Know Your Customer (KYC)
Ensure that entities accessing dangerous biological tools, services, and materials are legitimate and accountable.
Last updated: May 11, 2026 · Public updates are batched quarterly, with urgent corrections as needed.
5-year budget target
Pillar
Five-Year Trajectory
2026
Define harmonized KYC standards for the highest-risk biological tools and services
2027
Begin widespread KYC adoption across high-risk biological vendors and services
2028
Extend KYC to CROs, cloud labs, repositories, reagent suppliers, and AI/bio tools
2029
Achieve broad compliance with synthesis screening, KYC, AI-bio safeguards across distinct model tracks, and misuse monitoring
2030
Sustain high KYC compliance across high-risk biological vendors
Current Status of the Field
Identity verification, credentialing, and automated compliance platforms are mature in adjacent sectors, but life-sciences providers lack a shared implementation pattern.
KYC is well understood as a compliance concept, but no harmonized standard yet covers the highest-risk life-sciences tools and services across major jurisdictions.
The bottleneck is adoption quality: standards must be enforceable and auditable without creating excessive friction for legitimate research and commerce.
The Problem
A malicious actor can currently access a range of dual-use biological materials and services with little more than a credit card and a shipping address. Many gene synthesis companies, biological repositories, cloud laboratories, contract research organizations, dual-use reagent suppliers, and AI/Bio models operate without adequate customer due diligence. Screening DNA sequences is necessary but not sufficient if we cannot verify who is placing the orders.
The Solution
There are currently no harmonized frameworks or best practices for KYC across the life sciences, and many relevant providers do not implement meaningful KYC at all. Defining standards and mandating their adoption is therefore an urgent priority. Providers can use automated platforms, identity-verification systems, and pre-verification mechanisms for trusted researchers to make KYC feasible at scale.
Objectives
- ◆All high-risk dual-use biological tools, products, and services implement universal know-your-customer verification against harmonized international standards (including gene synthesis providers, benchtop manufacturers, biological repositories, high-risk AI/Bio models, dual-use reagent suppliers, contract research organizations, and cloud laboratories)
Urgent 2026 Milestone
Define KYC standards for the highest-risk biological tools and services in the U.S., EU, and UK, and create a pathway for mandatory adoption globally.
Long-term Targets
High-risk bio vendor KYC adoption
Year-by-Year
Philanthropy
- •Convene and fund development of harmonized international KYC standards for the life sciences
- •Fund development of independent third-party KYC solutions for the life sciences
Private Sector
- •Participate in KYC standards development and begin implementing KYC for dual-use biological tools, services, and materials
Government
- •Begin domestic rulemaking and standards adoption for KYC across high-risk tools and services
- •Prepare legislative or regulatory pathways for mandatory KYC in key jurisdictions
Philanthropy
- •Continue funding deployment of screening software and independent audit capacity across providers, including smaller and international firms
- •Support implementation-focused KYC tools and verification infrastructure
- •Continue funding separate AI-bio evaluation tracks for frontier LLMs, biological foundation models, and autonomous-lab workflows
- •Support broader bio-audit adoption, institutional awareness, and development of publication-risk-management norms
- •Continue support for misuse-detection tooling and cross-provider threat-sharing systems
Private Sector
- •Implement standardized synthesis screening and customer verification at scale
- •Participate in split-order detection systems and submit to independent screening verification where possible
- •Expand KYC adoption across high-risk vendors and service providers
- •Make AI-bio evaluation and safeguard deployment routine across separate LLM, biological foundation model, and autonomous-lab tracks
- •Expand participation in bio-audits, accident reporting, pre-publication review, and institutional adoption pilots
- •Routinely share threat signals and maintain misuse monitoring
Government
- •Move from legislative or rulemaking activity to initial compliance and oversight in synthesis screening and KYC
- •Support independent verification of AI biorisk evaluation and safeguard adoption through track-specific formal agreements or requirements
- •Expand implementation of accident-reporting requirements, research-risk oversight, and institutional participation pathways
- •Support law-enforcement pathways for escalating provider-generated threat signals
Philanthropy
- •Support more advanced evasion-resistant and function-based screening R&D
- •Support scaling of KYC tools and red-teaming across a broader set of high-risk service categories
- •Support secure data infrastructure for high-risk biological AI training data and continued safeguard research across LLM, bio-foundation-model, and autonomous-lab tracks
- •Support global governance reform, institutional adoption, and continued capacity-building for bio-audits and risk-based research oversight
- •Support public communication efforts that reinforce deterrence posture and accountability
Private Sector
- •Submit to independent screening verification and deploy updated screening algorithms
- •Extend KYC and more extensive customer vetting to newly covered categories such as CROs, cloud labs, repositories, and AI/bio tools
- •Continue safeguard deployment for high-risk AI systems and participate in track-specific red-teaming
- •Expand compliance with institutional risk-governance requirements, adoption programs, and misuse monitoring mandates
Government
- •Enforce synthesis-screening compliance and audit requirements
- •Regulate the secondary market for benchtop synthesis devices and broaden KYC requirements to additional high-risk categories
- •Mandate safeguards for high-risk AI systems with biological capabilities across separate LLM, biological foundation model, and autonomous-lab pathways
- •Institutionalize accountable public oversight for high-consequence biological research, including licensing, institutional participation, and bio-audit frameworks
- •Institute requirements for misuse monitoring and threat sharing for high-risk biological services
Philanthropy
- •Focus remaining philanthropic capital on gap-closing, deterrence signaling, and ensuring high-risk systems actually perform under stress
- •Support maturation of attribution capabilities and public communication around accountability
- •Continue targeted support for jurisdictions, sectors, or institutions lagging in compliance, AI-bio safeguards, or research-governance adoption
Private Sector
- •Achieve broad compliance with screening, KYC, safeguard, and misuse-monitoring requirements
- •Maintain regular red-teaming, audit participation, and rapid remediation processes
- •Support stronger bioforensic attribution capability through data-sharing and exercise participation
Government
- •Ensure broad compliance and meaningful enforcement across screening, KYC, AI-bio safeguards, and research governance
- •Verify that high-risk LLM, biological foundation model, and autonomous-lab safeguards perform under stress
- •Establish or strengthen attribution and accountability doctrine for biological attacks
- •Exercise bioforensic and deterrence capabilities routinely
Philanthropy
- •Focus on closing residual gaps, supporting lagging geographies or sectors, and maintaining pressure for continuous improvement
- •Continue support for frontier-risk research, AI-bio track-specific evaluation, institutional research-governance adoption, residual-risk assessment, and measurement refinement
Private Sector
- •Maintain high compliance and continuous improvement in screening, KYC, safeguards, red-teaming, and misuse monitoring
Government
- •Sustain enforcement, update standards to keep pace with new technologies, and ensure risk-governance and AI-bio safeguard systems remain current
Who's Working on This
Funders
regranting
regranting
Implementers
biotech
biotech