Trusted Research
Providing advice to researchers on how they can protect themselves and their research when engaging in international research collaborations.
Here at the University of Sussex we believe that collaborating internationally is fundamental to delivering world class research and as such we are committed to joining forces with researchers around the world to work on the global challenges that we all face. Whilst this level of international engagement provides a multitude of benefits, it is also important to recognise the potential risks and to take proportionate action to mitigate them in order to safeguard our research. Over recent years, changes in the global geopolitical environment have resulted in an increased focus among universities, funders and the UK government on the risks that researchers and universities can be exposed to when working with partners overseas such as:
- threats to national and border security
- breach of legal and regulatory requirements (including the terms of funding agreements and contracts)
- reputational risks for researchers and institutions
- financial loss (including barring from holding certain sources of funding)
- constraint of academic freedom and freedom of speech or interference with academic discourse
- loss or compromising of data and intellectual property
- breaching of cyber and physical security systems
The Trusted Research campaign (which includes specific guidance for academics) was launched in 2019 by the UK Government's National Protective Security Authority (NPSA) and is designed to help researchers, UK universities and industry partners make informed decisions when collaborating with international partners. The campaign was developed in consultation with the sector and aims to raise awareness of the possible security-related issues when engaging in international research collaborations and provides advice on how to mitigate potential risks in order to protect researchers and their work from threats such as theft, misuse and exploitation.
NPSA Trusted Research introduction video:
The Trusted Research campaign is particularly relevant to researchers in STEM subjects, dual-use technologies, emerging technologies and commercially sensitive research areas but here at Sussex we strongly recommend that all our academic colleagues familiarise themselves with this information. The main security and due diligence-related considerations highlighted in the Trusted Research campaign can be summarised into the following three categories:
- Assessing partner suitability
-
International research collaborations provide partners with access to people, IT infrastructure, and research that may be sensitive or have sensitive applications. It is therefore important to assess the suitability of potential partners before entering into an agreement with them by carrying out due diligence checks.
Due diligence is defined as the investigation, or exercise of care, that a reasonable business or person is expected to take before entering into an agreement or contract with another party. In the context of international research collaborations, due diligence involves the gathering of information on a potential partner including their background and connections in order to form a risk assessment of working with that third party. Furthermore, it is important that the scope and scale of the due diligence undertaken is proportionate to the level of risk and each institutions risk appetite. Once a collaboration has been entered into, due diligence extends to ensuring compliance with the terms of the agreement and any other associated funder requirements and implementing the agreed risk management and mitigation actions during the lifetime of the research project.
Here at Sussex, our Research Development team use due diligence checklists and questionnaires to gather information on prospective international partners/funders and identify potential risks. You can contact our Research Development team at: research_support@sussex.ac.uk. Alternatively, if your query is regarding the due diligence checks carried out on philanthropic gifts or donations to the University from a third party, these are handled by our Development and Alumni Relations Office.
As part of the due diligence checking process, researchers should also consider whether the proposed collaboration could give rise to any conflicts of interest in relation to other research projects they are involved in, contracts they are party to or organisations and countries they may be affiliated with.
For further guidance on assessing partner suitability, the National Protective Security Authority (NPSA) have produced a helpful checklist (pdf) which provides a list of questions that researchers can ask themselves in order to help evaluate their potential research collaborations.
- Compliance with legal and regulatory frameworks
-
Due to changes in the global geopolitical environment in recent years, international collaborative research has become increasingly subject to complex legal and regulatory frameworks. It is therefore important that both the University and individual researchers are aware of their responsibilities in this regard and that they remain compliant with any relevant legislation such as:
- UK Export Control legislation
-
UK export control legislation aims to prevent the proliferation of weapons of mass destruction (WMDs), the illicit transfer of military technology and prevent international threats such as terrorism by restricting the transfer of sensitive goods, technology, information and software to destinations outside of the UK. Export controls include physical exports as well as electronic transfers such as email, telephone, virtual meetings, and transfers by any other means (including verbal communication). Within a university setting, research outputs in STEM areas with potential military or WMD applications are the most likely exports to fall under one or more of the controls and if so a licence may be required before any transfer can be made. Failure to obtain an appropriate licence to export controlled goods is a criminal offence.
