On May 25, 2026, the Life Sciences Ethics Subcommittee of China's National Science and Technology Ethics Committee released the "Ethical Guidelines for Human Genetic Data Research" for reference by research institutions and researchers.

While the Guidelines do not create new legal obligations, they provide a comprehensive ethical framework for research involving human genetic data. The document consolidates expectations already reflected in China's frameworks for human genetic resources, personal information protection, biosafety, data security, and research ethics.

The Guidelines also provide insight into the ethical considerations likely to  receive greater scrutiny  during the ethical review, approval and conduct of human genetic data research.

At a Glance

• No new legal requirements: The Guidelines consolidate ethical expectations already reflected in China's human genetic resources, data protection, biosafety, and research ethics frameworks.
• Research programs may face greater ethical scrutiny: Increased emphasis is placed on consent, participant protections, incidental findings, and population-level impacts.
• Biobanks and genetic databases are a key focus: Organizations should review governance, access controls, traceability, retention, and incident response measures.
• Cross-border genetic data activities remain sensitive: Existing approval, filing, and security assessment requirements remain firmly in focus.
• Governance frameworks warrant review: Organizations should assess alignment with the themes highlighted in the Guidelines.

Relationship to China's Existing Regulatory Framework

Rather than establishing a separate regulatory regime, the Guidelines serve as an ethical reference for applying existing legal and governance requirements to research involving human genetic data. They expressly reference key legal and ethical frameworks, including:

• Personal Information Protection Law
• Data Security Law
• Biosafety Law
• Regulations on the Administration of Human Genetic Resources
• Implementing Rules for the Regulations on the Administration of Human Genetic Resources
• Regulations on Network Data Security Management
• Measures for Ethical Review of Life Science and Medical Research Involving Humans
• Measures for Science and Technology Ethics Review (Trial)
• Declaration of Helsinki

Participant Rights, Informed Consent, and Long-Term Data Use

Protection of participant autonomy is one of the central themes of the Guidelines and is reflected throughout the document's consent requirements.

Reinforcing Participant Rights

Researchers must protect participants' rights to:

• Know
• Choose
• Consent
• Refuse participation
• Withdraw participation

Additional Safeguards for Vulnerable Participants

Consent procedures must comply with applicable legal and ethical requirements and be understandable to participants.

Additional protections are required for:

• Minors
• Individuals lacking or having limited civil capacity
• Participants affected by language barriers
• Participants affected by cultural differences

For individuals lacking full civil capacity, guardian consent is required. Researchers must also communicate information in a manner appropriate to the individual's age and cognitive ability and seek and respect the individual's own willingness to participate.

Recognition of Broad and Dynamic Consent

The Guidelines recognize broad consent and dynamic consent mechanisms, subject to applicable legal and ethical requirements.

For organizations involved in biobanking, longitudinal genomic research, and secondary data use, this recognition reflects the practical need for consent models that can support ongoing research while maintaining appropriate safeguards.

Genetic Privacy, Data Security, and Governance Requirements

A substantial portion of the Guidelines focuses on how organizations should govern and protect human genetic data throughout its lifecycle.

Expanded Protection for Genetic Privacy

Genetic privacy is defined broadly to include human genetic data and related identifiable, inferable, or associable information concerning:

• Physiological traits
• Health conditions
• Familial relationships
• Lineage information

Individuals and relevant groups have the right to protection against unlawful intrusion, disclosure, publication, or improper processing of such information.

Risk-Based Security and Access Controls

Organizations and researchers are expected to implement safeguards proportionate to data sensitivity and risk.

Population-specific genetic information is specifically identified as requiring enhanced protections, including:

• Classification measures
• Access controls
• Usage restrictions

Governance Expectations Across the Data Lifecycle

The Guidelines call for comprehensive governance measures, including:

• Data classification
• Source verification and recordkeeping
• Access management
• Traceability mechanisms
• Sharing and external provision controls
• Retention and destruction procedures
• Emergency response planning

For human genetic databases, governance systems should clearly define collection and storage standards, classification rules, sharing requirements, external provision requirements, and destruction procedures.

The Guidelines also encourage tiered access authorization mechanisms to support compliant sharing of de-identified genetic data under controlled conditions.

Organizations are expected to establish procedures for responding to actual or potential data breaches, unauthorized access, data alteration, or data loss. Where required by law, authorities must be notified and affected participants informed.

Expanded Focus on Familial, Population-Level, and Social Risks

One of the more distinctive aspects of the Guidelines is their recognition that genetic research may affect people beyond the individual participant.

Familial Implications and Incidental Findings

For research involving important Chinese genetic lineages or hereditary diseases, researchers should assess the potential impact of both the research and disclosure of findings on:

• Participants
• Blood relatives
• Family groups

Particular attention should be given to:

• Disease susceptibility information
• Carrier status information
• Incidental findings

The Guidelines note that such information may create privacy, psychological, or social risks.

