As synthetic biology accelerates and AI-driven bioengineering tools proliferate, the legal frameworks designed to prevent biological catastrophe in Southeast Asia are showing their age. Regulations built around static taxonomic lists of known pathogens were never designed to govern a world where novel organisms can be engineered in silico and genetic data can cross borders as a digital file. A new analysis makes clear that this regulatory lag is a systemic vulnerability with consequences for regional and global health security.
The study evaluates biosecurity legal frameworks across three ASEAN nations — Malaysia, Singapore, and Brunei — in comparison with the United States. The authors examined national legislation, international treaty commitments, and policy documents against a structured five-domain framework covering criminal prohibitions, export controls, laboratory oversight, dual-use research of concern (DURC) governance, and reporting transparency. That analysis was supplemented by purposive interviews conducted in 2024 and 2025 with senior officials from Malaysian government biosecurity agencies.
Singapore emerges as the regional frontrunner, with its Biological Agents and Toxins Act 2005 providing a risk-based classification system, mandatory biosafety committee requirements, and robust export controls under the Strategic Goods (Control) Act. Malaysia occupies a transitional position: its Penal Code and Strategic Trade Act 2010 establish meaningful criminal prohibitions and export controls, but the foundational Biosafety Act 2007 is narrowly scoped to genetically modified organisms, leaving DURC and synthetic biology effectively ungoverned. Brunei’s framework is the most limited, lacking a national biological agent control list, comprehensive laboratory biosecurity regulations, and clearly designated institutional authority for Biological Weapons Convention (BWC) implementation.
All three countries are states-parties to the BWC and submit Confidence-Building Measure (CBM) reports — Malaysia annually since 2011, Singapore through multiple submissions between 2012 and 2023, and Brunei periodically. However, the authors note a consistent regional pattern: none of these countries makes its CBM submissions publicly accessible through the BWC Implementation Support Unit’s eCBM portal. The United States, by contrast, publishes its CBM reports openly. The authors are careful to distinguish this transparency gap from noncompliance, noting that restricting access to sensitive biodefense data is a rational national security choice — but one that meaningfully constrains regional trust-building and informal verification across ASEAN borders.
Perhaps the study’s most policy-relevant finding is its identification of a regulatory loophole that extends across all three ASEAN jurisdictions and, in a different form, through the United States as well. Current biosecurity frameworks in Malaysia and Singapore depend heavily on physical, taxonomic control lists — the Strategic Trade Act 2010 and the Strategic Goods Control Order 2023, respectively. These instruments govern the movement of known biological agents and dual-use equipment through physical customs channels. They are, by design, legally blind to the intangible transfer of genetic data — a file transmitted electronically to a DNA synthesizer that could enable the construction of a listed or unlisted pathogen.
The authors draw directly on recent policy literature to underscore the severity of this gap, noting that the ability to design novel proteins computationally poses unprecedented governance challenges because list-based frameworks only regulate known pathogens. An AI-designed synthetic threat that does not appear on any existing control list falls entirely outside current statutory authority. The United States faces an analogous problem: its Federal Select Agent Program, while administratively sophisticated, applies only to federally funded research, creating an enormous regulatory blind spot for privately funded biotechnology work.
The absence of a binding ASEAN biosecurity treaty means that regional coordination must be pursued through targeted functional mechanisms rather than top-down legal mandates. The authors recommend transitioning biosecurity governance from purely taxonomic frameworks to risk-based, functional regulatory criteria — a shift that would allow national authorities to place newly engineered or AI-generated pathogens on provisional regulatory lists while formal risk assessments are conducted. They also call for making One Health a binding statutory obligation rather than a voluntary policy framework, closing the jurisdictional silos that currently separate human health, animal quarantine, and environmental safety under separate ministries and laws.
For the United States, the study offers a comparative lesson in the limits of regulatory maturity: federal fragmentation across the CDC, NIH, USDA, and Department of Defense creates accountability gaps that high resource levels and sophisticated law cannot fully compensate for. For ASEAN nations, the core message is that individual national frameworks, however well-designed, cannot substitute for regional coordination in the face of biological threats that respect no border.
Sources and further reading:
Osman ND, Abdullah MK. Strategies to strengthen biosecurity regulation in the ASEAN region and the United States: Approaches and implications. Journal of Biosafety and Biosecurity. 2026.
