ARTICLE
23 March 2026

BIOSECURE And The Shift To Secure Biotech Supply Chains

SR
McDermott Will & Schulte

Contributor

McDermott Will & Schulte logo
Explore Firm Details
The BIOSECURE Act, enacted on December 18, 2025, introduces new parameters for biotechnology companies seeking US government funding and procurement.
United States Food, Drugs, Healthcare, Life Sciences
James Ravitz,Michael Ryan,Marissa Hill Daley
+2 Authors
 Your Author LinkedIn Connections
James Ravitz’s articles from McDermott Will & Schulte are most popular:
  • within Food, Drugs, Healthcare and Life Sciences topic(s)
  • in Canada
  • with readers working within the Retail & Leisure industries
McDermott Will & Schulte are most popular:
  • within Food, Drugs, Healthcare, Life Sciences, Cannabis & Hemp and Privacy topic(s)

The BIOSECURE Act, enacted on December 18, 2025, introduces new parameters for biotechnology companies seeking US government funding and procurement. Although framed as a national security measure, BIOSECURE underscores how biotechnology supply chains, genomic data, and advanced manufacturing have come to be seen as strategic infrastructure. The legislation’s practical effects will extend into supply chain design, vendor selection, and data governance practices, shaping how organizations position themselves for federally connected research and manufacturing work.

At a high level, the statute establishes two related restrictions:

  • Federal agencies may not procure or use biotechnology equipment or services produced or provided by a designated biotechnology company of concern (BCC).
  • Agencies may not award, extend, or renew contracts, grants, loans, or cooperative agreements to entities that rely on covered BCC equipment or services in the performance of federally supported work.

The definition of “biotechnology equipment or services” is broad, encompassing instruments, reagents, sequencing technologies, data platforms, contract development and manufacturing services, and associated software or support components. BIOSECURE exposure may arise not only from direct suppliers, but also from third-party software, data platforms, or service providers that support biotechnology workflows. Prior reliance on a BCC does not create disqualification if those inputs have been removed from federally supported activities.

In Depth

Designation and implementation

Rather than naming specific companies in the statute, the US Congress adopted an administrative designation model led by the Office of Management and Budget (OMB). Agencies will assess entities that may pose national security risks based on foreign-adversary ties, access to sensitive biological or genomic data, or control of critical biotechnology capacity. The statute does not require any particular number of designations, and the size and character of the BCC list may evolve over time as the framework develops. Early designations are expected to focus on companies involved in genomic data aggregation, biospecimen access, or large-scale biologics manufacturing. Organizations should therefore plan for potential shifts in scope, including the possibility that affiliate relationships, data-access arrangements, or corporate restructurings could affect exposure.

Timeline

  • December 18, 2025: BIOSECURE Act enacted.
  • By December 2026: Initial BCC list published by OMB.
  • 2027 – 2028: Federal Acquisition Regulation (FAR) updated to incorporate BIOSECURE requirements.
  • Following FAR implementation: Procurement and funding restrictions become effective.
    • Five-year transition period for pre-existing contracts starts: Agreements entered into before the effective date may continue for up to five years while covered suppliers or services are replaced.

Enforcement

BIOSECURE implements its restrictions through established procurement and grant compliance mechanisms. Contracting officers may treat proposals as nonresponsive, decline renewals or options, or disallow costs tied to noncompliant performance. Required representations and certifications, clause flow-downs, and supplier attestations will likely become central compliance tools, and inaccurate compliance representations could lead to termination, adverse performance reporting, or loss of eligibility for future awards. In more serious cases, knowingly seeking payment while using covered BCC inputs in performance could support False Claims Act theories, along with suspension or debarment risk. In the grants context, agencies may impose special conditions, suspend drawdowns, disallow costs, or terminate awards. Documentation of supplier diligence and audit-ready compliance records will therefore be important for demonstrating compliance.

Rise of trusted supply chains

Although BIOSECURE operates through procurement and funding restrictions, its influence will likely extend beyond federal agencies. Universities, federal laboratories, academic medical centers, and government contractors that depend on federal funding will likely reassess sourcing decisions, vendor diligence, and data governance practices. Over time, this may encourage a gradual shift toward suppliers that can demonstrate transparent ownership structures, strong audit frameworks, secure data practices, and reliable manufacturing footprints. Increased scrutiny of subcontractors, software layers, firmware, and data infrastructure will likely follow, along with closer attention to chain-of-custody and traceability controls in biotechnology manufacturing and research workflows.

For companies with federal exposure, preparation may begin with mapping biotechnology dependencies across equipment, platforms, manufacturing partners, and data systems used in federally supported work. Where feasible, separating federally connected environments from commercial operations can preserve flexibility and help manage compliance risk. Companies may also consider evaluating alternative suppliers, updating vendor agreements to address designation-trigger transitions, and incorporating BIOSECURE-related diligence questions into collaborations, licensing arrangements, and mergers and acquisitions activity. Monitoring designation developments and implementation guidance through a coordinated internal process will be important.

Conclusion

The BIOSECURE Act reflects a broader policy shift: biotechnology supply chains are increasingly viewed as strategic infrastructure. In the near term, the legislation will push organizations to understand their dependencies and build flexibility into supplier relationships. Over time, BIOSECURE may influence competitive dynamics by placing a premium on traceable supply chains, reliable manufacturing partners, and strong data governance controls. Companies that treat BIOSECURE solely as a compliance obligation may miss the larger signal. Those that use the implementation period to strengthen transparency, documentation, and operational resilience will be better positioned to manage regulatory risk and compete for federally connected research, development, and manufacturing opportunities as procurement expectations continue to mature.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of James Ravitz
James Ravitz
Photo of Michael Ryan
Michael Ryan
Photo of Paul Gadiock
Paul Gadiock
Photo of Marissa Hill Daley
Marissa Hill Daley
Person photo placeholder
Jeff Weinstein
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More