Before the US government released its long-awaited guidelines for purveyors of synthetic DNA last week, some scientists were concerned that the standards, meant to foil would-be bioterrorists, would also hamper legitimate researchers. Instead, the limited scope of the voluntary guidelines has thrown into stark relief the difficulty of keeping tabs on the fast-growing business of gene synthesis.

The US Department of Health and Human Services (DHHS) in Washington DC spent more than three years crafting the guidelines, which advise biotech companies to screen customers and their orders for possible threats to human health or agriculture. DNA sequences that match those unique to organisms on the government's Select Agents and Toxins list, potentially representing a public-health risk, will be reported to the DHHS. The screening will not impinge on legitimate research, or burden industry to such an extent that companies might leave the country, says Michael Imperiale, a microbiologist at the University of Michigan, Ann Arbor, and a member of the National Science Advisory Board for Biosecurity.

The US government is urging a lower security standard on the world. ,

But in achieving that level of comfort, the DHHS has drastically restricted the guidelines' reach. The rules apply only to double-stranded DNA, for example, and not to single-stranded fragments — a decision that has puzzled even proponents of the guidelines. "It seems like an arbitrary distinction," says George Church, a geneticist at Harvard Medical School in Boston, Massachusetts. Although the techniques for stitching together double-stranded DNA fragments are better established, Church and his colleagues recently published a method for re-engineering bacterial genomes using single-stranded DNA fragments only 90 bases long (H. H. Wang et al. Nature 460, 894–898; 2009).

Small single-stranded DNA fragments are widely used in molecular biology, and the DHHS says that it would be too burdensome for industry to screen such a high volume of orders. Church, who says the guidelines are a good first step, disagrees. "I don't see why these guidelines wouldn't work for single-stranded DNA," he says.

Stephen Maurer, a public-policy researcher at the University of California, Berkeley, adds that the guidelines call for an initial automated screen of sequences by computer, a less stringent survey than getting employees to analyse each order as it comes in, as many companies already do. "You have a strange situation in which the US government is urging a lower security standard on the world," he says. But human screens could lead to inconsistencies between companies, says Theresa Lawrence, a health scientist at the US Public Health Service, whose office coordinated the final guidelines. "We want to ensure a consistent baseline that can be uniformly applied across industry," she says.

Some argue that any focus on synthetic DNA and its providers does little to improve security, because it assumes that specific DNA sequences are difficult to obtain. "That framework is appropriate for plutonium, but not for some lousy gene encoded by some lousy pox virus," says Roger Brent, a molecular biologist at the Fred Hutchinson Cancer Research Center in Seattle, Washington. "I can make that by getting a clone from a colleague, or isolating it from nature. I don't need double-stranded DNA to do it."