Insurance companies and employers are contractually prohibited from using 23andMe's services. Users also agree not to use the service for forensic genealogy investigations such as those used in law enforcement.
This analysis describes what 23andMe's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These restrictions are designed to prevent your genetic data from being used in ways that could affect your insurance coverage or employment, but their enforceability depends on whether insurers or employers could circumvent them by obtaining data through other means or by having individuals test on their behalf.
Interpretive note: The practical enforceability of this self-attestation prohibition depends on whether 23andMe has technical or procedural mechanisms to detect and prevent employer or insurer use, which are not described in the excerpted terms.
The updated Terms now apply only to users who live outside the United States, Canada, EEA, UK, and Switzerland, or who access the Services from outside those regions. US, Canadian, EEA, UK, and Swiss…
The updated Terms of Service now apply exclusively to users in the United States, narrowing the geographic scope from the prior version that addressed users in multiple regions. The terms now contain…
The updated terms now apply only to users who live outside or access services outside the United States, Canada, EEA, UK, and Switzerland. Previously, the terms applied to US-based users. The terms a…
The terms create a contractual barrier against direct employer or insurer use of the service, but consumers should be aware that this prohibition applies at the point of service access and does not address how genetic information, once in a user's possession, might be requested or compelled in other contexts.
How other platforms handle this
Customer will not, and will not permit any other person (including any End User) to: ... (d) attempt to reverse engineer, decompile, or otherwise attempt to discover the source code or underlying components (e.g., algorithms, weights, or systems) of the Mistral AI Products, including using the Outpu...
All content on this Internet site ("the delta.com website") is owned or controlled by Delta Air Lines and is protected by worldwide copyright laws.
You shall not (and shall not permit any third party to) either (a) take any action or (b) Make Available any Content on or through the Services that: [...] (viii) directly or indirectly uses the Services (including, but not limited to, Outputs) to create, train, develop, or improve similar or compet...
Monitoring
23andMe has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"By using the Services or creating an account, you represent, warrant and agree that: You are not an insurance company or an employer; and You will not use the Services for any investigative forensic genealogy uses.— Excerpt from 23andMe's 23andMe Terms of Service
(1) REGULATORY LANDSCAPE: This provision interacts with genetic non-discrimination laws in various jurisdictions. In the US, GINA (Genetic Information Nondiscrimination Act) prohibits employer and health insurer use of genetic information for employment decisions and underwriting, but the US version of the terms governs US users. For international users, equivalent protections vary widely by country. In Australia, the Privacy Act and the Disability Discrimination Act provide some relevant protections. The forensic genealogy prohibition engages law enforcement data access frameworks and may interact with national laws on investigative practices. (2) GOVERNANCE EXPOSURE: Medium. The prohibition on employer and insurer use is a contractual self-attestation mechanism rather than a technical enforcement control. 23andMe cannot technically verify at the point of account creation whether the user is acting on behalf of an employer or insurer, which limits the practical effectiveness of this provision as a protective mechanism. (3) JURISDICTION FLAGS: The adequacy of a contractual prohibition on employer and insurer use as a substitute for statutory genetic non-discrimination protections varies significantly by jurisdiction. Users in countries without equivalent statutory protections should not assume this contractual term provides meaningful protection against downstream misuse. (4) CONTRACT AND VENDOR IMPLICATIONS: Organizations considering enterprise or group use of genetic testing should note that this provision explicitly excludes employers from eligibility, which has implications for any corporate wellness or health program seeking to incorporate genetic testing. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether the self-attestation mechanism for employer and insurer exclusion is sufficient under applicable law in served jurisdictions, and whether additional technical or procedural controls are required to enforce this prohibition in practice.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These restrictions are designed to prevent your genetic data from being used in ways that could affect your insurance coverage or employment, but their enforceability depends on whether insurers or employers could circumvent them by obtaining data through other means or by having individuals test on their behalf.
The terms create a contractual barrier against direct employer or insurer use of the service, but consumers should be aware that this prohibition applies at the point of service access and does not address how genetic information, once in a user's possession, might be requested or compelled in other contexts.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by 23andMe.