Beijing’s Asymmetric Securitization of Genomic Data
Christopher Nye & Charles Sun
Executive Summary:
Beijing is pursuing an asymmetric closed-door doctrine, ensuring domestic critical resources remain onshore while attracting additional resources from overseas. One of the most developed instances of this approach is seen in its handling of human genetic resources (HGR).
Strict controls over HGR have kept samples and sequencing data onshore for more than a quarter century. A recent National Health Commission consultation draft of revised HGR implementing rules adds to a growing regulatory regime covering HGR that includes laws on biosecurity, data security, personal information protection, and state secrets, as well as two cross-border data rules.
The newly proposed rules seek to expand the state’s access to genetic information by mandating that data disclosed abroad for publication or at conferences must first be deposited at the China National Center for Bioinformation, a state-run gene bank. This is one of two state-led repositories that are intended to rival national-level gene banks in the United States, Europe, and Japan.
BGI Group’s overseas business, including prenatal testing in 52 countries and pandemic-era laboratory deployments, shows how genomic data generated abroad flows toward PRC-controlled repositories.
No other analogs exist for this regime. The U.S. approach makes openness the default for federally funded fundamental research, with no nationality restrictions on access to its GenBank data. Washington began restricting bulk genomic transfers to countries of concern only in 2024.
On May 8, the National Health Commission (NHC), which took over human genetic resource (HGR) governance from the Ministry of Science and Technology (MOST) in 2024, released a consultation draft of revised implementing rules for the Regulations on the Administration of Human Genetic Resources (人类遗传资源管理条例), with the public comment period running until June 7 (NHC, May 8). Article 39 provides that information transferred abroad for publication or conference disclosure satisfies the prior-reporting obligation only by first depositing the data with the China National Center for Bioinformation (CNCB; 国家生物信息中心), the genomics repository hosted at the Chinese Academy of Sciences’ Beijing Institute of Genomics. The provision confirms the CNCB as the central repository through which the state consolidates and retains human genomic information within the People’s Republic of China (PRC), including data researchers disclose abroad.
HGR governance offers a useful case study for understanding how Beijing implements its asymmetric closed-door strategy in other domains (China Brief, May 22). Of the four factors that this security-driven strategy seeks to retain—persons, capital, technology, and information—three map directly onto HGR retention. Foreign-control limits on who may handle PRC genetic resources, security reviews that backstop a non-exhaustive resource catalogue, and mandatory in-country data retention all appear in the HGR regime in a more layered form than artificial intelligence (AI) investment and frontier hardware governance regimes. The channeling of genomic data from outside the PRC toward PRC-controlled repositories through commercial sequencing operations and pandemic-era diagnostic deployments also underscores the asymmetric nature of this strategy.
HGR Regime is Decades in the Making
Beijing frames genetic resources as a sovereign asset and control over them as a national security issue. In February 2020, General Secretary Xi Jinping directed that biosecurity be brought “into the national security system” (纳入国家安全体系) and that a biosecurity law be enacted without delay (State Council, February 14, 2020). The original framing predates the pandemic, however: in 2017, MOST’s “13th Five-Year Plan for Biotechnology Innovation” (“十三五”生物技术创新专项规划) called for a national bioinformation center to “safeguard national sovereignty over biological data” (维护国家生物数据主权) and to manage the nation’s strategic biological data resources (MOST, May 10, 2017).
The country’s regulation of HGR began with the 1998 Interim Measures for the Administration of Human Genetic Resources (人类遗传资源管理暂行办法). These asserted state sovereignty over PRC human genetic resources and required approval for collection, outbound provision, and international cooperation (State Council Information Office, June 12, 2019). Decisive impetus for expanding the regime came in November 2018, following a scandal in which Shenzhen-based researcher He Jiankui (贺建奎) announced the birth of gene-edited infants. [1] The scandal hardened Chinese Communist Party (CCP) leadership’s resolve to centralize control, and in 2019 the State Council supplanted the measures with the Regulations on the Administration of Human Genetic Resources (人类遗传资源管理条例). Effective July 1, 2019, the regulations established a four-stage licensing regime covering the collection, preservation, utilization, and outbound provision of genomic data. They also codified HGR information as a regulated category alongside physical samples for the first time. Article 7 of the regulations bars foreign organizations and foreign-controlled entities from collecting or preserving PRC genetic resources or providing them abroad, while Article 24 requires that all data generated in any international collaboration be “fully open to and backed up with the Chinese-side institution” (完全向中方单位开放并向中方单位提供备份) (MOST, June 12, 2019).
