Tag: AI chip export controls

  • What Is Trusted Research? NPSA Security Guidance

    Trusted Research is UK Government guidance — published jointly by the National Protective Security Authority (NPSA) and the National Cyber Security Centre (NCSC) — for identifying and managing research-security risk in international academic and industry collaboration. It covers due diligence, export control awareness and protection of sensitive intellectual property. It is guidance for people and decisions, not a data platform: a Trusted Research Environment (TRE) is a separate, technical concept, and conflating the two is the single most common mistake institutional partnership offices make when scoping compliance work.

    Trusted Research is best defined as follows: it is a risk-based framework that helps researchers, university leaders, funders and industry partners assess who they are collaborating with, and under what conditions, without closing down the legitimate international partnerships that UK research depends on.

    What Is Trusted Research?

    Trusted Research is advice and guidance jointly published by NPSA and the NCSC that supports the integrity of the system of international research collaboration. It was designed in partnership with the UK research sector to help researchers, university staff and funding organisations keep sensitive research and intellectual property secure from theft, misuse or exploitation — without discouraging legitimate cross-border partnership.

    The scale of the exposure it addresses is real and quantified. NPSA reports that in 2021, 60.4% of UK research outputs had an international co-author, and the UK remains the third-largest producer of research outputs globally, after China and the United States. Collaboration between the UK and China grew by 34.7% between 2018 and 2021, compared with 8.2% growth with the US and 8.9% with Germany over the same period — a divergence that underpins much of the guidance’s emphasis on country-specific due diligence. Separately, the Association of Research Managers and Administrators (ARMA) found that 84% of research organisations it surveyed had begun adapting their processes in response to the additional risks that Trusted Research addresses.

    Trusted Research vs a Trusted Research Environment (TRE): Why They Are Not the Same

    Searchers frequently conflate “Trusted Research” with “Trusted Research Environment” because both terms use the word “trusted” in a UK research-governance context. They are not interchangeable. Trusted Research is a security and due-diligence framework for people, partnerships and decisions. A TRE — sometimes called a secure research environment or data safe haven — is a technical computing environment in which analysts access sensitive datasets remotely without being able to remove the underlying data, typically governed by the Five Safes model (safe people, safe projects, safe settings, safe data, safe outputs).

    Dimension Trusted Research (NPSA/NCSC) Trusted Research Environment (TRE)
    What it is Government guidance and a risk-assessment framework A secure, technical computing environment
    Primary concern Espionage, IP theft and hostile-state exploitation of collaboration Confidentiality and controlled analysis of sensitive datasets (often health data)
    Who acts on it Research offices, senior leaders, principal investigators, export-control officers Data controllers, IT/data-platform teams, statisticians
    Governing bodies NPSA, NCSC, with UKRI and ARMA supporting implementation Data custodians (e.g. NHS, ONS), typically under Five Safes governance
    Output Partnership decisions, due-diligence checklists, travel/export advice Disclosure-checked analysis outputs

    An institution can be fully compliant with Trusted Research guidance while having no TRE at all, and can operate a mature TRE while having no formal Trusted Research due-diligence process. They solve different problems and typically sit with different teams.

    From CPNI to NPSA: Who Publishes the Guidance, and How UKRI Fits In

    NPSA is the UK’s National Protective Security Authority. Older references to “CPNI Trusted Research” reflect the guidance’s origin under the Centre for the Protection of National Infrastructure, which rebranded as NPSA in 2023 to better reflect its remit across the full economy, not just critical national infrastructure. Search traffic for “cpni trusted research” persists because much institutional documentation, LinkedIn commentary and older university web pages have not caught up with the rename — a gap worth closing in any current compliance write-up.

    NPSA does not act alone. The guidance is co-published with the NCSC, and it sits alongside — but is distinct from — UKRI’s own “Trusted Research and Innovation” (TR&I) publication, which sets out principles and expectations specifically for UKRI-funded research. UKRI describes Trusted Research and Innovation as protection of the UK’s intellectual property, sensitive research, people and infrastructure from potential theft, interference or exploitation — the same underlying risk, articulated for the funder relationship rather than the institutional one. Universities typically need to satisfy both: NPSA/NCSC guidance for institutional risk management, and UKRI TR&I expectations as a condition of grant funding.

    What the Guidance Covers: Due Diligence, Export Control and the Evaluation Framework

    NPSA’s Trusted Research suite is not a single document. It is a set of role-specific resources, including:

    • Trusted Research Guidance for Academia
    • Trusted Research Guidance for Senior Leaders
    • Countries and Conferences Guide
    • Trusted Research Checklist for Industry
    • Trusted Research Guidance for Industry
    • Implementation Collaboration Checklist
    • Trusted Research Evaluation Framework, with an accompanying user guide

    The Trusted Research Evaluation Framework is the maturity-benchmarking tool: it lets an institution assess how embedded its due-diligence practices are across governance, training and case-handling, rather than treating Trusted Research as a one-off policy statement. Guidance also intersects with statutory export-control mechanisms that partnership offices must track separately: the Academic Technology Approval Scheme (ATAS) requires certain overseas postgraduate researchers and visiting academics in sensitive STEM fields to obtain clearance before starting; the Export Control Joint Unit (ECJU) licenses transfer of controlled technology, including “deemed export” through knowledge transfer to overseas nationals working in the UK. Trusted Research guidance does not replace either requirement — it provides the risk-assessment layer that determines when they apply.

