BIOSECURE Act Advances in the US Senate

On Oct. 9, the U.S. Senate passed the BIOSECURE Act as an amendment to the National Defense Authorization Act (NDAA). The legislation prohibits federal agencies from contracting with companies of concern that provide biotechnology equipment or services, or from contracting with any entity that uses such equipment or services. “Biotechnology companies of concern” are those deemed to be national security risks due to links to foreign adversaries. The legislation may affect the ability of pharmaceutical companies that contract with the federal government to obtain active pharmaceutical ingredients from certain Chinese entities.

Sens. John Cornyn (R-TX) and Gary Peters (D-MI) offered the bipartisan amendment. The NDAA subsequently passed the full Senate and must now be resolved with a competing House-passed version (which has no similar provision). During the previous Congress, the U.S. House of Representatives passed an alternative version of the BIOSECURE Act as a stand-alone bill by a 306 to 81 vote. The Senate amendment attempts to address some of the concerns with the House version of the legislation, including the naming of specific companies impacted by the contracting ban without adequate procedural protections, failing to provide a reasonable transition period for existing contracts, and addressing industry concerns about supply chain complications and potential new drug shortages.

Comparing House and Senate Proposals

There are several similarities between the Senate amendment and the previous House legislation, including the following:

• Basic Prohibition: Bans contracting, loans, or grants by federal agencies to obtain biotechnology equipment or services from a company of concern, or contracts with any company that uses biotechnology equipment or services produced or provided by a company of concern.
• Active Pharmaceutical Ingredients: Covers “any … component … that is designed for use in the … production … of biological materials.”
• Limited to FAR Contracts: Only applies to contracts subject to the Federal Acquisition Regulation (FAR), which excludes the Medicaid Drug Rebate Agreement and Medicare Part D Discount Program Agreement.
• Agency Waivers: The head of an agency may waive prohibitions on contracting, loans, or grants for up to one year, with a one-time extension of 180 days.

There are also important differences between the two versions of the BIOSECURE Act, as outlined in the table below.

Enforcement Is Administrative, But with Potentially Substantial Commercial Mass Impact

Several pharmaceutical and biotech firms have disclosed potential exposure in SEC filings, suggesting that BIOSECURE-related risk is now material to investors. For instance, Iovance Biotherapeutics highlighted reliance on a Chinese Contract Development and Manufacturing Organization (CDMO) as a possible vulnerability, while Cabaletta Bio warned that supplier loss may disrupt clinical timelines. These disclosures demonstrate that companies are viewing the Act not only as a compliance issue but as a factor affecting valuation, disclosure, and investor confidence.

The enforcement architecture of the BIOSECURE Act is notable for its breadth and indirect reach. Unlike traditional export-control or sanctions regimes that target specific transactions, the Act embeds compliance obligations into eligibility for federal contracting and grant participation. Any federal agency would be prohibited from contracting with an entity—or providing loans or grants—if that entity uses biotechnology equipment or services from a “company of concern” in performance of the work. This “use”-based standard effectively converts what were once procurement decisions into compliance determinations, extending liability exposure to subcontractors, CDMOs, Contract Research Organizations (CROs), and data-management vendors engaged in federally funded research or production.

The enforcement tools are primarily administrative but carry potentially substantial commercial weight. Once implementing rules are adopted through the Federal Acquisition Regulation (FAR), agencies may issue determinations of ineligibility, terminate or decline to renew contracts, or refuse to release funds under ongoing agreements. Although the statute does not currently provide for civil or criminal penalties, the consequence of ineligibility functions as a quasi-sanction, barring affected entities from significant participation in U.S. public-health programs. Given the reputational sensitivity of federal projects, companies found non-compliant may also face heightened investor scrutiny, disclosure obligations, and partner reluctance.

The waiver mechanism provides limited relief—agency heads may approve a one-year exemption, extendable once for 180 days, based on national-interest justification. Such waivers might apply narrowly, particularly for medical countermeasures or urgent health emergencies. As a result, most pharmaceutical and biotech companies may anticipate tight enforcement timelines. Legal and compliance teams may wish to integrate BIOSECURE Act diligence into broader risk frameworks, aligning it with export-control, sanctions, and cybersecurity programs. This would include enhanced supplier representations, audit rights, and documentation showing good-faith efforts to identify and mitigate exposure.

