The Nagoya Protocol and what it means for the EU


Richard Bassett and Richard Wells

The Nagoya Protocol and what it means for the EU

Alan Uster /

Richard Bassett and Richard Wells look at what EU-based companies must consider in order to comply with the Nagoya Protocol, the regulation aimed at curbing biopiracy.

The Nagoya Protocol implements an objective of the Convention on Biological Diversity (CBD), which aims to provide an international framework for safeguarding the conservation and sustainability of biodiversity, and in particular genetic resources. The protocol requires that, if a genetic resource, or traditional knowledge (TK) associated with such a resource, is used, consent must be received from the country in which it is found and from any local community that claims custodianship over it. In the rest of this article, we shall refer just to the genetic resource, but it should be understood that TK may be involved as well. The user of the genetic resource must also provide fair compensation based on any benefit that it has received from the genetic resource. This is generally referred to as access and benefit sharing (ABS).

The protocol came into force in October but will not come into force in full in the EU until October next year. The US is not a signatory.

The protocol has the goal of trying to redress the perceived unfairness caused by so-called “biopiracy”. A hypothetical example of this is when an entity, usually framed as a multinational pharmaceutical company but it could be a sole academic working in a university, identifies a useful natural product, say a protein isolated from a plant found with the help of the local people, which cures cancer. The entity develops that product into a blockbuster drug. The source of the natural product is soon forgotten and neither the local people nor the country in which the plant exists receives any financial reward. 

The protocol will affect many parts of the life sciences sector. However, as with any aspect of law in its infancy, and especially with international law that has to be interpreted and implemented by individual jurisdictions, the exact impact and steps required to comply with the protocol are not yet clear. Here we discuss what is known, and what the protocol may mean for companies and practitioners operating in the EU.

History and background

The protocol can be traced back to the late 1980s, when the United Nations Environment Programme formed an international convention to protect biodiversity. The CBD came into force on December 29, 1993. It was recognised that there needed to be an international agreement aimed at sharing the benefits of utilising genetic resources. This is the Nagoya Protocol, which was adopted by the Conference of the Parties to the CBD at its 10th meeting on October 29, 2010 in Nagoya, Japan. 

Key points

Two of the main pillars of the protocol are set out in Articles 5 and 6. Article 5(1) states that:

Benefits arising from the utilisation of genetic resources as well as subsequent applications and commercialisation shall be shared in a fair and equitable way with the party providing such resources.

Article 6(1) states that:

Access to genetic resources for their utilisation shall be subject to the prior informed consent of the party providing such resources.

The text of the protocol itself does not set out requirements that will become legally binding on the signatories that ratify it, but it outlines a guide that should be interpreted and enacted into law by each jurisdiction. The legal requirements of two jurisdictions will require consideration: (i) the requirements of the jurisdiction from which the genetic resource is obtained; and, (ii) the requirements regarding the recording of the use of genetic resources in the country of residence of the entity that wants to utilise the genetic resource (“the user”).

Implementation in the EU

The protocol was enacted into EU law on May 16, 2014, in the form of EU Regulation No 511/2014. Because it is a regulation, not a directive, it has direct effect in the national law of each EU member state. 

To try to understand a user’s responsibilities under the two main provisions of the protocol, it is useful to examine Articles 2, 4, 7, 9 and 11 of the EU regulation.

Article 2(1) states that the requirements relate to any genetic resources that are accessed after the protocol comes into force for the EU. Therefore, there appears to be no retrospective requirement for the use of previously-accessed genetic resources to comply with the protocol.  

"as with any aspect of law in its infancy, and especially with international law that has to be interpreted and implemented by individual jurisdictions, the exact impact and steps required to comply with the protocol are not yet clear."

On the other hand, Articles 4, 7, 9 and 11, which relate to a user’s obligations and the enforcement of them, do not come into force until October 2015. Article 4 states that a user is required to exercise due diligence in identifying whether a genetic resource has been accessed in compliance with the Nagoya Protocol. As proof, the user will be required to keep as a record:

(a) an “internationally-recognised certificate of compliance as well as information on the content of the mutually agreed terms relevant for subsequent users,” which is likely to be a document issued by a national authority, or possibly the as-yet unformed Access and Benefit-Sharing Clearing-House, as evidence of obtained prior consent;

(b) or, if such a certificate is not available, to keep a record of:

(i) “the date and place of access” of the genetic resources;

(ii) “the description” of the genetic resources;

(iii) “the source” from which the genetic resources were directly obtained, and the subsequent users of the resources;

(iv) “the presence or absence of rights and obligations relating to access and benefit-sharing”;

(v) “access permits, where applicable”; and

(vi) “mutually agreed terms, including benefit-sharing”.

Article 7 specifies that all recipients of research grants, presumably from the EU or member states, must provide evidence that they have undertaken such due diligence.

Articles 9 and 11 outline that the responsibility for policing compliance with Articles 4 and 7, and for setting the penalties for non-compliance with those articles, resides with each EU member state.

Challenges to the EU regulation

Anecdotal evidence suggests that two groups of companies, respectively led by plant breeders’ associations in Germany and the Netherlands, plan to challenge the EU regulation and attempt to force its annulment. The grounds on which those cases will be based is not yet known, but the breeders have pointed out the impracticality of recording the origin of, and compensating the original “owner” of, the many hundreds of genes that may result from the multiple crossing of plants obtained from many different countries. They cite the example of the International Maize and Wheat Improvement Centre (CIMMYT) wheat variety “Veery”, which is a product of 3,170 crossings between 51 different parental lines originating from 26 different countries. Such a plant variety has been developed over many generations and by many different plant breeders. There is a chance that the outcome of those cases, or future cases, may change the existence or content of the EU regulation.

What should be done?

Neither the protocol nor the EU regulation specifically mentions patents, but one can see how the new law is likely to affect those who intend to file a patent application to pursue protection for a new innovation that uses a genetic resource. At this early stage, the issue of prior consent is likely to be of most importance to applicants; although it is not clear at what point in the process of developing an innovation the consent is absolutely required, it is safe to assume it will be before a patent application is filed.

“Due diligence” is a strong term, and could be regarded as being equivalent to “best endeavours”, thus imposing a significant burden on a user. As of October 2015, users must exercise this due diligence in relation to resources accessed after October 2014. Therefore, users should start now to put in place procedures to record the necessary information. 

Those steps should include:

1.             identifying whether a genetic resource has been used in the invention, product or process;

2.             identifying the country in which the resource was accessed, and when; and

3.             documenting a description of how the genetic resource will be used.

Once armed with that information, a legal advisor in the country from which the genetic resource was obtained should be approached to ascertain whether that country has any requirement for prior consent to be obtained under the protocol and, if so, what form that consent should take. It goes without saying that before any details of an invention to which a patent application is yet to be filed are disclosed to a third party, then a suitable non-disclosure agreement should be in place. 

“Mutually agreed terms” are likely to affect the timing, and possibly even ownership, of patent applications.

Over the coming year, the impact and practical aspects of the protocol, and accompanying EU regulation, should become clearer. However, at this time of uncertainty, a user of a genetic resource should tread carefully, to avoid being tripped up later.

Richard Bassett is a senior partner at Potter Clarkson. He can be contacted at:

Richard Wells is an assistant at Potter Clarkson. He can be contacted at:

Nagoya Protocol; EU; CBD; genetics;