Regulators have been slow to deal with 'dual use' biological agents such as proteins, DNA or whole organisms that are generally used for benign research, but that could also be used to inflict harm. The reasons are many — not least being the complex way in which these substances behave and interact with their environment — and the result has been a regulatory patchwork.

For example, many countries have tried to regulate the firms that produce made-to-order DNA sequences by requiring permits for export. But the paperwork required is so onerous that the companies often just discard their non-domestic orders — so information about the customers looking to acquire these sequences is lost. And oversight of domestic sales is comparatively lax.

Industry self-policing can sometimes fail dramatically.

This month, the Industry Association Synthetic Biology (IASB), a consortium of gene-synthesis companies located mainly in Europe, agreed to a series of actions that might provide a more robust solution to the bioterror problem. Several of the US companies in the market have reportedly indicated their willingness to comply. The agreement calls for member companies to develop a database of suspicious or potentially dangerous DNA sequences. The association did note the potential danger of centralizing these data, even though they are already publicly available. But the benefit, argues the IASB, is that an open-source collection will be much easier for experts to keep updated, complete and correct.

Meanwhile, the agreement calls on IASB member companies to share information about the screening processes already in use so that standard practices can be adopted. The firms have said they are willing to cooperate on this effort in a non-competitive way; the report they produced includes ideas for better policing, including a pattern-recognition approach that would be more adaptable to what most predict will be a rise in the number and variety of DNA sequences requested.

These steps, and other proposed elements, are the beginnings of a code of conduct for the industry. The reward for this voluntary practice would be an unofficial stamp of approval from the IASB that could signal to customers (and potentially the funders of customers) that this business is worth dealing with. Although such a code of conduct is useful and welcome, compliance and enforcement will be paramount. There have been, and will probably continue to be, companies that are not interested in cooperating with any industry group, and that are happy to operate in the unregulated grey area. The ultimate hope is that customers will put economic pressure on those non-compliers to fall in line, or else lose all but the most disreputable business.

But that is just a hope. As the recent meltdowns on Wall Street have indicated, industry self-policing can sometimes fail dramatically. When bad business practices can have grave effects for the public, regulators should be firm and proactive. The IASB has taken laudable first steps in providing government regulators with guidelines they can build from. Now, the regulators need to act.