The Office of Management and Budget (OMB) and FAR Council are expected to clarify definitions of “use” and “equipment or services.” Until then, the strongest defensive posture may be proactive documentation and substitution planning, demonstrating that a company has exercised due diligence and mitigation. Over time, compliance certification and audit mechanisms may develop, similar to the Defense Federal Acquisition Regulation Supplement (DFARS) cybersecurity model, effectively making BIOSECURE conformity a prerequisite for participation in federal life-sciences contracting.

A New Vision Requires Resilience and Optionality

The BIOSECURE Act represents more than a procurement restriction— if enacted it would signal a structural shift in how the U.S. government defines “trusted” biotechnology partners. For pharmaceutical companies, the most significant consequence may not be the immediate prohibition on sourcing from listed Chinese entities, but the gradual decoupling of federal biomedical programs from globally integrated supply chains. The Act’s focus on biotechnology “equipment or services” reaches deep into the pharmaceutical value chain—covering sequencing tools, data-storage platforms, cloud-based bioinformatics, CDMO services, as well as the use of certain reagents or diagnostic devices. In effect, any U.S. pharma company that conducts federally funded research or manufactures products purchased by government programs would need to validate the security and provenance of its entire upstream infrastructure.

While the Senate amendment offers longer transition periods and a more procedurally grounded designation process than the 2024 House bill, the practical challenge for industry remains formidable. The Act obliges companies to map supplier dependencies at a level of granularity that the FAR or Food and Drug Administration (FDA) frameworks have not previously required. Some firms have visibility into Tier-1 suppliers but less insight into sub-tier providers – particularly when CDMOs or analytics vendors subcontract specialized services. This opacity would be problematic once the OMB publishes the list of “companies of concern,” as even indirect reliance on a prohibited entity might render an organization ineligible for federal contracts or grants. For global pharma groups, this may force a reevaluation of long-standing relationships with China-based contract manufacturers and data analytics firms, as well as a reassessment of business-continuity plans should those relationships need to be unwound.

Strategically, the BIOSECURE Act would accelerate a broader shift toward localization and diversification of biomanufacturing capacity. U.S. and multinational pharmaceutical companies may find commercial advantage in demonstrating “trusted supply chain” credentials to federal partners—similar to how defense contractors differentiate themselves through compliance with cybersecurity or export-control standards. Over the medium term, stakeholders may expect more joint ventures or technology-transfer arrangements designed to onshore critical capabilities such as plasmid DNA synthesis, cell-line development, or high-throughput sequencing. This may also catalyze investment in U.S. and allied-country CDMOs, potentially driving up demand—and costs—for compliant capacity. Conversely, smaller biotech innovators that depend heavily on Chinese vendors for affordable services may face significant barriers to entry unless transition funding or targeted exemptions are introduced.

Pharmaceutical companies may wish to treat the next 12–18 months as a pre-implementation window to build resilience and optionality. Priority considerations include:

1. Supply-chain due diligence — conduct a structured review of all vendors providing biotechnology-related equipment or services, tracing through to second-tier subcontractors.
2. Contract remediation — insert origin-of-equipment and data-integrity representations, with notification and substitution rights if a vendor becomes listed as a “company of concern.”
3. Strategic sourcing — evaluate alternative domestic or allied suppliers and model the financial and regulatory implications of re-sourcing critical inputs.
4. Internal governance — align compliance, procurement, and R&D functions so that supplier-approval decisions account for BIOSECURE Act exposure, not just Good Manufacturing Practice (GMP) or quality factors. In certain technology areas, such as cell and gene therapy, companies may find it difficult to change their clinical supplier for commercial use due to the complexity of process development. Therefore, an early evaluation and decision on the R&D supplier might be critical in ensuring future commercial success.
5. Regulatory engagement — monitor OMB and FAR rulemaking closely and consider participating in public comment processes to advocate for workable transition periods and clearer definitions.

From a broader policy standpoint, the Act underscores the U.S. government’s determination to treat biotechnology as a national security domain, comparable to semiconductors or telecommunications. This reframing might ripple through FDA collaborations, Biomedical Advanced Research and Development Authority (BARDA) partnerships, and federally supported R&D consortia. In the long run, the compliance burden may become a differentiator: firms able to demonstrate robust data-governance, secure digital infrastructure, and transparent supplier vetting may enjoy preferential access to government partnerships and potentially to private-sector contracts that adopt similar standards.

In short, the BIOSECURE Act might be understood not merely as a supply-chain restriction but as a redefinition of trust in the biomedical ecosystem. Pharmaceutical companies that respond early—by institutionalizing supplier transparency and building secure, multi-jurisdictional sourcing networks—might be best positioned to navigate both the compliance demands and the emerging market opportunities this realignment creates.