Here at Sussex, the General Counsel, Governance and Compliance Division maintain oversight of our compliance with export control legislation including the administration of export control enquiry forms, applying for export control licences and arranging export control training. For more information, please visit the division’s managing risks in internationalisation webpage (login required). Any questions relating to export controls should be sent to the Export Controls Manager via: exportcontrols@sussex.ac.uk
- The Sanctions and Anti-Money Laundering Act 2018
-
Sanctions are restrictive measures that can be put in place to fulfil a range of purposes. In the UK, these include complying with UN and other international obligations, supporting foreign policy and national security objectives, as well as maintaining international peace and security, and preventing terrorism. The UK government implements a range of sanctions regimes through regulations made under the Sanctions and Anti-Money Laundering Act 2018 and publishes the UK Sanctions List, which provides details of those restricted parties. Generally, sanctions measures can be categorised into the following types:
- trade sanctions, including arms embargoes and other trade restrictions
- financial sanctions, including asset freezes
- immigration sanctions, known as travel bans
- aircraft and shipping sanctions, including de-registering or controlling the movement of aircraft and ships
Here at Sussex, our Finance Division’s sanctions webpage provides further information and summarises those countries and regions which are subject to sanctions. Countries and regions on the broad list have almost all economic activity sanctioned whilst those on the narrow list have sanctions applied to specific entities. In both cases a sanctions assessment is required. It is important to note that the University has a legal obligation to comply with UK and international sanctions laws. Non-compliance could lead to fines, withdrawal of funding, and reputational damage. For more information, please visit the General Counsel, Governance and Compliance Division’s managing risks in internationalisation webpage (login required).
- The National Security and Investment Act 2021
-
The National Security and Investment Act 2021 (the NSI Act) came into force on 4 January 2022. The NSI Act grants the UK government the right to scrutinise and intervene in certain business or commercial acquisitions made by anyone, including universities, that could harm the UK's national security. Universities and other research organisations should be aware of the NSI Act when collaborating with third parties to acquire, sell or develop certain qualifying entities and assets. In the higher education and research-intensive sectors, a qualifying asset could include but is not limited to: designs, plans, drawings and specifications, software, databases, source code, algorithms, formulae, tangible moveable property like lab equipment and intangible property such as ideas which have industrial, commercial or other economic value (‘intellectual property’).
The NSI act requires the University to notify the government if acquiring entities or assets in one of 17 areas of the economy deemed sensitive to national security, such as advanced materials, robotics, quantum technologies, artificial intelligence and synthetic biology. It is important to note that under the NSI Act the UK government has the power to assess an acquisition, block or unwind transactions and impose sanctions for non-compliance. The UK government has published guidance specifically focused on the higher education and research-intensive sectors which provides useful information and gives practical examples of the NSI Act in relation to common academic activities such as international collaborations, industry partnerships and donations.
Here at Sussex, the General Counsel, Governance and Compliance Division maintain oversight of our compliance with the NSI Act. For more information, please visit the division’s managing risks in internationalisation webpage (login required). Any questions relating to the NSI Act should be sent to the Export Controls Manager via: exportcontrols@sussex.ac.uk
- The Academic Technology Approval Scheme
-
The Academic Technology Approval Scheme (ATAS) is run by the UK government and seeks to prevent the transfer of information, knowledge or technology which could be used in programmes to develop Advanced Conventional Military Technology (ACMT), Weapons of Mass Destruction (WMDs) or their means of delivery. All international students and researchers (apart from some exempt nationalities) who are subject to UK immigration control and are intending to study or research at postgraduate level in certain sensitive subjects must apply for an ATAS clearance certificate before they can study or start research in the UK. Sensitive subjects include:
- Astronomy
- Biochemistry
- Biology
- Chemistry
- Cognitive Science
- Engineering
- Genome Stability
- Informatics
- Mathematics
- Neuroscience
- Physics
Here at Sussex, applicants who are applying to study a PhD with us and require ATAS clearance will receive information regarding this as part of the application process run by our Admissions Office. Any questions related to ATAS clearance for PhD applicants should be sent to: phd.applicants@sussex.ac.uk. Once a PhD applicant has arrived and registered as a Sussex student, any situations which give rise to the need to re-apply for ATAS clearance (such as changes to course/research area or course extensions) are handled by the Student Administration team. Any questions related to ATAS clearance for registered PhD students should be sent to the UKVI Records Officers via researchstudentvisas@sussex.ac.uk. Further information can be found on our Student Hub.
