Skip to main content
v2026.1714 entries · CC-BY 4.0
CASRAI

Editorial · CASRAI

What Is a Data Management Plan? UKRI, NIH and EU Essentials

A data management plan sets out how research data is collected, stored, shared, and preserved.

ByMCP Service
Published 3 Jul 2026· 7 minute read

A data management plan (DMP) is a formal document that sets out how a research project will collect, document, store, secure, share, and preserve its data, from the first data point to long-term archiving. Most major funders — including UKRI, the US National Institutes of Health (NIH), and Horizon Europe — now require a DMP at application stage, and increasingly expect it to be aligned with the FAIR principles. This explainer defines a data management plan, sets out why funders mandate one, breaks down its core components, and maps each section onto FAIR.

A data management plan is, in one sentence: a written commitment describing what data a project will generate, how that data will be organised and protected while the project runs, and how — or whether — it will be shared and preserved once the project ends.

What is a data management plan?

A data management plan is a structured, funder- or institution-facing document describing how a project will handle its data across the full research lifecycle. It is drafted at proposal stage, before data collection begins, and treated as a living document revisited as the project evolves.

A DMP is not a policy statement bolted onto a grant application. Reviewers use it to check that an applicant has thought through data volumes, storage costs, ethical constraints, and sharing obligations before funding is committed. Institutions use it to assign responsibility for storage and eventual deposit; funders use it to enforce open-data commitments after the award is made.

Why do funders require a data management plan?

Funders require a DMP because public and charitable research funding carries an expectation that resulting data — not just the resulting publication — is managed responsibly and, where possible, made available for verification and reuse. A DMP is the mechanism funders use to check this before they pay for the research, and to hold grantees to it afterwards.

The three funders named in this explainer take slightly different approaches to timing and enforcement:

Funder Governing policy When the DMP is due How it is enforced
UKRI UKRI Common Principles on Data Policy, implemented per council (e.g. MRC, NERC) At proposal stage Assessed during peer review; council-specific detail expected proportional to data volume
NIH NIH Data Management and Sharing (DMS) Policy, effective 25 January 2023 At application stage, for all NIH grants that generate scientific data Formal element of merit review; compliance with the approved plan is a condition of the award
Horizon Europe Horizon Europe Data Management Plan requirement under the Model Grant Agreement A summary at proposal stage; the full DMP is due by month six and updated through the project Grant-agreement condition, monitored through periodic and final reporting

The NIH policy is a useful marker of where funder expectations are heading: before January 2023, only NIH grants that explicitly generated large datasets needed a plan. Since that date, a Data Management and Sharing Plan is required for essentially all NIH-funded research that produces scientific data, replacing the earlier, narrower DMP requirement. Horizon Europe applies the principle “as open as possible, as closed as necessary” — data defaults to open, and any restriction must be justified in the plan itself, typically via deposit in European Open Science Cloud (EOSC)-federated infrastructure.

What are the core components of a data management plan?

What is included in a data management plan varies slightly by funder template, but nearly every DMP — UK, US, or EU — covers the same five areas:

  • Data types and volume: what kinds of data the project will generate or reuse (numerical, image, text, biological samples, code), in what formats, and at roughly what scale.
  • Documentation and metadata: how the data will be described so a third party — or the researcher, eighteen months later — can understand and reuse it without asking the original team.
  • Storage and security: where data will live during the project, how it is backed up, and who has access, particularly for sensitive or identifiable data.
  • Sharing and preservation: which data will be shared, through which repository, on what timeline, and which data will not be shared, with a stated justification.
  • Ethics, consent, and legal compliance: how personal, sensitive, or Indigenous data will be handled under relevant data-protection law and participant consent terms, and how intellectual-property or commercial-sensitivity constraints are addressed.

A sixth element, often folded into the above, is roles and responsibilities: naming who on the project team is accountable for each of these tasks, since a DMP with no named owner tends not to get implemented.

How do FAIR principles map onto a data management plan?

The FAIR principles — Findable, Accessible, Interoperable, Reusable, published in Scientific Data in 2016 — are now the reference framework funders use to judge whether a DMP’s sharing commitments are substantive rather than nominal. Each FAIR letter corresponds to a specific, checkable DMP section:

FAIR principle DMP section it governs What a reviewer checks for
Findable Documentation and metadata A persistent identifier (e.g. a DOI) and rich, indexed metadata assigned at deposit
Accessible Storage and sharing A stated repository and access protocol, plus clear conditions where access is restricted
Interoperable Data types and formats Use of standard, non-proprietary formats and controlled vocabularies rather than bespoke formats
Reusable Preservation and licensing A clear usage licence, provenance information, and community data standards followed at deposit

This mapping is why a DMP written purely as a compliance checklist tends to fail review: a plan can name a repository (satisfying Accessible) while leaving metadata and licensing (Findable and Reusable) unaddressed, and a funder assessor trained on FAIR criteria will flag the gap.

Common questions about data management plans

What is in a data management plan?

A DMP typically sets out the types of data to be produced, the metadata standards used to describe them, the storage and backup arrangements during the project, the access and sharing policy, and the plan for long-term archiving so the data remains usable after the project ends.

How do you write a data management plan?

Start from the funder’s own template rather than a blank page, since UKRI, NIH, and Horizon Europe each specify required headings. Describe data types and volumes first, then storage, ethics, and sharing, and be explicit about what will not be shared and why — a stated exception is stronger than a silent gap.

Do I need a data management plan?

If the project is funded by a body with a research-data policy — which now includes most major UK, US, and EU funders — a DMP is mandatory at application stage, not optional. Institutions increasingly also require one for internally funded or unfunded projects that handle sensitive data, as a matter of good practice.

What does a good data management plan look like?

A strong DMP is specific rather than generic: it names an actual repository rather than “a suitable repository,” gives a realistic storage volume, and assigns a named person to each task. It is written to be checked against, not filed and forgotten — funders increasingly audit compliance with the plan they approved, not just its existence.

What this means for researchers and institutions

Why data management plans matter is shifting from a compliance formality to an operational one. NIH’s move to require a plan for essentially all data-generating awards, not just large-dataset ones, signals broadening rather than narrowing scrutiny. Horizon Europe’s mid-project update requirement means the document cannot be written once and ignored; it is checked against actual practice at reporting milestones.

For institutions, this means DMP-writing guidance, repository access, and named data stewards are becoming a baseline service rather than a specialist offering — mirroring how research-administration functions increasingly treat authorship, funding acknowledgement, and data policy as connected obligations. For individual researchers, treating the DMP as a working document rather than a one-off application formality is now the defensible position across every major funder covered here.

For funder-specific DMP templates and requirements, consult the relevant funder’s own guidance pages; for the broader compliance context these plans sit within, see CASRAI’s research administration resources and research-terminology dictionary.

LAC

Partner Deal

LAC Health Supplies Mobile App

Referenced across the research world

University of Cambridge logoColumbia University logoUniversity of Edinburgh logoHarvard University logoUniversity of Oxford logoPrinceton University logoStanford School of Medicine logoUniversity College London logoORCID logoCrossref logoUniversity of Cambridge logoColumbia University logoUniversity of Edinburgh logoHarvard University logoUniversity of Oxford logoPrinceton University logoStanford School of Medicine logoUniversity College London logoORCID logoCrossref logo
  • University of Cambridge logo
  • Columbia University logo
  • University of Edinburgh logo
  • Harvard University logo
  • University of Oxford logo
  • Princeton University logo
  • Stanford School of Medicine logo
  • University College London logo
  • ORCID logo
  • Crossref logo

View CASRAI adoption →