You’re a synbio founder preparing for a Series A. You’ve used a Chinese CDMO for process development, your validation data was generated on BGI sequencers, or both. Someone on your board mentions the BIOSECURE Act. You read a few headlines and conclude it’s a government contracting issue that doesn't apply to you, because you've never had a federal contract.
You’re technically right and practically wrong.
The law restricts federal procurement and grants involving designated biotech entities. If your company doesn’t touch federal money, the statute doesn’t directly prohibit anything you're doing today.
But your investors touch federal money. Your potential pharma partners touch federal money. Your future acquirers touch federal money. And all of them are building BIOSECURE compliance into the documents they ask you to sign. The law’s direct reach is narrow. Its reach through term sheets, partnership agreements, and investor representations is not.
We’ve written separately about how BIOSECURE shows up as a specific diligence line item in Series A deals. This piece goes wider: what the law actually does, where early-stage synbio companies are most exposed, and what to do about it depending on how soon you’re raising.
What the law does
The BIOSECURE Act (Section 851, FY2026 NDAA, signed December 18, 2025) prohibits federal agencies from procuring biotechnology equipment or services from designated “biotechnology companies of concern.” It also bars federal agencies from awarding loans or grants to entities that use such equipment or services. It does not ban private US companies from doing business with Chinese biotech firms, and it imposes no penalties on private transactions with no federal nexus. That said, the regulatory picture around Chinese biotech is moving fast: export controls, Entity List actions, and trade policy shifts are all live threads. The BIOSECURE Act is the biggest single development, but it’s not the only one worth tracking.
Earlier drafts named WuXi AppTec, WuXi Biologics, BGI, MGI, and Complete Genomics explicitly. The final law removed the named entities and directs the Office of Management and Budget to publish a formal designation list by December 2026 through a rulemaking process. Nobody knows exactly who will be on it. FAR implementation likely follows in 2027 or 2028, with a five-year transition period for existing contracts.
Where early-stage synbio companies are exposed
Contract Development & Manufacturing Organizations are the biggest source of risk. It’s common for early-stage synbio companies to have used WuXi entities for process development or production runs. WuXi AppTec and WuXi Biologics were the catalyst for the legislation. WuXi will almost certainly end up on the final OMB list, but the shift from named entities to a rulemaking process means it's not formally guaranteed. Either way, investor counsel will treat any WuXi relationship as a disclosure item.
Large pharma companies are already conducting their own BIOSECURE supply chain audits. A startup that can’t demonstrate clean supply chain provenance may find itself excluded from licensing deals and co-development partnerships because the pharma company’s compliance team flags the relationship.
Switching CDMOs mid-program is expensive and slow. Biotechnology Innovation Organization (BIO)’s industry survey found most biotech companies need over a year to source alternatives for critical imported components. That figure covers the full sector, and early-stage companies with simpler supply chains may move faster. But it won’t be quick.
Sequencing is the second area to audit. BGI and its subsidiary MGI make sequencing platforms used widely in both academic and startup labs. If your validation data was generated on BGI/MGI instruments (yours or a CRO’s) that’s a supply chain dependency even if you never purchased the hardware yourself.
Diligence counsel will ask about data provenance, and using BGI sequencers is still a disclosure. The data doesn’t become unusable, but regenerating validation datasets on non-designated platforms costs real time and money, and it may delay your regulatory submissions.
Bioinformatics tools and reagent suppliers are harder to assess right now. Chinese-origin analysis platforms, reagents, cell lines, and biological materials may or may not fall within the Act’s scope. It depends on how OMB defines "biotechnology equipment or services," and that definition hasn’t been written yet.
What to do about it
The right response depends on when you’re raising.
If you're already mid-diligence, disclose proactively to your lead investor’s counsel. Do not wait for them to find the problem. If they discover it before you raise it, you’ve damaged your credibility on every other representation in the deal. Frame the disclosure as a known issue with a remediation plan:
"We use [provider] for [function], here's our assessment of switching costs, and here's our timeline for migration."
Then negotiate the representation language in the deal docs. The exact language varies by deal, but the structural difference looks like this. A standard representation might read something like, “The Company has no material reliance on products or services from biotechnology companies of concern.” If you have exposure, you can’t sign that.
A negotiated version might read: “The Company has identified the following dependencies on [named providers] and has initiated transition plans expected to conclude by [date], as detailed in the disclosure schedule.” Getting from one to the other is exactly what your counsel should be handling for you.
If you're raising in the next 12 months, three things are worth doing now.
- Map your supply chain: identify every Chinese biotech service provider across CDMOs, sequencing platforms, bioinformatics tools, and reagent suppliers. Go one layer deeper than your direct contracts. If your CDMO sources reagents from a Chinese supplier, that counts too. For a Seed-stage company with a handful of vendor relationships, this is a few days of focused work.
- Check your existing CDMO, CRO, and platform agreements for change-of-law provisions. Can you terminate or renegotiate if a supplier gets designated? If the clause isn’t there, note the issue for your next contract cycle.
- Build a migration plan on paper. Identify domestic or allied-country alternatives for the vendors that create the most risk. Get budgetary quotes. Build a realistic timeline. You don't need to execute the migration, but you need to put a credible plan in front of investor counsel when they ask. Bring it to your board, too. If your existing investors haven’t raised BIOSECURE yet, they will soon, and the conversation goes better when you’re the one who initiates it.
If you’re raising later (12 months or more out) hold off on spending real money to migrate until the OMB list drops, expected December 2026.
You should still map your supply chain (the same exercise described above), but the expensive decisions can wait. A planned migration after the regulatory picture clears is cheaper and safer. What you can do now is start conversations with alternative CDMOs and get on their radar. Domestic biomanufacturing capacity is already tight, and every synbio company reading the same headlines will be looking for the same capacity at the same time.
In summary
The BIOSECURE Act gives synbio startups time to plan. Enforcement is years away. The big mistake is treating that runway as a reason to do nothing, and finding out too late when a term sheet lands with representations you can’t sign.