Trusted Research and Innovation is concerned with protecting research, intellectual property, researchers and institutions from potential reputational, ethical, legal and financial risks that could arise through the theft, misuse or exploitation of their research.

Whilst most international collaborations proceed smoothly, in the context of an increasingly complex geopolitical environment, institutions and researchers must stay alert to potential risks and, where necessary, take mitigating steps to safeguard the integrity of their work.

The UK Government National Protective Security Authority (NPSA) has developed Trusted Research guidance in collaboration with the research and academic community. It aims to help the UK’s world-leading research and innovation sector maximise the benefits of international partnerships while protecting intellectual property, sensitive data, and personal information.

The primary goal of Trusted Research is:

To raise awareness of the risks to research collaborations which may occur when working with organisations or research partners with links to nations whose democratic and ethical values are different from our own.

National Protective Security Authority

NPSA video (1min 49sec)

Before engaging in international collaborations, institutions and researchers are responsible for assessing any Trusted Research considerations in order to identify and mitigate security risks that could arise from:

• • Reputational damage: collaborating unknowingly with organisations linked to unethical or other questionable practices; 
  • Theft: foreign states or entities seeking to steal data or intellectual property; 
  • Misuse: research being repurposed for harmful applications, such as the development of weapons of mass destruction (WMDs), other military or defence uses or tools that could be used for the suppression of civilian populations.

Familiarity with the NSPA Trusted Research Guidance for Academia and Trusted Research Countries and Conferences Guidance is essential for researchers engaged in international collaborations. These resources offer practical steps to help:

• • Identify risks: evaluate potential threats and make informed decisions on how to mitigate them;
  • Collaborate securely: build international partnerships with confidence while maintaining safety and compliance;
  • Protect assets: safeguard intellectual property, sensitive data, and personal information;
  • Prevent exploitation: protect research from theft, misuse, or unethical applications.

By staying vigilant and adopting these practices, researchers can protect their work while fostering responsible international partnerships.

The University encourages researchers to familiarise themselves with the UKRI Trusted Research and Innovation Principles ahead of engaging an international partner and to follow five key steps to help ensure the success of their collaboration:

1. Protecting Intellectual Property (IP)

• • Identify valuable IP early in the research process and ensure proper safeguards are in place - remember the Impact and Knowledge Exchange team can provide IP advice at any stage of the research life-cycle;
  • Use appropriate legal agreements, such as non-disclosure agreements (NDAs) and intellectual property rights (IPR) agreements, when sharing research;
  • Carefully consider what data or information you are prepared to share ahead of engaging with a partner;
  • Be aware of risks posed by foreign entities seeking to acquire sensitive research.

2. Managing potential conflicts of interest

• • Identify and manage any arising, and potential, conflicts of interest transparently;
  • Disclose all external affiliations, funding sources and international partnerships on grant applications, ethics reviews and research outputs and be transparent about foreign gifts, travel funding or honorary positions;
  • Follow requirements of the University of Aberdeen Code of Practice on Conflicts of Interest in Research and Commercialisation.

3. Due diligence - ensuring ethical international collaborations

• • Ensure appropriate due diligence has been completed on your international collaborators and their affiliations;
  • Avoid partnerships with organisations linked to unethical practices, corruption, or human rights abuses.

4. Safeguarding data

• • Check your team is up to date with annual mandatory information security training;
  • Ensure any personal information of researchers, participants, and collaborators is handled in accordance with the University data protection guidelines and policy;
  • Secure your research data and communication channels against cyber threats by following institutional data management and information security policies and guidance, including on the use of messaging apps;
  • Mitigate risks of espionage or theft by ensuring your research environments (physical and digital) are secure.

5. Complying with legal and regulatory requirements

• • Ensure adherence to data protection regulations including the UK GDPR (General Data Protection Regulation) and Data Protection Act 2018
  • Understand and comply with regulations including Export Control legislation and the National Security and Investment Act (NSIA) - for activities that fall in scope of these an export control licence or NSIA notification may be required before the research can start;
  • Use tools and training resources from the University and external bodies like the Export Control Joint Unit (ECJU) and the Higher Education Export Controls Association (HEECA).