The new draft is a revised version of a set of “implementing rules” (实施细则) for the 2019 regulations first released in 2023 (MOST, June 1, 2023). The new rules narrow exemptions for transferring HGR information abroad. Previously, in cases where PRC entities had a cooperation agreement that provided for joint use of HGR information by both parties, they could skip prior reporting and information backup. Now, however, the foreign recipient must also be named in the license application. As a result, outbound HGR information for publication must now first be deposited at the CNCB. Failure to do so can result in penalties. [2]
Overlapping Statutes Reinforce HGR Retention
The HGR regulations add to a growing statutory regime that governs genomic data. Most prominent among these is the 2021 Biosecurity Law (生物安全法), which extended biosecurity governance to biotechnology research, pathogen-laboratory safety, human genetic resources, and biological resources. Article 57 of the law requires prior reporting and submission of an information backup before PRC human genetic resource information is provided to or opened for use by foreign organizations, foreign individuals, or institutions they establish or control. Articles 79 and 80 set penalties of up to RMB 5 million ($700,000) for unauthorized collection, preservation, or use in international cooperation of HGR and up to RMB 10 million ($1.4 million) for violations by foreign organizations or individuals (National People’s Congress [NPC], October 17, 2020). As the law operates concurrently with the HGR Regulations rather than displacing them, a single transfer can violate both, with penalties accumulating.
Two other laws, both enacted in 2021, further regulate the control of HGR. The Data Security Law (数据安全法) created an “important data” (重要数据) category, under which authorities would notify entities or publicly designate certain data as “important” and thus subject to certain controls. [3] The Personal Information Protection Law (个人信息保护法) designates medical and biometric data as sensitive personal information and offers three cross-border transfer routes (a security assessment by the Cyberspace Administration of China, certification by a designated body, or a standard contract), each requiring separate consent (NPC, August 20, 2021). In practice, however, the simpler transfer routes that this law outlines are not available in the case of identifiable genomic data, as these would still trigger the HGR pre-approval and the Biosecurity Law reporting requirements. PRC-origin population genomic data is consequently treated as potentially important by default unless an authoritative determination concludes otherwise.
The most consequential law for HGR retention is a 2024 amendment to the State Secrets Law (保守国家秘密法). Article 64 of this law introduces the concept of “work secrets” (工作秘密), information that does not constitute a state secret but whose disclosure “would cause certain adverse effects” (会造成一定不利影响的事项) and so should be protected under separately formulated rules (Xinhua, February 27, 2024). For HGR, this category provides an administrative route to restrict information that has not been, and may never be, designated under formal state secrets procedures. This differs from the U.S. position under National Security Decision Directive 189 (NSDD-189), which holds that classification is the exclusive control mechanism for federally funded basic research. In the PRC, by contrast, no law establishes openness as the default for state-funded research.
Regulations Create Asymmetric Control Over Genomic Data
The May 8 consultation draft works to support the collection and use of HGR domestically while simultaneously channeling overseas HGR into the PRC. In doing so, it seeks to realize objectives laid out in the 14th Five-Year Plan for Bioeconomy Development (“十四五”生物经济发展规划), which in 2021 called for the “unified collection and sharing of national biological data resources” (实现我国生物数据资源统一汇交共享) and the “secure and controlled sharing of biological resources” (推进生物资源受控共享和安全交换) (NDRC, May 10, 2022).
