What Is the Nagoya Protocol and Why Does It Matter for Pharma and Agritech?

← Back to Knowledge Hub

The short answer

The Nagoya Protocol is an international agreement governing access to genetic resources and the fair and equitable sharing of benefits arising from their utilisation. It requires two foundational conditions before any commercial use of biological material from a signatory nation is permissible: Prior Informed Consent (PIC) - formal written consent from the national authority responsible for genetic resources - and Mutually Agreed Terms (MAT) - a formal benefit-sharing agreement, monetary or non-monetary, negotiated and documented before access takes place.

For any pharmaceutical or agritech company using biological data originating from a biodiverse nation that has ratified the Protocol, Nagoya compliance is not a box-ticking exercise. It is a legal precondition for commercialising products derived from or developed using that material in the European Union and an increasing number of other jurisdictions. Non-compliance exposes companies to the invalidation of access, product injunctions, and reputational liability proportional to the commercial value of what they have built.

Background: how we got here

For most of the twentieth century, biological samples flowed from biodiversity-rich developing nations into commercial research and development pipelines with no structured benefit-sharing. The most cited example is Madagascar's rosy periwinkle (Catharanthus roseus). Compounds derived from this plant - vincristine and vinblastine - became the foundation of treatments for leukaemia and Hodgkin lymphoma. The drug programme generated billions of dollars in revenue. Madagascar received nothing from that commercial outcome.

The Convention on Biological Diversity (CBD), adopted at the 1992 Earth Summit in Rio de Janeiro, established the foundational principle that genetic resources are the sovereign property of the nations where they originate - not a global common available for unrestricted extraction. The Nagoya Protocol, adopted in 2010 and entering into force in October 2014, operationalised this principle. It created the Access and Benefit-Sharing (ABS) framework: a structured legal mechanism requiring documented consent and agreed benefit-sharing terms as conditions of lawful access. As of 2026, 140 countries have ratified the Protocol.

What compliance requires

The Nagoya Protocol creates three core obligations for any organisation accessing genetic resources from a signatory nation for commercial purposes.

Prior Informed Consent (PIC)

Before any biological material is collected, formal written consent must be obtained from the national authority designated by the provider country. In Madagascar, this authority is the Ministry of Environment and Sustainable Development (MEDD), operating through the Direction G-n-rale de l'Environnement et des For-ts (DGEF). PIC is not a formality: it is a legal instrument. Material collected without it cannot be lawfully used in any commercial context in an EU member state, regardless of what happened subsequently in the supply chain.

Mutually Agreed Terms (MAT)

A formal benefit-sharing agreement - defining monetary and non-monetary benefits flowing back to the provider nation - must be negotiated and agreed before access takes place. MAT cannot be retrofitted after commercial value has been generated. Informal arrangements with local researchers or institutions do not satisfy this requirement. The agreement must be with the competent national authority and recorded in the Access and Benefit-Sharing Clearing-House (ABSCH) maintained by the CBD Secretariat.

Compliance monitoring and due diligence

EU Regulation 511/2014 - the instrument that gives the Nagoya Protocol legal effect within the European Union - requires that organisations using genetic resources exercise due diligence to verify that the resources were accessed in accordance with applicable access and benefit-sharing legislation. This includes maintaining documentation of access, being able to demonstrate chain of custody, and submitting due diligence declarations at key commercialisation checkpoints. The obligation sits with the user, not the supplier.

Where companies get into trouble

Nagoya compliance failures are rarely the result of deliberate circumvention. Most arise from incomplete documentation, material passing through multiple hands, or the genuine legal complexity of research that began before 2014. The following table maps the most common failure modes.