Useful resources

NPSA Trusted Research: Guidance for Academia

NPSA Trusted Research: Guidance for users and providers of shared workspaces and laboratories

NPSA Secure Innovation: Specialised Guidance

Universities UK, UKRI & NPSA : Managing risks in international research and innovation

Funders, including UKRI, the British Academy and the British Council, require Trusted Research statements on applications to some of their funding schemes. Whilst precise requirements vary, a statement describing the University’s approach to assessing and mitigating any potential reputational, ethical, legal, financial or security risks that could be associated with international partners' involvement in a project is usually required.

R&I Research Development or Technology Transfer contacts can provide assistance with completion of Trusted Research statements.

Potential risks that might be taken into consideration when preparing a Trusted Research statement are below, although the final content will be subject to funders’ specific requirements.

Research activities which involve the transfer of technology to an international partner (including intangible technologies such as information, algorithms or data) and which meet any of the following criteria may require an export licence or NSIA notification to the UK government before proceeding:

• Is in one or more of the 17 sensitive sectors defined in the National Security and Investment Act (NSIA)
• May involve items on the UK Consolidated list of strategic military and dual-use items
• Could have dual or end use(s) which may be in scope of UK export controls
• Is in an area, e.g. emerging technologies, or with a partner which could give rise to other national security or human rights concerns
• Falls under US export regulation – is extraterritorial and applies to items which may be imported to the UK for research purposes

Investigators planning collaborative research with an international partner (funded or unfunded) in any of these areas should follow the internal Enhanced Due Diligence procedure to determine whether the planned work is in scope of export control or NSIA legislation. Colleagues can also contact trustedresearch@abdn.ac.uk for guidance.

Navigating Trusted Research can be complex and University researchers are strongly encouraged to make use of the internal and external on-demand training resources available to them:

Research & Innovation are also available to visit Schools and individual research groups to deliver face to face or hybrid workshops. Please contact trustedresearch@abdn.ac.uk

The National Security and Investment Act (NSIA) came into force on 4 January 2022. The NSIA gives the UK Government the authority to call in an acquisition for assessment and scrutinise certain dealings in shares and intellectual property (IP) if it reasonably suspects these collaborations give risk to a risk to national security. It is possible to call in and assess acquisitions made since 12 November 2020 and applies to whether the acquisition has been completed or is still in progress. 

Qualifying acquisitions

The NSI Act only applies to qualifying acquisitions. An acquisition qualifies if all of the following apply:

• the acquisition is of a right or interest in, or in relation to, a qualifying entity or asset  (see paragraph below)
• the entity or asset being acquired is from, in, or has a connection to the UK
• the level of control acquired over the qualifying entity or asset meets or passes a certain threshold
  • shareholding or voting rights cross certain percentage thresholds
  • voting rights permit you to pass or block resolutions governing the affairs of the entity
  • you are able to materially influence the policy of the entity (for example by acquiring the right to appoint members of the board which enables you to influence strategic direction)
  • you are able to use a qualifying asset, or direct or control its use, or do so more than prior to the acquisition.

Details on the NSIA thresholds are available: here 

Qualifying entities and assets

In the higher education and research-intensive sectors, a qualifying entity could include a:

• University
• Trust
• University subsidiary
• University spin-out
• Unincorporated association, such as a research consortium
• Research organisation
• Private company or corporation doing contractual work with a higher education institution or research organisation

Qualifying assets include land, tangible, moveable property, and ideas, information or techniques which have industrial, commercial or other economic value (intellectual property), so this could be:

• Designs
• Plans, drawings and specifications
• Software
• Patents
• Trade secrets
• Databases
• Source code
• Algorithms
• Formulae
• Land
• Laboratory equipment

So if, for example, a third party sponsors research or a research position and acquires rights over intellectual property in or close to one of the 17 sensitive areas likely to give rise to national security risks (see below), this is a qualifying acquisition under the NSI Act and may be called in by the government.

The government has provided general guidance and guidance for academia which includes case studies.

Notifications

Subject to certain criteria, you are legally required to tell the government about acquisitions of certain entities in 17 sensitive areas of the economy (called 'notifiable acquisitions'). If you are entering into activity in any of these areas, it could put you in scope of the NSIA and you may be legally required to tell the government about it (know as a 'mandatory notification'). 