Domestically, HGR data is channeled toward two state-led repositories, CNCB in Beijing and the China National GeneBank (国家基因库) in Shenzhen. CNCB runs three main databases, the Genome Sequence Archive (GSA), its HGR-specific repository GSA-Human, and the OMIX (“Open Archive for Miscellaneous Data”) database. The Beijing Institute of Genomics, which hosts CNCB, describes it as the “national human genetic resources information management backup platform” (国家人类遗传资源信息管理备份平台), language that places it inside the HGR licensing regime (Beijing Institute of Genomics, July 15, 2022). [4] As of mid-2022, GSA holdings exceeded 15 petabytes, with contributions from more than 580 institutions. As of February 2026, GSA holdings had surpassed 100 petabytes, contributed by 1,272 institutions (Beijing Institute of Genomics, February 22). Article 39 of the May 8 consultation draft is designed to funnel genomic data toward CNCB. It offers a simplified procedure for reporting HGR information before it is transferred abroad by depositing the data at the CNCB. This is intended to build CNCB into an alternative to the world’s three other national-level gene banks in the United States, Europe, and Japan. [5]
The China National GeneBank was the PRC’s first attempt to create a national-level gene bank. The National Development and Reform Commission and three other ministries jointly established the institution in 2011, which became operational in 2016. Unlike the other three national-level gene banks, however, it operates under a public-private structure in which BGI Group, through BGI Research (深圳华大生命科学研究院), serves as the operating entity, with funding shared by central finance, Shenzhen municipal finance, and BGI itself (The Paper, September 22, 2016). At its September 2016 launch, the China National GeneBank reported access capacity for 60 petabytes of biological-information data—a figure that included mirrored international public data—and a first-phase capacity to store 10 million samples (The Paper, September 22, 2016). By 2024, its own archived holdings stood at more than 13 petabytes, contributed by over 500 institutions (Shenzhen Special Zone Daily, April 22, 2024).
The PRC is also directing genomic data generated outside its borders inward, though so far only where commercial channels permit. BGI Group’s overseas business is the most-documented instance. Drawing on more than 100 corporate and scientific publications, Reuters reported in 2021 that BGI developed its NIFTY (Non-Invasive Fetal TrisomY) prenatal test in collaboration with Chinese military institutions, including the People’s Liberation Army (PLA) General Hospital and the Third Military Medical University, and that the genomic data of more than 500 women tested abroad were stored in the China National GeneBank (Reuters, July 7, 2021). By BGI’s reported figures, the test was sold in at least 52 countries and had been taken by 8.4 million women globally, though how much foreign genomic data actually reaches the PRC this way is uncertain and bounded by destination-country law (Reuters, September 6, 2021). [6] BGI has denied providing NIFTY data to PRC authorities for national security or defense purposes, though the National Intelligence Law requires organizations to support and cooperate with state intelligence work (China Law Translate, 2017).
The PRC’s asymmetric approach contrasts sharply with that of Western countries, which operate open international databases (Federation of American Scientists, September 21, 1985). GenBank, maintained by the U.S. National Institutes of Health, makes the sequence data submitted to it freely available to anyone, wherever they are in the world, with no restriction on use or redistribution. Its partners in the International Nucleotide Sequence Database Collaboration follow the same open-access rule, as do its European and Japanese counterparts (National Library of Medicine, December 13, 2023). PRC researchers therefore use U.S. and global genomic data freely, while foreign researchers cannot obtain PRC-controlled human genetic resources on remotely comparable terms.
Washington has begun to respond. The Commerce Department added BGI Research, BGI Tech Solutions (Hong Kong), and Forensic Genomics International to its Entity List in 2023; and the Defense Department added BGI Genomics and MGI Tech to its 1260H list of Chinese Military Companies in 2025 (Federal Register, March 6, 2023, January 7, 2025). An executive order signed in February 2024 directed the Justice Department to restrict bulk transfers of Americans’ sensitive data to “countries of concern,” which include the PRC (Federal Register, March 1, 2024). Its Data Security Program since April 2025 has prohibited bulk transfers of human genomic data on as few as 100 U.S. persons (including anonymized data) to designated states (Department of Justice, April 11, 2025). The Food and Drug Administration halted new clinical trials that sent Americans’ living cells abroad for genetic engineering in June 2025, closing an exemption that had allowed trial samples, including DNA, to be processed in the PRC (Food and Drug Administration, June 18, 2025). Finally, Congress enacted the BIOSECURE Act as part of the Fiscal Year 2026 National Defense Authorization Act in December 2025 (U.S. Congress, December 18, 2025).
