The BIOSECURE Act of 2025 bars executive agencies from procuring biotechnology equipment or services from entities the government designates as “biotechnology companies of concern,” and it extends that bar to contracts, contract renewals, and the use of federal loan or grant funds when prohibited products or services are used in performance. The statute requires the Office of Management and Budget (OMB), working with a coalition of national security and civil agencies, to publish and maintain the list of designated entities and to issue implementing guidance and Federal Acquisition Regulation (FAR) revisions.
This bill matters because it converts a national-security concern about foreign access to human multiomic data and biotechnology tools into concrete procurement and grant restrictions. Compliance will touch procurement officers, grant administrators, and contractors across research, clinical, and commercial biotech activities, while OMB, DOD, and intelligence agencies will carry the burden of designation, guidance, and oversight—without new appropriations to fund those tasks.
At a Glance
What It Does
The bill forbids executive agencies from buying biotech equipment or services produced by listed companies and from contracting with entities that use such products acquired after the applicable effective date. It also bars use of federal loan or grant funds for those same purposes and requires OMB to publish and maintain the list of companies of concern.
Who It Affects
Federal procurement officers, grant and loan recipients, prime contractors and subcontractors in life sciences research and clinical services, and biotech firms that sell sequencing, multiomic analytics, or related services to the U.S. government. OMB, DOD, DOJ, HHS, Commerce, DNI, DHS, State, and the National Cyber Director participate in designations and guidance.
Why It Matters
The Act operationalizes a national-security posture around human multiomic data by using procurement levers rather than new criminal or export-control authorities. It creates an interagency driven blacklist with near-immediate procurement consequences once implemented, and it does so with no additional funding—raising practical implementation and supply-chain risk questions for agencies and sector participants.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The BIOSECURE Act instructs OMB to compile a list—based on DOD-provided suggestions and interagency input—of biotechnology companies of concern that federal agencies may not buy from or do business with. The definition reaches companies involved in manufacturing, distributing, or providing biotechnology equipment or services (explicitly including genetic sequencers and software), and it picks up entities identified on DOD’s Chinese military companies list as well as companies that the interagency process finds are tied to foreign adversary control or present national-security risks through joint research, data transfers, or nonconsensual data collection.
Once OMB issues the list, agencies must stop procuring equipment or services from listed companies and must not enter, extend, or renew contracts with entities that use covered products acquired after the Act’s effective dates. The statute also prohibits obligating loan or grant funds for the procurement or use of covered technology.
The law ties its effective dates to a revision of the FAR—the Act sets 60-day and 90-day triggers after that FAR revision depending on which category a company falls into—and carves out a transitional safe harbor for pre‑existing contracts and for equipment formerly produced by a listed company.Recognizing operational needs, the bill creates two waiver streams. Agency heads may grant case-by-case waivers with OMB approval (limited to 365 days with one possible 180‑day national-security extension) and must notify congressional committees when they do.
Separately, agencies may waive the prohibitions for overseas health-care services if necessary to support employees or contractors stationed abroad, again with OMB and DOD consultation and congressional notice.Implementation is driven by interagency processes and reporting rather than by new appropriations. OMB must issue guidance after publishing the list; the FAR Council must revise the FAR to reflect new procurement rules; and the Director of National Intelligence must assess risks from U.S. citizens’ multiomic data held by foreign adversaries within 270 days and provide annual reporting on intelligence related to nefarious uses of such data.
The Act also excludes intelligence activities and certain public-health emergency procurements from its prohibitions.
The Five Things You Need to Know
The head of an executive agency may not procure biotech equipment or services from entities listed as 'biotechnology companies of concern,' nor contract with entities that use covered products acquired after the Act’s effective date.
OMB must publish the initial list of biotechnology companies of concern within one year, using recommendations from DOD and seven other national-security and civil agencies, and review and update that list at least annually.
Effectiveness is tied to a FAR revision: prohibitions take effect 60 days after the FAR change for DOD-listed Chinese military companies and 90 days for other designated entities; pre‑existing contracts and items acquired before the effective date are excluded for up to five years.
Waivers are available: agency heads may grant case‑by‑case waivers with OMB approval (generally up to 365 days, with one 180‑day national‑security extension) and must notify congressional committees; a separate waiver stream exists for overseas health‑care services.
The DNI must complete, within 270 days, an interagency assessment of national‑security risks from foreign possession of U.S. citizens' multiomic data and provide an unclassified report (with a classified annex possible), followed by annual intelligence reporting on nefarious biotech activities.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Short title
Establishes the Act’s popular name, the “BIOSECURE Act of 2025.” This is purely nominal but anchors the statute for citations and cross-references in implementing guidance and agency rulemaking.
Core prohibitions on procurement, contracts, and grant/loan funds
Subsections (a) and (b) put three parallel bars in place: agencies may not procure covered biotech equipment or services from listed companies; agencies may not enter into or extend contracts with entities that use covered products acquired after the effective date; and federal loan or grant funds may not be used to procure or to support contracts that depend on covered equipment or services. Practically, this creates a flow‑down risk: primes and subs must certify post‑effective‑date compliance, and grant administrators must ensure financed purchases don’t violate the ban.
