This document summarizes significant recent updates to the NIH Genomic Data Sharing (GDS) Policy, focusing on new and stricter cybersecurity requirements and access terms for researchers and developers accessing controlled-access human genomic data in NIH repositories. Effective January 25, 2025, institutions must ensure that IT systems used for accessing or storing genomic data comply with NIST SP 800-171 standards, and developers involved in repository-related activities must adhere to additional terms of access, mandatory training, and prompt incident reporting; non-compliance may result in sanctions, and no extensions to the implementation deadline will be granted. NIH has clarified the scope of these requirements and provided guidance for institutions to assess compliance, develop risk mitigation plans, and inform principal investigators of their expanded responsibilities under the updated policy.
Kristin West
Kristin (Kris) West is the Director of the Research Ethics and Compliance Committee at COGR.