The U.S. controls, however, are carefully bounded, confined to a short list of adversary states as a result of ex-post prohibitions on specific transactions and maintaining openness for American and allied research. The PRC controls are the inverse: a decades-old regime that applies to all foreign parties and operates as ex-ante licensing.
Conclusion
Beijing’s proposed revisions to regulations on the management of HGR boost its ability to construct a centralized repository of genomic data by mandating the deposit of PRC-origin genomic information at CNCB before it can be shared overseas. The proposal adds to a growing legal and regulatory architecture that realizes previously articulated objectives for ensuring national sovereignty over biological data.
This advances a one-way asymmetry in which the PRC retains its own population’s genomic data while an open international system leaves American and allied data freely available. As a result, PRC state-linked institutions can study U.S. and allied populations at scale, over time potentially informing applications tailored to specific populations. The current structure benefits Beijing in a domain—biomanufacturing (生物制造)—that Xi Jinping has named a priority future industry, signaling that it intends to convert its data resources into industrial advantage (Qiushi, June 1).
The PRC’s HGR retention architecture is the longest-running and most operationally tested instance of its asymmetric closed-door doctrine, but the same approach recurs across a number of cross-border domains. This is not an enforcement gap that can be closed through entity designations or other tailored instruments, and constitutes an urgent strategic problem for the United States.
This article originally appeared in China Brief. Check it out here!
Christopher Nye is a Non-Resident Fellow at The Jamestown Foundation.
Charles Sun is a China-focused policy analyst specializing in technology governance and the political economy of elite-state relations. He is a Yale Sinovation Fellow at the Yale School of Management and was a visiting fellow at the Shorenstein Asia-Pacific Research Center (APARC), Stanford University. His Stanford research introduced the Proactive Elite Alignment Theory (PEAT) framework for analyzing anticipatory compliance in China’s tech sector. He holds master’s degrees from Stanford University and Columbia University.
Notes
[1] He Jiankui, then an associate professor at the Southern University of Science and Technology in Shenzhen, announced in November 2018 that he had used CRISPR germline editing to produce twin girls he said were resistant to HIV. The experiment drew near-universal condemnation, and a Shenzhen court convicted him of illegal medical practice in December 2019, sentencing him to three years in prison (Science, December 30, 2019).
[2] MOST has published representative cases since 2015 against hospitals, multinationals, and affiliates of the Chinese biotech giant BGI Group (华大集团). This level of transparency is unusual for PRC administrative enforcement, and is likely intended to deter violations (MOST, July 12, 2018).
[3] This clarification came via the Cyberspace Administration of China (CAC) in its March 2024 Provisions on Promoting and Regulating Cross-Border Data Flows (促进和规范数据跨境流动规定) (CAC, March 22, 2024).
[4] The Beijing Institute of Genomics was named to host the National Genomics Data Center (NGDC) when MOST and the Ministry of Finance designated the first batch of national science data centers in June 2019. It was granted the additional title “China National Center for Bioinformation” later that year (Beijing Institute of Genomics, November 13, 2019).
[5] The other three are the U.S. National Center for Biotechnology Information, the European Molecular Biology Laboratory’s European Bioinformatics Institute, and Japan’s DNA Data Bank of Japan.
[6] After the Reuters report, the United Kingdom required BGI to register its test, and regulators in several countries opened data-protection reviews. Separately, the U.S. National Counterintelligence and Security Center (NCSC) issued a public advisory identifying PRC collection of U.S. genomic and other healthcare data as a national security risk, with specific reference to BGI (ODNI, February 1, 2021).


