Research security is one of the few areas of research policy where the stated goal contains an explicit tension. The aim is to protect research from theft, undue foreign influence, and misuse, while preserving the openness and international collaboration that make research productive in the first place. Get the balance wrong in one direction and you leak; get it wrong in the other and you close the lab door on the very partnerships that drive discovery. This article sets out how the main frameworks try to hold that balance, drawing on the research-security domain.
NSPM-33: the US framework in plain terms
NSPM-33 — National Security Presidential Memorandum 33 — is the US policy that directs federal research-funding agencies to strengthen protections for federally funded research. Its implementation guidance came from JCORE, the Joint Committee on the Research Environment, and it is deliberately built around disclosure and management rather than prohibition. Most fundamental research is intended to stay open.
Two defined terms do a lot of work. A covered institution is one receiving more than $50 million per year in federal science funding; such institutions must stand up a research security programme covering four pillars — cybersecurity, foreign-travel security, research-security training, and export-control training. A covered individual is a person whose role on a federal award brings them within the disclosure requirements. The policy’s centre of gravity is making sure that what investigators are funded and supported to do is visible, not stopping them from collaborating.
What disclosure actually targets
The disclosures NSPM-33 sharpens are aimed at specific, definable risks rather than at foreign collaboration in general. The vocabulary matters here because imprecision in this area does real harm.
- A foreign component — in NIH usage, research activity conducted outside the United States or by foreign researchers — must be disclosed. It is a fact to be recorded, not a prohibited act.
- An in-kind contribution from a foreign source — non-monetary support such as access to facilities, personnel, or data — is disclosable precisely because earlier disclosure regimes let it slip through.
- A malign foreign talent recruitment programme is the narrow category that participation rules actually prohibit for federally funded researchers; it is a defined subset of talent programmes deemed to pose national-security concerns, and it must not be conflated with the ordinary, legitimate practice of international recruitment.
Keeping these distinct is the difference between proportionate security and a chilling effect. Most foreign collaboration is disclosable and entirely permitted; only a defined sliver is prohibited.
The export-control boundary
Running alongside disclosure is export-control law, which predates NSPM-33 but is now part of the same conversation. The EAR (Export Administration Regulations) and ITAR (International Traffic in Arms Regulations) restrict the transfer of controlled items and information, including a deemed export — the release of controlled information to a foreign national inside the home country, treated in law as an export.
The release valve that keeps basic science open is the fundamental research exemption: research ordinarily published and shared broadly is generally excluded from export-control restrictions. The exemption is what allows an international research group to work openly on publishable science. It is also conditional, and an institution’s research-security programme exists in part to identify the cases — controlled technologies, certain dual-use work — where the exemption does not apply and tighter handling, including for Controlled Unclassified Information (CUI) under the NIST SP 800-171 baseline, is required.
The UK and other regimes: a different idiom, similar aim
The US is not alone, and the comparison is instructive. The UK pursues the same balance under the banner of Trusted Research, guidance developed for the academic sector and coordinated through the National Protective Security Authority. Its tone is advisory and risk-based rather than threshold-and-programme: it asks institutions and researchers to understand their collaborations, protect their work, and make informed decisions, without a statutory $50 million trigger. Australia operates a Foreign Influence Transparency Scheme, and Horizon Europe grant agreements carry their own security provisions. The frameworks differ in legal force and idiom, but they converge on the same proposition: manage risk through transparency and proportionate controls, not through blanket closure.
Why this is, at bottom, a metadata problem
Here is the connection to CASRAI’s mission. Almost everything research security asks for is a structured fact that already exists somewhere in the institution: the awards an investigator holds, the organisations supporting them, their appointments, their foreign components, their in-kind support. The disclosure burden that researchers experience as oppressive is largely the burden of reassembling those facts by hand, repeatedly, in each funder’s format. A regime that penalises inadvertent disclosure errors while forcing manual assembly manufactures the errors it then punishes.
Disclosures anchored in persistent identifiers change this. An award identified by a Crossref grant ID, an organisation by a ROR ID, an investigator by an ORCID iD, generated from a structured profile, becomes a checkable assertion rather than a hand-typed document. The same machinery described for research administration generally — entering each fact once and reading it everywhere — is what makes research security proportionate instead of punitive. See persistent identifiers for authors for the building blocks.
Where shared vocabulary fits
The terms in this area are easy to misuse and the cost of misuse is high — a “foreign component” is not a prohibited act, a “malign” talent programme is a narrow defined category, and conflating them damages people and partnerships. A shared, federated vocabulary that defines these terms precisely, pointing back to JCORE, NIH, and the NPSA for the authoritative content, is exactly what keeps security proportionate. Supplying that definitional layer is the role the CASRAI dictionary is designed to play.
What to do now
For institutions: build research-security programmes around generating disclosures from authoritative, identifier-anchored records, not around adding manual forms. For researchers: maintain your awards, affiliations, and support in structured profiles so disclosures are a query, not a memory test. For standards work: pin down the precise definitions that separate disclosable from prohibited, federating to the authoritative national guidance.