Additional Protections for Specific Populations

The Guidelines establish additional expectations for research involving:

• Ethnic minorities
• Genetically isolated populations

Researchers are expected to respect cultural customs and collective interests while taking measures to prevent stigmatization, discrimination, and inappropriate labeling of specific groups.

Prevention of Genetic Discrimination

The document explicitly prohibits genetic discrimination, defined as unreasonable or unjust differential treatment based on genetic information, genetic characteristics, or genetic test results that harms the lawful rights and interests of individuals or identifiable groups.

Examples identified in the Guidelines include discrimination relating to:

• Employment
• Education
• Insurance
• Medical services
• Social security
• Social life

Together, these provisions reflect a broader focus on the societal implications of genetic research and the responsible use of genetic information.

Transparency, Research Communications, and Publication Standards

The Guidelines devote attention not only to how genetic data is handled, but also to how research activities and findings are communicated.

Organizations are encouraged to disclose in a clear and accessible manner:

• Basic data-processing plans
• Key processing procedures
• Privacy measures
• Security measures

The Guidelines emphasize responsible communication of research results. Public statements should accurately describe:

• Research progress
• Applicability
• Limitations

Organizations should avoid exaggerated claims, misleading publicity, genetic bias, stigmatization, and discriminatory language. When publishing or publicizing research findings, organizations must protect genetic privacy.

Information capable of identifying individuals, families, or groups must not be disclosed, and non-desensitized data must not be made public.

Cross-Border Human Genetic Data Governance Remains a Priority

The Guidelines reiterate that activities involving the collection, preservation, utilization, or overseas provision of China's human genetic data must complete all legally required approvals, filings, and security assessments, including those related to human genetic resources management.

Although the Guidelines do not introduce new cross-border transfer requirements, they reinforce the importance of complying with China's existing human genetic resources, data protection, and security frameworks when conducting international research collaborations, global clinical studies, and cross-border data-sharing activities.

Practical Compliance Actions for Overseas Companies

Although directed primarily at research institutions and researchers, the Guidelines provide a useful opportunity for multinational organizations to reassess existing governance arrangements. The principles are equally relevant to pharmaceutical sponsors, biotechnology companies, CROs, genomic testing providers, biobanks, and multinational organizations conducting research involving Chinese human genetic data.

Organizations in pharmaceuticals, biotechnology, medical devices, diagnostics, contract research, and clinical development should consider the following actions:

Conduct a Comprehensive Human Genetic Data Flow Assessment

Identify where human genetic data is collected, stored, analyzed, accessed, shared, retained, deleted, and transferred.

The review should include affiliates, CROs, laboratories, hospitals, research partners, cloud environments, and overseas recipients.

Reassess Cross-Border HGR Compliance Requirements

Assess whether ongoing or planned activities involve China's human genetic resources or overseas provision of human genetic data and determine whether approvals, filings, security assessments, or additional controls may be required.

Validate Consent and Participant Communication Frameworks

Review consent materials to ensure they clearly address data collection, research use, secondary use, data sharing, retention periods, withdrawal rights, and privacy protections.

Where broad or dynamic consent mechanisms are used, ensure supporting governance arrangements are appropriately documented.

Strengthen Biobank, Database, and Data Governance Controls

Review access-control frameworks, data classification methodologies, audit trails, source records, retention schedules, destruction procedures, and incident response capabilities.

Organizations should be able to demonstrate traceability and controlled access throughout the data lifecycle.

Formalize Procedures for Incidental Findings and Genetic Risk Information

Establish clear processes for identifying, evaluating, escalating, and communicating incidental findings, hereditary disease information, disease susceptibility information, and carrier status information where relevant.

Incorporate Population-Level and Community Impact Assessments

For research involving identifiable populations, assess potential risks relating to stigmatization, discrimination, cultural sensitivities, community impacts, and misuse of group-specific genetic information.

Where appropriate, consideration may be given to engagement with representative organizations or community representatives.

Review Scientific Publications and Public Communications

Evaluate publications, marketing materials, investor communications, and other public-facing content to ensure research findings are presented accurately, proportionately, and without language that could be considered misleading, stigmatizing, or discriminatory.

Final Thoughts

China's new "Ethical Guidelines for Human Genetic Data Research" do not create new legal obligations, but they provide a clear statement of the ethical standards regulators increasingly expect organizations to meet.

The document reinforces China's existing focus on participant rights, genetic privacy, data security, and oversight of sensitive genetic information while placing greater emphasis on family, community, and societal impacts.

For organizations operating in genomic research, precision medicine, and related fields, the guidelines offer a practical roadmap for strengthening governance frameworks while illustrating the direction of China’s evolving expectations for responsible huma genetic data governance.

For support assessing how China's evolving genetic data governance framework may affect your research activities, data-sharing arrangements, or compliance obligations, contact Cisema today.

Further Information

• Explore Cisema’s pharmaceutical consulting services.

References

• The "Ethical Guidelines for Human Genetic Data Research" Have Been Released