Notifications can take three forms:

• • Mandatory notifications
  • Voluntary notifications
  • Retrospective validations

Following the notification, an initial review period of 30 working days, followed by an assessment period of 45 working days will apply before the results are announced. The outcome will be one of the following: 

• • Acquisition permitted to go ahead;
  • Full national security assessment required;
  • Request for further information; or
  • In-person 'attendance notice' meeting being requested.

Researchers, with the support of their Schools, are advised to read the UK Government NSIA guidance and contact Research and Innovation in order to determine whether their collaboration will fall within this legislation and may need to be put forward for assessment. 

The Academic Technology Approval Scheme (ATAS) is a UK government security clearance system for international students and researchers. It applies to those from certain nationalities who are coming to the UK to study or work in sensitive subjects related to advanced technology, particularly those that could have military applications.

Who needs ATAS clearance?

You will need an ATAS certificate if:

• • You are a non-UK, non-exempt nationality student applying for a postgraduate research course (e.g. Master’s, PhD, or research-based study) in certain sensitive subject areas.
  • You are a researcher applying for a skilled worker visa in relevant fields.

Exemptions apply to certain nationalities, including those from the EU, EEA, USA, Canada, Australia, New Zealand, Japan, and others.

ATAS approval must be acquired before applying for a UK work or study visa.

Which subjects require ATAS?

ATAS applies to courses and research areas related to science, technology, engineering, and mathematics (STEM) that could have dual civilian and military use. These include:

• • Engineering (e.g. aerospace, nuclear, robotics)
  • Physics (e.g. quantum technologies, nuclear physics)
  • Mathematics & Computing (e.g. cryptography, cybersecurity)
  • Materials Science
  • Biotechnology & Chemical Sciences

The UK government provides a list of Common Aggregation Hierarchy (CAH3) codes to determine whether your course needs ATAS.

When you don't need an ATAS certificate

If you’re studying for a postgraduate diploma or PGCE, you do not need an ATAS certificate.

You do not need to apply for an ATAS certificate if:

• • you have Indefinite Leave to Remain (ILR) in the UK
  • you are exempt from UK Immigration Control

Visit the UK government guidance for the full list of ATAS exemptions and instructions on how to apply - Academic Technology Approval Scheme (ATAS) - GOV.UK

UK Export Control legislation regulates the transfer of sensitive goods, technology, and knowledge outside the UK to protect national security, international stability, and prevent misuse (e.g. in military or weapons development or Weapons of Mass Destruction (WMD) programmes). The legislation applies to physical goods, intangible technology, and knowledge transfer, including when researchers collaborate internationally.

Academic activities that may fall in scope of UK Export Control legislation include: 

• • Formal and informal academic interactions
  • Overseas visits
  • International conferences
  • Data sharing
  • Exchange of research materials, information, and equipment
  • Hosting of short and long-term visitors
  • Supervision of international studentships

The UK Government has provided guidance on how the UK strategic export controls apply to academics, university researchers and their institutions, and when an export licence is needed.

1. What is covered under UK Export Control legislation?

UK export controls apply to:

A. Military and dual-use goods & technology

• • Military items – weapons, ammunition, military vehicles, or technology designed for defence use.
  • Dual-use items – civilian-use goods that could also be used for military applications (e.g., cybersecurity, encryption, artificial intelligence, aerospace, drone technology, and advanced materials).
  • Software & data – exporting encrypted software, advanced AI models, or nuclear-related data may require approval.

B. University research & technology transfers

• • Researchers must comply with Export Control legislation if their work involves sensitive STEM subjects (e.g., advanced physics, cryptography, aerospace, quantum computing, synthetic biology).
  • Sending research data, technical designs, or knowledge to restricted destinations may require an export licence.
  • Even sharing controlled technology via email, cloud storage, or presentations at overseas conferences is subject to controls (this is called an "intangible transfer").
  • Sharing controlled research as part of the publication process (such as with a reviewer overseas or peer review before publication) may require an export licence.

C. Countries of concern & sanctions

• • Exports to sanctioned countries (e.g., Russia, Iran, North Korea) face strict controls.
  • Collaboration with institutions linked to foreign militaries or governments may be restricted.

2. Key regulations & licensing

A. Export Control Act 2002 & UK Strategic Export Control Lists

• • The UK government classifies controlled goods and technology in the Consolidated Strategic Export Control List.
  • Researchers should check if their work falls under these restrictions.