    Trusted Research: Answer-First Q&A

    What does Trusted Research mean?

    Trusted Research is a UK Government framework of guidance and advice, published by NPSA and the NCSC, that focuses on protecting the UK’s intellectual property, sensitive research, people and infrastructure. It helps institutions identify risks arising from international collaborations and partnerships, and provides practical steps for reducing those risks before they cause harm.

    Who leads Trusted Research?

    Trusted Research is an official campaign and guidance programme led jointly by the National Protective Security Authority (NPSA) and the National Cyber Security Centre (NCSC). It was developed with input from the higher-education and research sector, and implementation support is provided by bodies such as ARMA through sector training.

    Is Trusted Research led by UK Research and Innovation and the UK Government?

    Not exclusively. The core Trusted Research guidance is a UK Government product from NPSA/NCSC, not UKRI. UKRI publishes a related but separate document, “Trusted Research and Innovation” (TR&I), setting principles and expectations for its own funded grants — complementary to, not the same as, the NPSA/NCSC guidance.

    What does Trusted Research require UK researchers to do?

    Researchers are expected to reflect on the nature of their work and partnerships to determine potential risks, exercise due diligence on collaborators, and safeguard data and intellectual property from actions outside formal partnership agreements. It is each researcher’s responsibility, supported by institutional research offices, not a task delegated entirely upward.

    Implications for Institutional Partnership Offices

    For international partnership and research-administration offices, the practical takeaway is separation of concerns. Due-diligence, travel-security and country-risk questions belong in a Trusted Research workflow, built around NPSA’s checklists and the Evaluation Framework; data-access and disclosure-control questions belong in TRE governance, built around the Five Safes model. Teams that merge the two into a single “trusted research” policy tend to produce guidance that is too vague for either purpose.

    Institutions refreshing their compliance posture should treat three things as current, not optional: NPSA’s rebrand from CPNI (2023), so documents citing “CPNI Trusted Research” need updating; UKRI’s separate TR&I expectations as a funding condition, tracked alongside grant terms; and the Evaluation Framework as a recurring self-assessment, not a one-time onboarding exercise. Offices coordinating this across departments should map Trusted Research responsibilities explicitly against export-control obligations (ATAS, ECJU) so neither is assumed to cover the other.

    As international collaboration continues to grow faster with some partner countries than others, the guidance’s emphasis on proportionate, evidence-based risk assessment — rather than blanket restriction — is likely to remain the operating model UK institutions are expected to follow, with the Evaluation Framework becoming the reference point auditors and funders increasingly ask institutions to demonstrate against.

  • AI Chip Export Controls: How 2026 Rules Reshape Research Collaboration

    University research offices spent 2025 building compliance playbooks around chip-specific licensing regimes, and 2026 has already rewritten them. AI chip export controls research is no longer a niche trade-law question for a handful of national-security-adjacent labs — it now shapes which GPUs a computer science department can buy, which foreign postdoctoral researchers can touch a controlled cluster, and which international co-authors can be looped into a compute-heavy project. This article isolates the advanced-chip and compute-specific rules from the broader ITAR/EAR fundamental-research-exclusion debate, because the two interact in ways that catch research administrators off guard.

    What changed: the AI chip export control landscape in 2026

    The current regime traces back to the US Commerce Department’s October 2022 controls on advanced semiconductors and chip-making equipment destined for China. The Biden administration’s January 2025 “AI Diffusion Rule” extended this into a three-tier country framework, but the Trump administration rescinded it in May 2025 before it took full effect.

    Policy has moved quickly since. Key 2025-26 milestones for research offices to track:

    • September 2025 — Commerce guidance confirmed any use of Huawei’s Ascend AI chips violates existing export controls, per a Congressional Research Service report (Congress.gov, R48642).
    • December 2025 — the White House announced a policy reversal permitting conditional sales of advanced Nvidia and AMD accelerators to China.
    • 13 January 2026 — Commerce codified this in a new regulation setting revised performance thresholds (chips with a total processing performance below 21,000 or DRAM bandwidth below 6,500 GB/s), a 50% volume cap relative to US shipments, and mandatory end-use “know your customer” certification.
    • January 2026 — a 25% tariff was added to AI chip exports to China, layering trade policy on top of national-security licensing.

    Congress is running a parallel track: the Chip Security Act, still moving through committee, would require exporters to verify the physical location of controlled chips after sale — a location-tracking obligation with direct implications for any university that hosts hardware jointly funded or co-located with an overseas partner institution.

