit forensic association before it can submit to NDIS.
Eligible private labs must undergo external audits every two years demonstrating compliance with the FBI Quality Assurance Standards; these audits are a statutory precondition for eligibility.
Private labs are limited to submitting qualifying DNA profiles and are explicitly not granted authority to query, search, or retrieve NDIS records beyond authorized submissions.
The Attorney General must make conforming amendments to NDIS regulations, policies, and manuals (including the NDIS Memorandum of Understanding and Operational Procedures Manual) to implement the new access category.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Short title
Provides the Act’s short name, the 'CODIS Access Modernization Act.' This is purely nominal but signals the bill’s intent to modernize access rather than change substantive criminal offenses or evidentiary rules directly.
Findings explaining rationale for private-lab access
Lists Congress’s factual and policy findings supporting the change: rising caseloads and public-lab backlogs, private labs’ existing compliance with accreditation standards, precedents for non-government entities performing sensitive functions, and the social costs of unsolved violent crime. These findings do not confer legal requirements but frame congressional intent and will inform how regulators and courts interpret ambiguous provisions.
Direct upload authority and regulatory mandate
Grants the Attorney General authority to allow eligible private forensic DNA labs to directly upload qualifying DNA profiles to NDIS, and requires DOJ/FBI to produce implementing regulations within six months. Practically, this creates a statutory deadline for administrative rulemaking and delegates substantive technical rulemaking to agency expertise; the six-month clock is a hard statutory prompt that may compress deliberation and stakeholder consultation.
Scope limits and definitions of eligibility
Limits private-lab authority to submission-only access (no searching or retrieval) and defines key statutory terms. Eligibility demands include a minimum five-year ISO/IEC 17025 accreditation history, biennial external audits demonstrating compliance with FBI Quality Assurance Standards, adherence to limited-access rules for samples/records, compliance with the NDIS MOU and Operational Procedures Manual, and prohibition on government ownership or management. These statutory floors guide agencies but leave granular criteria (e.g., acceptable accrediting organizations, audit standards, ownership attribution rules) to the forthcoming regulations.
Conforming amendments to NDIS policies and manuals
Directs the Attorney General, in consultation with the FBI Director, to update regulations, policies, and the operational manuals necessary to admit private submitters. This is the mechanism that will change intake procedures, authentication protocols, and the MOU architecture that historically existed between public labs and NDIS.
Effective date and regulatory timing
States the Act takes effect on enactment but ties the practical operation of Section 3 to the six-month regulatory deadline. The statutory language thus separates legal enactment from operational readiness: private uploads cannot meaningfully occur until agencies complete regulatory and procedural updates.
This bill is one of many.
Codify tracks hundreds of bills on Criminal Justice across all five countries.
Explore Criminal Justice in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Victims and investigative agencies — Faster uploads should shorten the time to investigative leads and suspect identification, potentially increasing clearance rates for violent crimes and reducing offender recidivism.
- Eligible private forensic laboratories — Gain a new operational role and revenue stream by becoming direct NDIS submitters and avoiding mandatory redundant public-lab uploads.
- Public forensic laboratories — May see reduced backlogs and relieved workload once eligible private labs shoulder a share of submissions, allowing public labs to prioritize complex analyses and court testimony.
Who Bears the Cost
- Department of Justice and FBI — Must draft, finalize, and implement detailed regulations, update NDIS manuals and MOU frameworks, and stand up oversight and audit programs within the six-month window, creating administrative and resource burdens.
- Private laboratories seeking eligibility — Face compliance costs to document five years of accreditation, undergo biennial external audits, implement heightened security and chain-of-custody procedures, and possibly invest in IT integration with NDIS.
- Defense counsel and courts — May incur new litigation and evidentiary disputes over chain-of-custody, audit trails, proprietary testing methods, and whether private uploads meet existing legal standards; this could increase pretrial motion practice and evidentiary hearings.
Key Issues
The Core Tension
The central dilemma is efficiency versus control: the bill seeks to accelerate investigations by expanding who may populate the national DNA index, but doing so risks weakening centralized control, creating heterogeneous practices across private submitters, and raising privacy, chain-of-custody, and oversight concerns that could undermine both the integrity of matches and public confidence in the system.
The bill establishes statutory eligibility floors but pushes most operational detail into DOJ/FBI rulemaking and updates to NDIS manuals. That design limits congressional specificity but concentrates consequential discretion in agencies working to define accreditation equivalency, audit criteria, ownership vetting, technical authentication, and sanctions for noncompliance.
The six-month regulatory deadline amplifies the risk that agencies will adopt interim or minimalist rules to meet the statutory clock, which could leave important safeguards underdeveloped or inconsistently applied across jurisdictions.
Several practical implementation and legal questions remain unresolved. The statute requires biennial external audits and five years of accreditation but does not specify acceptable accrediting bodies or auditors, nor does it define the evidentiary scope of audit reports.
The phrase 'limited access requirements for DNA samples and records' echoes existing law but leaves open how private-lab physical and information-security practices will be inspected, certified, or enforced. The bill also does not address liability allocation when a private lab’s submission yields a false match or if a breach exposes sensitive genetic data.
Finally, interoperable technical standards and authentication protocols for secure, auditable uploads must be developed; these technical choices will determine whether the change truly reduces backlog without compromising database integrity.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.