Trusted Research protects the integrity of the UK’s academic freedom, intellectual property, sensitive research, people, and infrastructure when engaging in international collaboration.
Collaboration with researchers and organisations around the world is fundamental to our academic mission. In response to an increasingly complex geopolitical environment, it is important we consider any potential security-related issues and take the necessary steps to manage any potential risks.
What is Trusted Research?
‘Trusted Research’ is an official campaign led by the National Protective Security Agency (NPSA) and the National Cyber Security Centre (NCSC). It aims to help researchers, UK universities, and industry have confidence in international collaborations, and safeguard against potential risks. Compliance with Trusted Research principles as defined by NPSA may be a condition of your funding.
Why does it matter?
The UK research and innovation sector thrives on transparency and trust, which attracts global investment. This is supported by policy and legislation that upholds data protection, privacy, human rights and shared values on the ethical use of research.
Universities in the UK work closely with partners from across the world. More than half of UK research is a product of international partnerships. Some of our international collaborators are based in states with different democratic and ethical values, which may look to exploit the openness of the UK’s research and innovation sector.
Conducting due diligence
Carrying out due diligence reviews on partners is one way that we uphold the principles of trusted research. It helps to identify and mitigate any potential risks, allowing research collaborations to proceed safely.
When conducting research with a new third-party organisation, our Compliance and Assurance team will carry out a due diligence assessment. The NSPA Trusted Research Collaboration checklist can also help you assess potential risks before starting a proposal or project with an overseas partner.
Meeting legal and regulatory requirements
The following legal frameworks apply to international research collaborations:
Export Controls and the National Security and Investment Act
The UK Export Controls Act (2008) and the UK National Security and Investment (NSI) Act (2021) protect national security when collaborating with overseas organisations. They are particularly relevant to the higher education sector, as academics often work with sensitive information, data and technology, which are shared with overseas partners. For instance, if there is an acquisition of an entity or asset by an overseas party, which includes intangible assets such as Intellectual Property, then the NSI Act may be applicable. If there will be a cross-border transfer of goods, technology or data then Export Control legislation may apply.
UCL and its staff have a legal responsibility to ensure compliance with these regulations where required. Our Export Controls and NSI Act pages provide further information and guidance to help staff meet these legislative frameworks.
Academic Technology Approval Scheme
The Academic Technology Approval Scheme (ATAS) applies to international students and researchers subject to UK immigration control or who intend to study or undertake research at postgraduate level in certain sensitive subjects. Further information about ATAS can be found on the UCL Students website.
International legal frameworks
You may need to follow laws and regulations in your collaborator’s country. Your collaborator will confirm this verbally or by including a specific clause in the project contract.
Trusted Research in action: examples
- Presenting at a conference abroad
Conferences provide a unique opportunity to share ideas and progress with colleagues in a similar field. You should consider whether there are any restrictions to presenting your research.
Export controls apply to technology, software, data, designs, knowledge, and physical items. Giving a presentation overseas, or remotely to an overseas audience, could be subject to export controls.
Be aware of unusual requests or approaches, such as questions about more sensitive areas of work or scenarios where you are pressured into sharing information and details that you feel uncomfortable with. In all cases respond with a polite but firm refusal. Trust your instinct.
If something appears unusual or suspicious, report it to your Head of Department or our Compliance and Assurance team on your return. Use your judgement to determine whether an activity could leave you vulnerable to external pressure or cause reputational damage to you, your organisation and the UK.
When travelling abroad, especially to countries subject to sanctions, you should also consider which devices you take with you, what is stored on those devices, and any risks involved when connecting to public Wi-Fi. For further guidance and advice, visit the UCL Information Security website.
The NPSA website also offers useful guidance on Trusted Research Countries and Conferences.
- Working on a research paper with overseas colleagues
Joint research is particularly vulnerable to misuse by organisations and institutions operating in nations whose democratic and ethical values are different from our own. It allows them to work with experts in a field of cutting-edge research and innovation and obtain the resulting output of that work, without having to steal it (e.g., through cyber espionage). It provides those with hostile intent access to expertise, IT networks, and research. These activities can undermine the system of international research collaboration in the UK, which has been integral to the success of our research and global scientific progress.
Research paper collaborations are particularly at risk because of their informal and exploratory nature. These collaborations are typically not underpinned by any formal research proposal or contract and the work can often develop in novel and unanticipated ways. This makes it difficult to predict the full scope of risks involved.
Consider which information you share with overseas colleagues when collaborating on research papers. Data shared digitally (e.g., via remote file sharing or email), or verbally (including via Teams calls) could be subject to export controls. Use your judgement, and if the work develops in ways with which you are uncomfortable, or if something does not feel right, contact our Compliance and Assurance team to discuss further.
- Working on a sponsored research project with and/or funded by overseas organisations
All forms of joint research are vulnerable to misuse, including those formally sponsored by external bodies. When working with institutions overseas, be that project collaborators or funders, it is important to assess their suitability.
UCL's due diligence processes ensure that we check as many risk elements as possible when reviewing the suitability of our partners. If affiliations pose a potential risk to the integrity of the project or its outputs, then appropriate mitigations should be put in place to address these.
As with unsponsored research (innovation), sponsored research can also bring national security risks. It is important to consider what you are sharing with your overseas partners, Data shared digitally (e.g. via remote file sharing or email), or verbally (including via Teams calls) could be subject to export controls.
Use your judgement. If the work develops in ways with which you are uncomfortable, or if something does not feel right, contact our Compliance and Assurance team to discuss further.
- Hosting colleagues who are visiting from overseas
International researchers who are subject to UK immigration control (apart from exempt nationalities) that are coming to the UK as a visitor will need to apply under ATAS before they begin any research. If the focus of the research is changed at any time a new ATAS certificate will be needed.
ATAS certificates are institution-specific. If a visitor is being hosted by multiple universities, a certificate will be needed for each university if their research is subject to ATAS, regardless of the length of their visit. Holding a valid visa does not ensure ATAS clearance for the work being undertaken.
Export controls can also apply to visitors coming to the UK. Exercise caution when sharing information with visitors from overseas. If any information is of a military or dual-use nature (i.e., civilian and military applications), contact our Compliance and Assurance team for further guidance and support.
Who can I contact?
Contact our Compliance and Assurance team for support with funder requests for evidence of compliance with Trusted Research, due diligence, and research ethics.
Additional resources
- UK arms embargo list (GOV.UK)
- UK sanctions list (GOV.UK)
- Current entity list (Public Safety Canada)
- US entity list (ecfr.gov)