Nagoya Protocol Compliance

EU Regulation 511/2014 (the EU ABS Regulation) makes the Nagoya Protocol binding on all organisations using genetic resources in the EU. Its key requirements for commercial users:

• Due diligence obligation - companies must seek, keep, and transfer information demonstrating that genetic resources were accessed in compliance with applicable access legislation and that benefit-sharing obligations are in place. This applies at the point of access and at the point of commercialisation.
• Checkpoints - due diligence declarations must be submitted at two points: when research funding is received or applied for, and when a product is commercialised (marketing authorisation application or equivalent). The checkpoints cover both the applicant and any subcontractors or data suppliers in the chain.
• Penalties - Member States are required to impose effective, proportionate, and dissuasive penalties for non-compliance. Penalties in several Member States include product seizure, financial fines, and prohibition from future use of genetic resources. Marketing authorisation refusal is the highest-stakes outcome.

The regulation applies to any genetic resource accessed after 12 October 2014 (the date the Protocol entered into force). Material accessed before this date under prior CBD-era agreements may be exempt - but the burden of proof lies with the user.

An Internationally Recognised Certificate of Compliance (IRCC) is issued by a national authority (in Madagascar's case, the MEDD - Ministry of Environment and Sustainable Development) when a Prior Informed Consent (PIC) is granted and a Mutually Agreed Terms (MAT) agreement is formalised. The IRCC is registered in the ABS Clearing House - the CBD's public database of compliant access agreements - and assigned a unique identifier that can be verified by any competent authority.

For a company using IsoGentiX data, the IRCC certificate number is the primary compliance document. It demonstrates that:

• Access to the genetic resource was granted by Madagascar's national authority with legal authority to do so
• A benefit-sharing agreement with Madagascar is in place
• The chain of custody from collection to data delivery is documented
• The use is within the scope of the access agreement

IsoGentiX provides IRCC certificate numbers - verifiable against the public ABS Clearing House - with every data delivery. This is the evidence your regulatory team needs to complete due diligence declarations under EU Regulation 511/2014.

This is one of the most actively contested questions in current ABS policy. The Kunming-Montreal Global Biodiversity Framework (GBF), adopted in December 2022, included language directing the development of a multilateral mechanism for sharing benefits from the use of DSI. Negotiations on this mechanism are ongoing as of 2026.

The current regulatory position in most jurisdictions is that DSI downloaded from public databases before any applicable DSI mechanism comes into force is not subject to ABS obligations under the existing Protocol framework - but this position is contested and jurisdiction-specific. Some countries' national ABS legislation already explicitly covers DSI.

The IsoGentiX position: all data generated by our programme - including sequence data - is created under an ABS agreement that explicitly covers the data generated, not just the physical specimens. Our IRCC certificates cover the biological data derived from collected specimens, including genomic sequences. This means that IsoGentiX data has ABS documentation regardless of how the DSI policy debate resolves - our customers are protected from regulatory risk under both the current framework and any future DSI-inclusive framework.

Digital Sequence Information (DSI) is the formal term for genetic data in digital form - genome assemblies, transcriptomics, metabolomics profiles, and computational outputs derived from biological specimens. It is the primary output of the IsoGentiX platform.

At CBD COP16 in November 2024, 196 governments agreed to establish the Cali Fund - a global mechanism requiring companies that commercially use DSI to contribute a share of their revenues or profits to benefit biodiversity-rich countries and local communities. The indicative rates are 1% of profits or 0.1% of revenues, applying to commercial entities above defined balance-sheet thresholds. Definitive rates will be confirmed at COP17 (2026). The Cali Fund was formally launched in Rome on 25 February 2025.

This mechanism is separate from - and parallel to - the Nagoya Protocol's existing PIC/MAT/IRCC framework, which governs access to physical genetic resources. Both obligations apply simultaneously to IsoGentiX and its commercial partners.