Failure mode	How it arises	Legal exposure
No PIC documentation	Material purchased from a third-party supplier; original collection event and jurisdiction unknown	EU Regulation 511/2014 due diligence violation; access potentially invalidated
Pre-2014 access, post-2014 commercial use	Compound or material isolated before the Nagoya Protocol entered into force; product developed or patented after October 2014	Complex legal grey zone; trigger date debated; increasing regulatory scrutiny
No MAT in place	Research initiated under informal agreement with local academic institution rather than national authority	Access not legally established; commercial use exposed to injunction
Chain-of-custody break	Material has passed through multiple institutions, herbaria, or commercial brokers without documented transfer records at each stage	Due diligence cannot be demonstrated; EU checkpoint declaration cannot be completed
Digital sequence information (DSI) gap	Genomic data accessed from public databases without provenance documentation; COP-16 Cali Fund (2024) creates benefit-sharing obligations for commercial use of DSI	Emerging and rapidly expanding risk; legal ground shifting toward greater provenance requirements post-COP-16

The digital sequence information question

The most actively contested area in ABS law currently concerns digital sequence information (DSI): genomic sequence data derived from biological material and deposited in public databases such as GenBank, EMBL-EBI, or BOLD. The question of whether accessing and commercially using DSI constitutes "use of genetic resources" subject to Nagoya obligations has been debated since the Protocol entered into force.

The Cali Fund, established at COP-16 in October 2024, resolved this question in a consequential direction. Companies deriving commercial benefit from DSI - even if they never physically accessed a biological specimen - now have benefit-sharing obligations under the emerging multilateral mechanism. The fund requires companies meeting revenue or usage thresholds to contribute to the multilateral pool when DSI from public databases is used in commercial products.

The practical implication: reliance on public database sequence data without provenance documentation no longer represents a clean Nagoya risk position. The legal ground is moving, and it is moving toward greater provenance requirements, not fewer.

"The more commercially valuable the genomic data, the more important it is that the legal chain of access is unambiguous. There is no such thing as legally neutral biological data anymore."

What a compliant access arrangement looks like

A fully compliant access and benefit-sharing arrangement under the Nagoya Protocol involves five structured components, each building on the last.

1. Framework Agreement with the competent national authority - in Madagascar, this is MEDD/DGEF - establishing the legal basis for access and the benefit-sharing framework at programme level. This is the foundational instrument; everything else sits beneath it.
2. Species-level or collection-level IRCCs (Internationally Recognised Certificates of Compliance) recorded in the ABSCH - the CBD's public clearing-house - providing legally recognised documentation that access was granted in accordance with national legislation.
3. Community-level Free, Prior and Informed Consent (FPIC) where traditional knowledge is associated with the genetic resources being accessed. This is a requirement under both Nagoya and the UN Declaration on the Rights of Indigenous Peoples, and must be documented at the community level, not subsumed into the national authority consent.
4. Specimen-level provenance records - ideally cryptographically verified - linking every data record to its specific collection event, the consent instruments under which it was collected, and the benefit-sharing terms applicable to its use. This is the structural requirement for demonstrating due diligence under EU Regulation 511/2014 at the level of individual data assets.
5. Independent Ethics Review Board overseeing collection protocols, consent procedures, and benefit-sharing compliance - providing external verification that is increasingly expected by institutional buyers and due diligence frameworks.

Why compliance is a commercial asset

The legal framework described above is sometimes framed as a compliance burden - a set of requirements that slows research and adds cost. The more accurate framing is different. A dataset without provenance documentation creates legal liability that is proportional to its commercial value: the more valuable what you build from it, the greater your exposure if access cannot be demonstrated to have been lawful.

Full, auditable, specimen-level provenance transforms compliance from a cost into a competitive advantage. It is the difference between data you can commercialise - license, publish, use as the basis for regulatory submissions, deploy in AI models sold to pharma clients - and data that sits in legal uncertainty regardless of its scientific value. For institutional buyers operating in regulated industries, provenance-clean data commands a different category of value than data of unknown or contested legal status.

The Nagoya Protocol created the legal framework. The question for any organisation building on biological data from biodiverse nations is not whether compliance matters - it is whether their data infrastructure was built to satisfy it from the beginning, or whether it is trying to retrofit compliance onto a structure that was not designed for it.