Skip to content
The UK's only independent think tank devoted to higher education.

The Fragmented Research Security Environment

  • 2 June 2022
  • By Chaitali Desai

On Thursday, 9 June 2022, HEPI will host its Annual Conference in central London. Titled ‘Challenges for the future?’, the day will include the launch of the Advance HE / HEPI 2022 Student Academic Experience SurveyRegister here.

This blog was written by Chaitali Desai, Research Compliance Manager at the University of Bristol.

Within the higher education sector, research security has become an increasing focus of discussion, particularly since the implementation of the National Security and Investment Act (NSIA) at the start of 2022. The Act adds to the Government’s ability to identify potentially hostile actors and prevent them from having access to sensitive technology and information through their relationships with universities. The Government’s intention is laudable and timely in view of the current geopolitical landscape. Nevertheless, research academics could potentially see the introduction of the Act as only adding to awkward layers of research security that they must work through to get their projects off the ground.

The legislation chimes with the apparent public desire, post-Brexit, for a more interventionist Government to prevent involvement from, or acquisition of, assets and entities in the UK by foreign organisations. In many ways, it will provide funders and investors with a more transparent process to secure clearance of relevant acquisitions, to avoid spending time and resources on collaborations that later throw up potential national security concerns which can delay progress and, in some cases, stop work altogether. The Department for Business, Energy and Industrial Strategy (BEIS) is the Government department responsible for regulating compliance with the legislation. Once the Investment Screening Unit (ISU, operating within BEIS), has confirmed a transaction is clear to proceed, a research project can then continue with the formal assurance that it will not be blocked further down the line, barring any fundamental changes.

The main aim of the legislation seems to be to safeguard the security of company mergers and acquisitions, to avoid handing knowledge and control to foreign powers that would inadvertently serve to undermine the UK’s own national security. However, the impact that this will have on the higher education sector will also be significant. The research sector may start to see difficulties in seeking wider international collaborations, and trying to attract funding available from international entities that is not available domestically. The Government maintains that it has no desire to ‘close the gates’ to foreign investment and international collaboration. Nevertheless, the current framework of national security legislation does have the potential to narrow their route, if decisions suggest a pattern in the nationality or origin of parties that are repeatedly considered a potential risk.

In the case of the NSIA, BEIS has published guidance notes and conducted advisory seminars which they expect to refine over the next few months, once they have had the opportunity to consider the nature and volume of notifications the ISU is receiving, and assess whether processes are achieving their intended aims. These have been helpful, and the intention to provide support to the higher education sector has been apparent by the creation of the new Research Collaboration Advice Team (RCAT) that has actively taken steps to engage with universities about their practical concerns.

The creation of dual advice points does have the potential to muddy the waters, though, particularly for those dealing with compliance in the higher education sector. The ISU has confirmed that they will provide guidance as to whether or not a notification should be submitted for assessment; however, at the same time, universities are encouraged to approach RCAT for guidance before turning to the ISU. RCAT have specifically said they cannot advise whether a notification should or should not be made, which raises questions over the efficiency of approaching RCAT at all. Would it not make sense to go straight to the ISU? The potential confusion or overlap of available touchpoints on NSIA queries risks adding to the time and resource requirement that universities may incur to ensure that research work complies with the new legislation. How this is practically resolved remains to be seen over the coming months, and further clarity around scope and purpose from RCAT will be key to its success.

Transactions that fall within the scope of the NSIA could also fall within scope of the Export Control Regulations (which are more concerned with what is being exported to potentially hostile actors, as opposed to who those hostile actors may be). The overall purpose of the Regulations is similar to that of the NSIA – making sure that information or material leaving universities does not inadvertently undermine national security. However, the regulator for export control issues is a separate body: the Export Control Joint Unit (ECJU).

Administratively, this may have been a decision taken to manage workload and assess how each separate piece of legislation is implemented, but RCAT and the ISU have yet to provide clarity as to whether they have a clear line of communication with the ECJU. This may generate more queries from legal compliance personnel in the higher education sector, and expose the potential for gaps in communication. If a university approaches one of these regulators, will their concerns raise flags with the other? Will that cause further delays? Will there be consistency in their approach to the same research project?

The ECJU has also informally signposted universities to the Higher Education Export Control Association (HEECA), set up by export control practitioners in higher education to discuss the development and dissemination of best practice across the sector. While collaborative conversations are always helpful, there is nothing to stop the ECJU from taking a different view in relation to a particular export or following an audit. Again, only time will tell how the governance of overlapping legislation works out in practice.

Another consideration for research academics is the Academic Technology Approval Scheme (ATAS). This has been expanded to mandate that ATAS Certificates must be secured by visiting research staff and postgraduate students if they are nationals of particular countries. Government guidance sets out which countries’ nationals need not apply for ATAS clearance. Academic staff trying to secure certificates for any non-European / US nationals are already beginning to face delays in their applications being processed, which will, in turn, have an impact on funding and progress of proposed research work. An underlying risk here is that the list of countries with ATAS clearance will be seen as the threshold for compliance of research collaboration generally, potentially undermining the more complex purpose of the NSIA and Export Control Regulations.

These measures could evoke a somewhat fragmented approach to compliance with national security legislation and make it difficult for universities to manage their responses with consistency. Some universities may not have the staff or resources to do this in a streamlined manner: for example, export control and the NSIA may be dealt with by Contracts Officers, and ATAS certificates by Human Resources, which makes it tricky to guarantee a homogenous approach to the applicable risk thresholds for each, and could mean research academics would need to seek advice from different contact points for the same research project. The Nagoya Protocol on access and benefit sharingSubsidy Control Act and Higher Education (Freedom of Speech) Bill all have implications for research work conducted within the higher education sector, too, and their application could sit within any professional services team. As a result, securing a harmonised approach to research security across the board may prove harder than it should be.

While there is a lot of available guidance from the Government and regulators on many aspects of research security compliance, a risk that should be recognised is the potential for academics to believe that complying with one of these pieces of legislation clears their work in all other respects, too. The possible need to engage with different people multiple times to be sure their research is cleared may also have a negative impact on engagement with academics, who can sometimes see legal compliance personnel as a barrier to their work. Ultimately, this could create circumstances where the need to comply with legislation that has the capacity to stop their work at the cost of significant time and funding, and possibly open them up to criminal sanctions, too, could be inadvertently overlooked, meaning that the safeguards devised will have failed to capture exactly the kind of control or intervention from hostile actors they were designed to protect against.

Register here for HEPI’s annual conference on Thursday 9 June 2022.

Get our updates via email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Leave a Reply

Your email address will not be published. Required fields are marked *