Three of the most powerful leaders in artificial intelligence, OpenAI’s Sam Altman, Anthropic’s Dario Amodei, and Google CEO Sundar Pichai, are urging lawmakers to write a dedicated law governing genetic testing.
Their message is blunt: DNA tests are exploding in medicine and consumer kits, AI is making genetic data far more valuable and easier to analyze, and the legal guardrails haven’t kept up. Without clear rules, they warn, genetic information could be misused, fueling discrimination in hiring, insurance pricing, and access to services.
The call lands at a moment when Americans are increasingly familiar with at-home ancestry tests and when hospitals are using genetic screening to guide treatment. But unlike a password or a credit card number, your genome can’t be changed after a breach, and it can reveal information not just about you, but about your relatives.
Why Altman, Amodei, and Pichai want a genetic testing law now
Altman runs OpenAI, the company behind ChatGPT. Amodei leads Anthropic, another major AI lab. Pichai heads Google, whose products and cloud infrastructure touch huge swaths of the internet. When executives like these ask for regulation, it’s rarely altruism alone, and it’s rarely casual.
They’re arguing that genetic data deserves its own legal category, with stricter rules than typical “personal data.” A genetic test can flag inherited disease risk, predict how someone might respond to certain medications, or reveal other biological markers. That information can shape life-altering decisions, and it can also be weaponized to profile people.
The CEOs are pushing for requirements around informed consent, security standards, and strict limits on how genetic information can be used. The concern goes beyond privacy: a test result could influence whether someone gets hired, how much they pay for coverage, or whether they’re offered certain services at all.
There’s also a geopolitical and business reality underneath the appeal. Rules vary widely across countries, creating gray zones for companies operating globally. A stable legal framework can protect consumers while also giving companies clearer boundaries for building genetic testing services, analysis tools, and health-data platforms.
And yes, there’s reputational self-interest here. Big Tech is routinely accused of vacuuming up sensitive data and monetizing it. Supporting a law lets these companies signal they’re willing to accept limits. But the real test would be what the law actually says, who enforces it, what penalties apply, and how data-sharing is policed.
Medical tests and consumer DNA kits are generating permanent, high-stakes data
Genetic screening is spreading through two pipelines. One is clinical: tests ordered or offered through health care to confirm diagnoses, assess inherited risk, or tailor treatment. The other is direct-to-consumer: kits marketed for ancestry, traits, and sometimes health indicators.
In both cases, the data is unusually durable. Your genome doesn’t change, and as science advances, old genetic data can yield new insights years later. That makes it attractive to a long list of players, labs, hospitals, researchers, insurers, employers, and tech platforms.
It also makes it attractive to hackers. A leak of genetic data isn’t like a leaked password. You can reset a password. You can’t reset your DNA. The risk isn’t just identity theft; it’s exposure of deeply personal biological information that could follow someone for life.
Consent is another mess. Many platforms offer broad “share for research” or “improve our services” checkboxes that don’t spell out what users are really agreeing to. Others rely on partners and subcontractors, creating long chains of access. The key questions become: Who gets the data? For what purpose? For how long? How anonymous is it, really? And can a person truly withdraw it later?
Even “anonymized” genetic data can be fragile. DNA is close to a unique identifier, and it can often be matched with other datasets. As more databases grow and more public information becomes searchable, the risk of re-identification rises.
AI is supercharging genetic analysis, and the potential for re-identification
AI changes the economics of genetic data. Machine learning systems can sift massive datasets and find correlations between genetic variants and disease risk, drug response, or other traits. That can accelerate biomedical research and improve care.
But it also shifts the risk calculus. Data that seemed harmless or low-value a few years ago can become highly predictive as models improve. And as AI gets better at inference, it can sometimes tease out sensitive attributes even from aggregated datasets.
The CEOs’ argument is that laws should focus on purpose and explicit prohibitions, what genetic data can and cannot be used for, backed by real enforcement. Otherwise, “secondary uses” become tempting: data collected for one reason quietly repurposed for another.
AI also increases the value of “enriched” data, genetic sequences combined with medical records, prescription histories, lifestyle information, and environmental factors. That raises a political question the U.S. has never fully answered: who owns the value created from biological data, the individual, the health system, the lab, the platform interpreting it, or the company training models on it?
And then there’s liability. If an algorithm-driven interpretation leads to a medical, or quasi-medical, decision and it’s wrong, who’s responsible: the model developer, the test provider, the doctor, or the platform presenting the results? A dedicated law could clarify validation standards, transparency requirements, and the role of human oversight.
What lawmakers could target: consent, insurance and job discrimination, and data security
The debate centers on three pillars: informed consent, limits on use, and non-discrimination.
On consent, lawmakers could require plain-language disclosures, granular opt-ins, and bans on catch-all permissions, especially for consumer DNA tests where users may not have a clinician to explain what results can reveal, including unexpected findings.
On insurance and employment, the goal would be to block genetic information from being used to deny coverage, raise premiums, or screen out job candidates, preventing a marketplace where biological risk becomes a tool for sorting people into winners and losers. Any exceptions, such as tightly defined public health uses, would need narrow language to avoid loopholes.
Data governance would likely include security standards such as encryption, access controls, logging, and regular audits, plus limits on retention and clear deletion procedures. Policymakers would also have to balance those protections with legitimate research needs that sometimes require long-term datasets.
Portability, letting people move their results between providers, hospitals, or apps, could give individuals more control, but it also increases the number of places data can leak. That would require secure formats, stronger authentication, and restrictions on non-medical reuse.
any law is only as strong as its enforcement. Without an empowered regulator that can investigate and penalize violations, rules stay theoretical. And because genetic data often moves across borders, between labs and cloud servers in multiple countries, U.S. rules would still collide with a patchwork of international standards.
FAQ: Why would AI CEOs ask for regulation?
They argue that genetic data is uniquely sensitive, AI is rapidly increasing its value and the ability to analyze it, and a dedicated legal framework is needed to enforce meaningful consent, prevent misuse, and reduce discrimination risks.
















