This post is an example, basic policy brief/commentary that takes a look at ATM Governance (within the financial industry) and attempts to translate concepts in the direction of regulation approaches for Benchtop Synthesizers. Inspired by https://ifp.org/securing-benchtop-dna-synthesizers/

1. ATM Governance Overview

Automated Teller Machines (ATMs) operate within a tightly controlled ecosystem, even when privately owned. Each ATM involves multiple actors: the machine owner (operator), the sponsoring bank, payment networks such as Visa or Mastercard, and regulatory authorities.

Hardware standards (EMV, tamper resistance) prevent unauthorized modifications, while networks authenticate each transaction in real time, enforce withdrawal limits, and detect anomalies. Regulatory frameworks require Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance and reporting, and liability is shared between operators and sponsoring banks, often supported by insurance. The result is that ATMs cannot function as independent, unmonitored devices as every transaction is logged, auditable, and mediated through the network [1][2].

Article image
Figure 1: High level overview of relationship between regulators and ATM operators.

2. Parallels to Benchtop Synthesizers

Benchtop synthesizers share key functional similarities with ATMs. Like the EMV card or cash cassette in an ATM, reagents and consumables are necessary for benchtop device operation, making them a natural control point [3]. The clearinghouse and payment network in banking parallel a neutral or vendor-managed attestation service, which can authorize and log DNA synthesis “transactions.” Operator accountability can be established through a sponsoring institution, analogous to bank sponsorship. Fraud monitoring corresponds to anomaly detection on operator behavior, consumable use, and device run frequency. Liability frameworks in the ATM world may help provide a template for shared responsibility between operators, sponsoring institutions, and clearinghouses in laboratory settings [1][3].

Article image
Figure 2: Intervention locations that guide ATM governance that have clear parallels for benchtops.

Example translation of cash management oversight into benchtop consumables:

A significant risk factor for misuse of ATMs, such as with money laundering, is the source of replenishment of cash for the ATM. This could be sourced from an account at the sponsoring bank which would pose relatively lower risk because those funds are already tracked under oversight requirements for suspicious activity. Additionally, regulations requiring customer identification, use intentions, and reporting requirements apply to those specific bank accounts. If the cash for an ATM is replenished from sources that cannot be verified, such as outside of the sponsoring bank, this can trigger auditing and oversight activities to remediate the risk.

Applying this to benchtop synthesizers, the sponsoring body could be required to supply consumables to the benchtop operator. By extension, it may be possible to modify the benchtop to only work with verified sponsor-provided consumables via cryptographically authenticated cartridges, for example, which is analogous to card authentication mechanisms for ATMs.

Article image
Figure 3: Translation of ATM approach for consumables management to Benchtops

Example of benchtop-use authorization in network and non-network connected environments:

While there are many large differences between the two devices, there is a tactical solution that exists currently that may be a strong method for monitoring and preventing misuse. This approach mirrors transaction tracking and card verification performed by the sponsoring bank and payment processor, where only legitimate cards linked to legitimate accounts can be used to perform transactions.

SecureDNA's Exemption Certification System enables authorized researchers to access hazardous DNA sequences safely and efficiently [4]. The benchtop devices can be programmed to require a digital certificate that is tied to a hardware token. In such cases, the permission for a given DNA order must be first screened via a centralized server, which then returns a digital certificate with permission to synthesize that particular sequence. The hardware token can then be physically brought into the air-gapped facility, which will provide permission for the device to synthesize such a sequence[3]. Because this approach is already incorporated into SecureDNA’s benchtops, it suggests that future policy can enforce this approach in a privacy-preserving way while ensuring the device is being used for appropriate purposes. Of course, it does not rule out certain scenarios, but it does raise the bar for threat actors.

Article image
Figure 4: Comparison of ATM transaction verification process and SecureDNA certification process for authorized benchtop run.

3. Current Differences (Benchtops vs ATMs)

Despite these parallels, benchtops differ in important ways. Devices are widely distributed in private labs and can operate offline, unlike ATMs, which require constant network connectivity. Consumables are often purchased without identity or usage verification, leaving gaps in supply-chain security. Logging is minimal or locally stored, with no immutable network-escrowed audit trail. Regulatory oversight is inconsistent across jurisdictions, and there are no standardized international compliance frameworks. This all results in making it easier for decentralized misuse to occur. These differences highlight the need for policy and technological adaptations to bring benchtops closer to the accountability model used in banking [3].