What this means for IsoGentiX customers: companies that derive commercial revenues from IsoGentiX data in the pharmaceutical, agritech, AI, and biotechnology sectors will need to document their DSI exposure for Cali Fund reporting purposes. Because every IsoGentiX specimen carries a Globally Unique Identifier (GUID) traceable from the point of collection through to every derived sequence, IsoGentiX can provide specimen-level DSI provenance reports - the documentation customers need to meet their Cali Fund obligations accurately. No public genomic database offers equivalent traceability.

IsoGentiX's Framework MoU with Madagascar's Ministry of Environment and Sustainable Development (MEDD) explicitly addresses DSI in scope and includes a coordination clause ensuring both the direct MAT-based benefit-sharing to Madagascar and Madagascar's entitlement to Cali Fund disbursements are properly managed. IsoGentiX commercial licence agreements include a DSI compliance clause requiring customers to make Cali Fund contributions in respect of revenues derived from IsoGentiX-origin data, once applicable thresholds are met.

For technical detail on DSI, the Cali Fund, and how IsoGentiX's provenance architecture addresses both tracks, see our Knowledge Hub article: Digital sequence information, the Cali Fund, and what it means for IsoGentiX. For compliance enquiries, contact abs@isogentix.com.

IsoGentiX provides a complete provenance documentation package with every data delivery, designed to satisfy due diligence requirements under EU Regulation 511/2014 and equivalent frameworks:

• IRCC certificate reference numbers - verifiable against the CBD ABS Clearing House public database
• MAT terms summary - a plain-language summary of the benefit-sharing obligations in place between IsoGentiX and Madagascar's national authority
• Blockchain provenance record - a tamper-proof ledger entry linking each specimen GUID to its collection date, collector, location, and access agreement reference
• Steganographically watermarked data files - each data delivery contains an embedded, invisible watermark linking the data to the specific licence agreement and the IRCC record. This watermark is recoverable by IsoGentiX and by authorised competent authorities.
• Chain-of-custody certificate - a signed document tracing the physical specimen from collection to laboratory processing to data delivery

This documentation package is designed to be submitted directly to competent authorities as the due diligence evidence required at EU Regulation 511/2014 checkpoints. No additional compliance work is required on the licensee's part beyond retention of these documents.

The regulatory risk of using non-compliant biological data in commercial R&D is substantial and is increasing as competent authority enforcement capacity grows. Documented consequences in EU Member States include:

• Financial penalties (fines proportionate to the commercial value of the product)
• Prohibition on continued use of the genetic resources in question
• Seizure of products derived from non-compliant genetic resources
• Refusal of marketing authorisation for products where the biological component cannot be traced to a compliant access agreement

Beyond regulatory risk, there is reputational and commercial risk. As benefit-sharing obligations become more visible - particularly following the Kunming-Montreal GBF and growing media coverage of biopiracy concerns - companies with non-compliant supply chains face scrutiny from investors, ESG raters, and civil society organisations.

The practical problem is that most R&D organisations using biological data from public databases have not assessed whether those resources were accessed with PIC and MAT. The due diligence obligation falls on the user, not the database. IsoGentiX data eliminates this risk for the data it supplies.

Yes - Madagascar ratified the Nagoya Protocol and has implemented a national ABS framework. Madagascar's competent national authority for ABS is the MEDD (Ministry of Environment and Sustainable Development). Madagascar's ABS legislation governs all access to biological resources within its territory and allows the MEDD to issue PIC and register IRCC certificates in the CBD Clearing House.

Madagascar's ABS framework is operationally active. MEDD has issued access permits and IRCC certificates for biodiversity research and commercial programmes. The benefit-sharing provisions include both monetary (royalty-based) and non-monetary components (capacity building, research partnership, technology transfer).

IsoGentiX's access agreement with MEDD covers collection across Madagascar's territory, with permit scope updated as new collection areas and target species are added to the programme. All collections are covered by the existing framework - no separate permit application is required for each collection event within the permitted scope.