Preparing for the US Biosecure Act - what does it mean for the pharma industry?

How-will-the-Biosecure-Act-impact-the-pharma-industry.jpg
© Getty Images

The US Biosecure Act was passed by the House of Representatives in September and seems likely to become law.

But what does the Act mean for the biotech and pharma industry and how can companies best prepare for any impacts on future business?

The Biosecure Act was first proposed by the US government late last year due to concerns about national security and how genetic and other biological data could be misused by foreign adversarial governments with a focus on China.

It intends to prevent US federal agencies, for example, the National Institutes of Health, from setting up contracts with or giving grant money to companies that have contracts with specific ‘companies of concern’. The companies of concern will be added to a list and could be from ‘adversarial’ countries such as China, North Korea, Russia and Iran.

The current status of the Biosecure Act is that it was passed by the US House of Representatives on Sep 9, with a vote of 306-81 for the bill across both parties. It is now awaiting a vote by the US Senate but is likely to pass into law sometime next year.

“There's actually two versions in the Senate, one that is the House version, and then one that's a little bit different,” explained Matthew Wetzel, a Partner in the Washington, D.C. office of Goodwin Procter LLP who specializes in advising life science companies on legal issues, in an interview.

“The Senate could pass the version that's identical to the House version, in which case it would just go to President Biden for signature. If they use their original version that's a little bit different. Then they have to go back to the house. They've got to figure out a common version. Both houses have to approve it.”

Notably, the upcoming US election is unlikely to have much of an impact on the Act being passed into law as, for the most part, Democrats and Republicans agreed on the content. “This is one of the very few bipartisan issues here in Washington,” said Wetzel. “Democrats and Republicans have been linking arms on this, so I actually think the election won't necessarily have a significant impact here.”

Why was the Act proposed?

There has been a lot of speculation about the reasons the Biosecure Act was proposed. Of course, some of the reasons will remain confidential due to national security, but there has been increasing concern in the US that certain Chinese companies may have overly strong links with the Chinese government and military and that the technology produced by these companies could be detrimental to US security.

Due to the fact that biotech and pharma companies depend on sensitive genetic and other important healthcare data to develop new products, this sector is thought to be particularly vulnerable.

“A lot of healthcare and biotech organizations have been breached over the last years both by ransomware, as well as by nation state attackers,” Bruno Kurtic explained in an interview. He is the CEO of data management and data security company Bedrock Security and regularly advises companies on these issues. “This act is important because we're getting concerns that some of this data, which can be weaponized against individuals, can be leaked through the normal course of business and given into the hands of our national adversaries.”

So far, five companies –BGI, MGI, Complete Genomics, WuXi App Tec and WuXi Biologics– have made it on to the tentative blacklist proposed by the Biosecure Act.

“There's actually a variety of issues that Congress has alleged about these companies that has resulted in their appearing on the list,” explained Wetzel.

“Number one, a concern about the genetic information issue. There's also a concern about access to, or unauthorized transfers of US intellectual property. There are concerns about research and collaboration with the Chinese military and Communist Party, including some allegations, not necessarily with respect to all of these entities, about involvement in the disparate treatment of the Uyghur Muslim minority population in China. Finally, there are also concerns about the general overdependence that the US biotech industry has on the Chinese biotech industry.”

What do companies need to know to prepare for the Act becoming law?

An important point about the Act, is that it will only impact companies on the list and not all Chinese biotech, pharma or CRO or CDMO companies. But although the list currently only includes five companies, more could be added in the future.

“It kind of casts a shadow over the rest of the industry, because the government can also look at other entities and say, we're going to name them as well,” noted Wetzel. “But in no event is it just a broad category of companies. It's specific named entities.”

Another important point is that if the act becomes law next year, as is being predicted, there is a clause in the Act that protects impacted companies until 1 Jan 2032. This means that if companies have existing relationships with companies on the list of concern, they will have time to wind down the relationships and find new providers.

“I do think that companies would be well advised to make sure they understand the full scope of their relationships with, most certainly, the named entities in the legislation, but also any Chinese CDMO or CRO, also Russian, Iranian and North Korean companies [if this applies],” said Wetzel.

“If you were to need to pivot to alternative vendors and suppliers, who are those entities or companies, and how do you start those conversations and discussions?”

Kurtic suggests that companies should focus on establishing good data management practice if they are not already doing this. “Ensure that you know what happens to your sensitive data. Does it move? Where does it go? Are people creating derivatives of this data? Understand the use of the data so that you can prevent leakage, and things like that.”

“These are things that will help enterprises, not just with preparing for the Biosecure Act, but with any regulatory or security process concerned with data.”

Predicting potential fallout

It’s hard to say exactly what the outcomes will be when this Act goes into effect, but being added to the blacklist could have dire consequences for the companies involved. Indeed, WuXi announced last week that it is already considering selling some of its European and US operations in advance of the Act becoming law.  

“We haven't seen a lot of pushback on the Biosecure Act, until very recently when the House version of the bill came up for debate,” said Wetzel.

“It was about giving a little bit more transparency on the reasons why these companies are added to the list, so that if a company, for example, decided to leave China and move to a different country or to go elsewhere, how could they get off of that list?”

Another potential problem linked to the Act is the available CDMO and CRO capacity outside of China may struggle to keep up with demand from US and European biotech and pharma companies.

“It would be great to have perhaps a tax incentive to increase CDMO capacity here in the US, or some sort of relationship with EU and UK CDMOs where the government provides incentives to increase that capacity,” said Wetzel.

“I think the big issue is there's just not enough capacity.... When you think about one of these relationships, you can't just call up a contract manufacturing organization and say, ‘Okay, we're ready to produce the drug.’ They've got to have the right specifications, the right equipment. Everything has to be tested. They've got to go through inspections and approval processes. It is a long-term relationship to set up.”