B. Export licences

If your research or technology is controlled, you may need an export licence from the UK’s Export Control Joint Unit (ECJU). Common licence types include:

• • Standard Individual Export Licence (SIEL) – specific to a single recipient and project.
  • Open General Export Licence (OGEL) – covers certain low-risk items for multiple exports.
  • Open Individual Export Licence (OIEL) – long-term, flexible licence for frequent exports of specific controlled goods.

3. Consequences of violating Export Control legislation

• • Criminal penalties – breaching export control laws can lead to fines or imprisonment (up to 10 years)
  • Reputational damage – reputational damage to individuals and the organisation.
  • Project & funding risks – non-compliance could result in loss of research grants, visa denials, or institutional bans.

Exemptions for some areas of academic research

Whilst an export control licence is not usually required under the circumstances listed below - the legislation is complex and there are some scenarios where an export control licence may still be necessary; if you consider your work falls under an exemption you should contact R&I or trustedresearch@abdn.ac.uk to confirm this assessment.

1. The technology is already in the public domain

Technology or software that is freely available without restrictions on its further dissemination is considered to be in the public domain.

For most undergraduate-level courses, export controls are not a concern. The vast majority of information and technical data used in teaching is already publicly available, meaning this exemption would typically apply.

Research is not considered to be in the public domain until it is published and publicly accessible. If controlled research is sent overseas for peer review or publication, it is not yet in the public domain and will require an export licence. Once the research is formally published, the licence requirement lapses, as it is now considered public domain.

2. Basic scientific research

Export controls do not usually apply to research in the pursuit of basic scientific knowledge.

This is experimental or theoretical work. It is undertaken to solely obtain new knowledge of the fundamental principles of phenomena or observable facts. It is not directed towards a specific practical aim or goal.

However, this exemption applies only to controlled dual-use technologies. It does not apply if:

• • There are concerns about end-use, end-user, or destination country risks.
  • The research involves military-listed technology, which is inherently directed towards a specific application.
  • The destination country is subject to UK sanctions or embargoes.

3. Patent applications 

For non-nuclear, dual-use technology, export controls do not apply to the minimum technical information required to support a patent application.

The UK Government has powers to require an export licence for items even if they are not on the UK Strategic Export Control List. These are generally referred to as ‘end-use’ or ‘catch-all’ controls.

Key factors to consider

1. End-use controls

Export controls are not solely based on whether the technology appears on the UK Strategic Export Control List. The end-use of the technology is a critical factor. Under end-use controls, a licence may be required if:

• • The technology could be used in the development, production, or use of weapons of mass destruction (WMDs).
  • The technology may have military applications, even if it is not explicitly listed as controlled.
  • You have been informed or suspect that the recipient institution may use the technology for military purposes.

2. Catch-all controls

Even for non-listed items, the UK imposes "catch-all" controls that require a licence in the following scenarios:

• • The export is intended for a military end-use in a country subject to an arms embargo or other restrictions.
  • There is a risk the technology could be repurposed for military or security use contrary to UK interests.

3. Military links of the partner institution

• • If the partner institution is known to have military affiliations, an assessment must be made on whether the technology could indirectly support military activities.
  • Institutions with military connections in certain countries (e.g., those subject to sanctions or arms embargoes) are likely to trigger additional scrutiny and potential licensing requirements.

U.S. export controls have extraterritorial reach, meaning they can apply to activities outside of the United States.

Important implications to consider:

• • Items made in the US remain subject to US export laws, even if they are exported to a foreign country.
  • If an organisation outside of the US re-exports a product of US origin, it may still need US government approval.
  • If a product made outside of the US contains more than a minimum amount (usually 25%, or 10% for certain restricted countries) of US components, it may be subject to US export laws.
  • US citizens must comply with US export laws, even when operating outside the US.
  • The US restricts dealings with certain entities or countries (e.g., China, Russia, Iran) and can impose penalties on non-US organisations that engage in prohibited transactions with sanctioned entities.

If you think your planned activity may be in scope of US export controls, please get in touch via trustedresearch@abdn.ac.uk.

The University of Aberdeen Responsible Research, Innovation, Knowledge Exchange and Engagement statement of compliance with the UK Government’s Trusted Research agenda and the National Security and Investment Act 2021.

Trusted Research Statement of Compliance