Research Data Management NIH Genomic Data Sharing Policy

The genomic data sharing (GDS) policy went into effect in 2013. On January, 25, 2025, major updates regarding data access and security will go into effect. The policy applies to both the generation and use of genomic data:

Generation of genomic data

The GDS Policy applies to all NIH-funded research that generates or uses “large-scale human or non-human genomic data,” and requires the submission of a data management and sharing plan (see the NIH DMS policy page for general information on writing a DMS plan). The GDS policy requires researchers to deposit genomic data in an appropriate repository and, in the case of sensitive human genomic data with the proper access controls. NIH controls access to individual-level human genomic data contained in NIH repositories.

To comply with the GDS policy, NIH expects that investigators and institutions:

• Develop and provide a plan for sharing genomic data
• Provide an Institutional Certification form before the notice of award, if working with human data
• Share genomic data in a timely manner to an appropriate repository

Use of restricted genomic data for research

Researchers must submit a request to NIH to access controlled-access data from one of the 20 NIH-repositories listed. As part of the request, they must agree to adhere to the Data Use Certification Agreement (DUC) that contains the terms and conditions of use and follow the Genomic Data User Code of Conduct. If NIH grants their request, they become an "Approved User" and are permitted access to the data for two years, at which time they will either need to renew or close out the DUC.

To comply with the GDS policy, NIH expects that investigators and institutions:

• Responsibly use controlled-access data
• Appropriately cite controlled-access data in publications and presentations

Scope and Applicability

This update applies to all NIH funding mechanisms (grants, cooperative agreements, contracts, Other Transactions, and intramural support) regardless of the activity code that support the following activities:

• Approved Users of controlled-access human genomic data from NIH controlled-access data repositories. NIH controlled-access data repositories and access systems that meet the following criteria:
  • Are supported by a NIH grant, cooperative agreement, Other Transaction, contract, or intramural support
  • Provide long-term storage for, or control access to, human genomic data generated and shared under the GDS Policy
  • Control access to human genomic data by prospective review of data access requests or partner with access systems that control access via prospective review of requests
  • Use federal employees to conduct reviews and authorize access, or partner with access systems that use federal employees for those purposes.
• Developers who test platforms, pipelines, analysis tools, and user interfaces that store, manage, and interact with human genomic data from NIH controlled-access data repositories as well as provide infrastructure development and repository maintenance.
• NIH will treat cloud workspaces meeting the above criteria as controlled-access data repositories subject to the relevant expectations under this update.
• NIH does not intend to include in the definition of controlled-access data repositories activities such as consortia data coordinating centers or similar activities that do not share data outside of a specific program or initiative.

For more detailed information, see the official notice from NIH and visit the NIH Genomic Data Sharing Policy page and UAB reporter article.

Individual NIH Institutes, Centers, or Offices may have additional expectations - Learn more about the requirements from each NIH Institute & here: Genomic Data Sharing Policy Expectations by NIH Institute & Center