International research staff and academic visitors who are applying for a visa to come to Sussex may also require ATAS clearance. This Scheme has been in place for sponsored research staff and visitors since May 2021. Any individual applying for sponsorship under the Skilled Worker or Tier 5 (GAE) routes will need to gain ATAS clearance if they are conducting research in a sensitive subject and are not an exempt nationality. This applies to both new starters and existing staff who are extending their contracts and visas. Further information can be found on our Human Resources webpages. Any questions related to ATAS for research staff and academic visitors should be sent to the HR Compliance team: hrcompliance@sussex.ac.uk
- The Data Protection Act 2018 and the General Data Protection Regulation
-
The General Data Protection Regulation (GDPR) is a legal framework that governs how personal data from individuals in the EU is collected, processed, stored and transferred. Under these regulations, everyone responsible for using personal data must follow a set of rules called ‘data protection principles’. These include such requirements as ensuring that the information is used fairly, lawfully, transparently and for explicit purposes, is accurate and kept up to date, only held for as long as is necessary and is handled securely. The Data Protection Act 2018 is the UK’s implementation of GDPR legislation.
It is important that researchers are aware of their responsibilities regarding data protection and that they follow the University's advice on developing robust data management plans. For more information, please refer to the University’s data protection and records management webpages.
- The Nagoya Protocol
-
The Nagoya Protocol is an international legal framework that enables equitable sharing of non-human genetic material (plant, animal, microbial, other) including the traditional knowledge associated with the genetic resources, and the benefits that arise from their use. Researchers who use such material are required to follow certain steps to ensure that genetic resources (and the traditional knowledge associated with those resources) have been accessed in accordance with applicable access and benefit sharing laws implemented by the provider country. It is worth noting that whilst the Nagoya Protocol does not strictly fall under the umbrella of Trusted Research (since it is not security-related), it still merits inclusion on this webpage as another example of a legal framework which requires consideration when engaging in international research activities. It is important to note that failure to comply with this legislation can potentially constitute a criminal offence and could result in liability for both the University and the individual researcher. For more information, please refer to the University’s Nagoya Protocol webpage.
Local legislation
Researchers should also consider how their international collaborations and partnerships may be impacted by local legislation in the partner’s country. For example, it is common for other countries to have their own legislative frameworks regarding export controls, intellectual property and data sharing.
- Protection of intellectual assets
-
When entering into international research collaborations, it is important to protect the resulting intellectual assets via appropriate contractual agreements. These should cover key considerations such as the right to publish results and who will own any intellectual property (IP) that is generated. For more information, please visit the University’s Contracts and IP webpage.
In order to safeguard research data and intellectual assets, due consideration should also be given to information security. Information security refers to the protection of sensitive data, information and information systems (including physical devices and servers) from misuse, unauthorised access, disclosure, disruption, modification or destruction. Cyber-attacks and the insecure storage and sharing of information can put research data and intellectual property at risk. Researchers involved in international collaborations, particularly in vulnerable areas such as applied research, should consider whether their research is commercially sensitive, has potential for patent or is related to matters of national security/defence. If so, appropriate additional information security and risk mitigation measures may need to be put in place to safeguard the research data and intellectual assets.
Here at Sussex, in order for us to meet our legal and compliance obligations and protect our reputation, the information we hold and process, and the systems and devices the University uses to carry out work and study, must be appropriately secure. As such, the University has in place various information security measures including a cyber security programme to protect against internal and external threats. The advice provided covers key security measures such as keeping software up-to-date, using strong passwords, being mindful of spam, scams and phishing emails, using anti-virus and anti-malware software and staying up-to-date with information security training. For more information, please see the University’s information security webpage and IT Services webpage on security tips.
Local legislation
Further to the above, it is recommended that researchers involved in international collaborations also familiarise themselves with any relevant local legislation in the partner’s country. In terms of protecting intellectual assets, this would involve checking local intellectual property legislation and being mindful of any laws which could permit local authorities to access sensitive data without a researcher's consent.
Overseas travel
The Trusted Research campaign also addresses the security risks involved in travelling overseas and offers advice to researchers on how to protect themselves and their research when attending conferences, conducting fieldwork, teaching overseas and making visits to partner institutions. For more information, please refer to the Trusted Research Countries and Conferences Guide (pdf). The University also provides its own advice to students and academics who are planning to travel overseas for research-related activities. Some useful sources of information are as follows:
- IT Services - Travelling Abroad with University Information policy (pdf)
- General Counsel - Export controls guidance for international travel (login required)
- Finance Division - Travel Insurance advice
- Health and Safety - Travel on University business and off-site working
- Additional resources for researchers
-
Questions for researchers to ask themselves
When thinking about engaging in an international research collaboration, researchers should consider the following questions:
Useful videos to watch:
- NPSA Implementation Scenarios (VIDEO)
- Trusted Research - Risk Case Studies (VIDEO)
Contact us
Questions regarding the Trusted Research campaign should be sent to the Senior International Governance Officer via: trustedresearch@sussex.ac.uk