Effective dates, transitional exclusions, and safe harbors
The statute does not flip on immediately; it anchors implementation to a FAR revision, then phases in prohibitions (60 or 90 days depending on the designation category). It also protects existing contracts and pre‑acquired equipment for up to five years, and includes a safe harbor for items that were produced by a listed company in the past but are no longer produced by that company—an important procurement continuity measure for agencies relying on long‑lifecycle instruments.
Waivers and enumerated exceptions
Agencies can request case‑by‑case waivers with OMB approval; routine waivers last up to 365 days and may be extended once for 180 days if national security warrants DOD coordination and quicker congressional notice is provided. A distinct waiver process covers overseas health‑care services for employees and contractors stationed abroad, again with OMB and DOD oversight. The statute also exempts authorized intelligence activities, provision of health care to U.S. employees and dependents, lawfully compiled commercially or publicly available human multiomic data, and procurement of medical countermeasures in declared public‑health emergencies.
Designation process: OMB list and interagency inputs
OMB must publish an initial list within one year using a recommendation process that includes DOD, DOJ, HHS, Commerce, DNI, DHS, State, and the National Cyber Director. The statute instructs OMB to identify entities that are involved in biotech equipment or services and that either appear on DOD’s Chinese military companies list or are subject to foreign adversary control or engagement posing national‑security risks (e.g., joint research with military or transfers of multiomic data). Designations trigger notice rights for affected companies, an opportunity to contest within 90 days, and a non‑immediate public release until OMB completes its review.
DNI risk assessment and annual intelligence reporting
The Director of National Intelligence must produce a 270‑day interagency assessment of national‑security risks posed by U.S. citizens’ multiomic data held by foreign adversaries, deliver an unclassified report (with a classified annex if needed), and then provide annual reports on intelligence regarding nefarious uses of multiomic data by biotech companies. These deliverables are intended to inform the designation process and congressional oversight.
Funding, definitions, and cross‑program mechanics
The Act authorizes no new appropriations for implementation. It provides detailed definitions—'biotechnology equipment or service' (including sequencers and software), 'multiomic' (genomics through metabolomics), 'foreign adversary,' and others—and sets out the committees that receive notice. The statute also contains a conformity provision regarding veteran drug‑pricing authorities to avoid unintended disqualification of manufacturers from federal programs due solely to the procurement prohibitions.
This bill is one of many.
Codify tracks hundreds of bills on Defense across all five countries.
Explore Defense in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- National security and defense agencies: The designation process and procurement bars give DOD, DNI, and OMB a direct tool to limit foreign‑adversary access to U.S. multiomic datasets and sensitive biotechnology capabilities, supporting risk mitigation focused on supply‑chain and data exposure.
- Federal procurement integrity and risk managers: Agencies gain a statutory basis to require vendors to certify supply‑chain provenance and to refuse products from listed companies, simplifying certain risk‑based contracting decisions.
- Domestic biotech competitors and suppliers: U.S. and allied vendors that do not appear on the list could see increased federal demand where the ban causes agencies to shift sourcing away from designated foreign suppliers.
Who Bears the Cost
- Executive agencies' procurement and compliance offices: They must implement the list, update solicitations and contract clauses, monitor contractor purchases for post‑effective‑date use of covered tech, and prepare congressional notifications—all without additional appropriations.
- Grant and loan recipients in academia and clinical research: Recipients must screen vendors and potentially reprocure equipment or services to avoid using prohibited providers, disrupting active research projects and increasing replacement costs.
- Prime contractors and subcontractors in life sciences and clinical-support services: Firms that rely on third‑party sequencing or analytics (including cloud or data‑storage services tied to covered providers) may be ineligible for awards or forced to reconfigure supply chains, incurring transition costs and contractual risk.
- Foreign and U.S. research collaborations: International partnerships that involve data sharing or jointly used instrumentation may be curtailed, affecting clinical trials, public‑health surveillance, and translational research that depend on cross‑border cooperation.
- OMB and interagency staff: The requirement to compile, defend, update, and respond to designation challenges will require sustained OMB coordination and legal support borne by existing agency resources.
Key Issues
The Core Tension
The central dilemma is protecting national security and U.S. citizens’ multiomic data by excluding risky foreign-related biotech suppliers versus preserving scientific collaboration, procurement flexibility, and continuity of research and clinical services; tightening procurement controls reduces exposure to adversaries but also raises costs, disrupts supply chains, and risks impeding legitimate research and healthcare that depend on widely used biotech tools.
The Act’s protective reach depends on how OMB, DOD, and partner agencies interpret key phrases—'involved in the manufacturing, distribution, provision, or procurement of biotechnology equipment or service' and the scope of 'services' that include software and data storage. A broad interpretation captures cloud analytics, contract sequencing services, and many downstream providers; a narrow reading limits the ban primarily to hardware manufacturers.
That choice will determine how disruptive the law is to federally funded research and healthcare delivery.
Due process and transparency are partially addressed by a notice-and-comment‑like mechanism: designated companies get 90 days to submit opposing materials and OMB must notify congressional committees, but the statute allows withheld information on national-security grounds and delays public listing until OMB finalizes determinations. That combination creates a tension between secrecy (protecting sources/methods) and the private-sector need for clear, timely legal certainty to plan contracts and investments.
The absence of new appropriations amplifies implementation risk—OMB, FAR Council, and agencies must absorb the workload within existing budgets, potentially slowing list publication, guidance, and FAR revisions and leaving agencies to make ad hoc procurement choices in the interim.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.