    Hardware controls vs the Fundamental Research Exclusion

    Most institutional export-control training focuses on the Fundamental Research Exclusion (FRE), which removes published, unrestricted university research from “technology” and “technical data” controls under the Export Administration Regulations (EAR) and the International Traffic in Arms Regulations (ITAR). That framing is necessary but insufficient for AI chips.

    The FRE exempts information — research results intended for open publication. It does not exempt the physical item. A controlled GPU cluster remains a controlled export item regardless of whether the resulting paper will be published openly. This distinction matters because:

    • Procuring, importing, or re-exporting a covered accelerator still requires a licence or licence exception, independent of publication intent.
    • The EAR’s “deemed export” rule treats the release of controlled technology to a foreign national inside the US as an export to that person’s home country — so granting a visiting researcher administrator-level access to a controlled cluster can trigger a licensing requirement even when the research itself is unclassified and destined for a journal.
    • Cloud and remote-access provisioning now falls inside scope for some controls, meaning offshore collaborators accessing a US-hosted cluster remotely can raise the same deemed-export question as physical hardware transfer.

    Research administrators who apply only the “will this be published?” test are missing this hardware layer entirely.

    Effects on international co-authorship and lab procurement

    Two operational pressures are converging on university AI labs. First, procurement: institutions outside the US increasingly cannot source the newest-generation accelerators at all, or face multi-month allocation queues even where licensing exists, forcing reliance on lower-tier chips or shared national compute facilities. Second, collaboration: compliance offices are becoming more cautious about admitting foreign graduate students and visiting scholars onto projects that touch controlled hardware, out of concern for inadvertent deemed-export violations — a dynamic some analysts describe as pushing labs toward “partitioned research spaces” accessible only to a security-cleared subset of a research group.

    The regulatory detail differs meaningfully by jurisdiction, which matters for any multi-country consortium:

    Jurisdiction Controlling authority Core mechanism Relevance to university labs
    United States Bureau of Industry and Security (Commerce) Item-specific chip thresholds, deemed-export rule, end-use certification Direct licensing burden on procurement and on foreign-national lab access
    United Kingdom Export Control Joint Unit (Department for Business and Trade) UK Strategic Export Control Lists, aligned to the Wassenaar Arrangement dual-use list Universities UK / NPSA “Trusted Research” guidance shapes due diligence on overseas partnerships
    European Union EU Dual-Use Regulation + AI Act Dual-use export licensing plus AI Act compute thresholds for general-purpose models AI Act Article 51 sets a 10^25 FLOPs systemic-risk trigger, indirectly linking model compute scale to regulatory scrutiny
    Wassenaar Arrangement 42-member multilateral forum Voluntary dual-use control list Has not reached consensus on binding AI-chip-specific controls, leaving the US to act largely unilaterally

    The absence of Wassenaar consensus on AI-chip-specific controls is a genuinely underreported detail: it means the US regime is not a multilaterally harmonised standard but a unilateral extension that allied nations’ universities must interpret alongside their own domestic dual-use rules — a compliance gap that a single-jurisdiction FRE briefing will not surface.

    Common questions on AI chip export controls and research

    What is the US export control on AI chips?

    The US controls advanced AI accelerators and related manufacturing equipment under the Export Administration Regulations. The January 2026 rule sets performance thresholds, a 50% volume cap on chips sold to China relative to US shipments, and mandatory end-use certification — replacing the rescinded 2025 AI Diffusion Rule’s country-tier system.

    Are Nvidia chips export controlled?

    Yes. Nvidia’s most advanced accelerators require licensing for restricted destinations. The 2026 regulation specifically loosened restrictions on Nvidia H200 and AMD MI325X chips for conditional sale to China, subject to volume caps, security certification, and a 25% tariff — a partial reversal of the prior blanket restriction.

    Who supplies China with AI chips?

    Nvidia and AMD remain the dominant US suppliers under licensed, conditional export terms, while Chinese firms such as Huawei supply domestic alternatives like the Ascend series. Analysts estimate licensed exports could raise China’s installed AI compute substantially in 2026, even under capped volumes.

    Implications and outlook for research administrators

    Three practical steps follow from the current landscape. Research offices should map which grants, clusters, and cloud contracts touch controlled-threshold hardware — not just which projects have publication restrictions, since the FRE does not cover the physical item. Export-control and international-office teams should coordinate deemed-export screening for any foreign national granted administrator or remote access to a covered cluster, ahead of, not after, onboarding. And procurement teams should build multi-quarter contingency planning into capital requests, given that thresholds, tariffs, and country-tier rules have each changed at least twice since late 2024.

    Coordinating across research administration, export-control compliance, and IT procurement functions — rather than treating this as a single office’s problem — is the structural response institutions are converging on. For programmes that document international contributor roles and co-authorship arrangements, this regulatory volatility is now a standing input into partnership risk assessment, not a one-off legal review.

    The direction of travel for 2026 remains policy volatility rather than settled rules. With the Chip Security Act still pending, no Wassenaar consensus in sight, and the EU AI Act’s compute thresholds only recently operative, institutions with substantial research administration functions should expect this to remain a live compliance area rather than a rule set they can finalise once and file away.