4. Weaknesses & Countermeasures

Across a broad array of similarities between the devices, benchtops can benefit from solutions to problems that ATM governance frameworks have already sought to solve.

While ATM governance solutions, both policy and tactical, are not perfect, there are additional areas such as insider misuse and theft of device that can be considered. In these cases, it may be possible to require multi-factor authentication for device use, or utilize behavior anomaly detection software to analyze insider device use.

Below, the main weaknesses in policy targets are detailed with specific countermeasures that are borrowed from ATM approaches. Overall, these approaches to accountability for benchtops would aim to make it much more difficult for unauthorized device usage to occur.

Considering the risk from decentralized misuse of the device, these countermeasures may not be enough but hopefully can serve as a starting point to be leveraged into the benchtop synthesizer policy ecosystem.

Article image
Figure 5: Table of Concerns/Risks for policy approaches, Countermeasures to address the concerns, and what they borrow from ATM regulations.

5. Recommendations

To translate ATM-level accountability to benchtops, several measures are recommended:

Consumable Gating: Require all sensitive runs to use authenticated and traceable reagents [3].

Consumable Gating:

Require all sensitive runs to use authenticated and traceable reagents [3].

Sponsoring Institution Model: Operators should be registered with sponsoring institutions that take responsibility for oversight, analogous to bank sponsorship [3].

Sponsoring Institution Model:

Operators should be registered with sponsoring institutions that take responsibility for oversight, analogous to bank sponsorship [3].

Network-Mediated Logging: Implement a clearinghouse or neutral attestation service for sensitive runs; offline caching and later reconciliation allowed for continuity [1][3]. SecureDNA offers a methodology already to perform this even for air-gapped device operations [3][4].

Network-Mediated Logging:

Implement a clearinghouse or neutral attestation service for sensitive runs; offline caching and later reconciliation allowed for continuity [1][3]. SecureDNA offers a methodology already to perform this even for air-gapped device operations [3][4].

Immutable Audit Trails: Device HSMs sign run manifests; optionally escrowing logs to a neutral third party [3]. Privacy can still be preserved in logging.

Immutable Audit Trails:

Device HSMs sign run manifests; optionally escrowing logs to a neutral third party [3]. Privacy can still be preserved in logging.

Dual-Operator Approval Protocols: Require two-person approvals for high-risk operations and monitor operator behavior for irregularities [3].

Dual-Operator Approval Protocols:

Require two-person approvals for high-risk operations and monitor operator behavior for irregularities [3].

Compliance with International Standards: Devices, consumables, and operational procedures should comply with ISO, NIST, OSTP, or IGSC guidance [3].

Compliance with International Standards:

Devices, consumables, and operational procedures should comply with ISO, NIST, OSTP, or IGSC guidance [3].

Liability and Insurance Frameworks: Clearly define responsibility between operator, sponsor, and clearinghouse. Require insurance coverage for high-risk operations [1][3].

Liability and Insurance Frameworks:

Clearly define responsibility between operator, sponsor, and clearinghouse. Require insurance coverage for high-risk operations [1][3].

Location Use Verification and Theft:ATMs generally have GPS devices to help track location. This could be considered as an additional factor for both tracking whereabouts of a purchased benchtop device to ensure it is being used according to its operator’s intended location-of-use for transparency and verification purposes, and for detecting theft and therefore subsequent risk for misuse.

Location Use Verification and Theft:

ATMs generally have GPS devices to help track location. This could be considered as an additional factor for both tracking whereabouts of a purchased benchtop device to ensure it is being used according to its operator’s intended location-of-use for transparency and verification purposes, and for detecting theft and therefore subsequent risk for misuse.

6. References

[1] PCI Security Standards Council. (2020). ATM Security Guidelines: Information Supplement. https://www.pcisecuritystandards.org/

[2] Federal Financial Institutions Examination Council (FFIEC). (2021). Independent ATM Owners or Operators. https://www.ffiec.gov/

[3] Langenkamp, M. (2024). Securing Benchtop DNA Synthesizers. Institute for Progress. https://ifp.org/securing-benchtop-dna-synthesizers/

[4] SecureDNA Exemption Certification System. (2025) https://securedna.org/exemption_certification_system/