The NIH data management and sharing policy, in force since January 2023, is getting its first substantial format revision. Under guide notice NOT-OD-26-046, the National Institutes of Health has updated the required structure of the Data Management and Sharing (DMS) Plan that accompanies most extramural applications, with the revised elements taking effect for applications submitted on or after May 2026. For grant administrators, the change is not cosmetic: reviewers and program staff will now expect more granular metadata detail at the point of submission, not left for post-award justification.
The revision arrives as NIH data sharing policy compliance has moved from a novelty to an audited routine. Institutions have spent three years building DMS Plan templates, and many of those templates are now out of step with what NOT-OD-26-046 asks for. This article walks through what changed, what stayed the same, and how research administration offices should adjust their internal checklists ahead of the effective date.
What NOT-OD-26-046 Changes in the NIH Data Management and Sharing Policy
The original 2023 policy set out six required elements for a DMS Plan: data type, related tools and software, standards, preservation and access timelines, access and distribution considerations, and oversight. NOT-OD-26-046 keeps that six-element skeleton but sharpens what “sufficient detail” means within each one. The revision responds to two years of program-staff feedback that plans were frequently too vague to be enforceable — naming a repository without specifying a deposit timeline, or citing “standard formats” without naming which standard.
The most consequential change is a new expectation that plans identify specific, named metadata standards and persistent identifier schemes rather than describing them generically. Plans that previously said data would be shared “using appropriate metadata” will now need to name the applicable schema — for example, a Dublin Core or DataCite metadata profile, or a domain-specific standard where one exists. This mirrors a broader trend across funders and publishers: DataCite, CrossRef, and ORCID have each pushed toward named, machine-actionable identifiers rather than free-text descriptions, and NIH’s revision brings its DMS Plan expectations closer into line with that norm.
Section-by-Section Checklist for the Revised DMS Plan
Administrators preparing applications for the May 2026 cycle should work through each element against the following practical checklist. This is not a substitute for the official NIH guidance, but it reflects where NOT-OD-26-046 tightens expectations relative to the 2023 baseline.
1. Data type
- Distinguish clearly between data that will be preserved and shared versus data generated but not intended for sharing, with a stated rationale for any exclusions.
- Estimate approximate data volume and modality (imaging, sequencing, survey, sensor, etc.) rather than describing data in purely narrative terms.
2. Related tools, software, and code
- Name any custom code, pipelines, or proprietary software required to access or interpret the data.
- State whether code will be deposited alongside the data (for example in a version-controlled repository) and under what licence.
3. Standards
- Name the specific metadata schema and, where applicable, community data standard (such as those maintained by domain repositories or standards bodies).
- Confirm which persistent identifier scheme will be used for datasets — a DOI issued via DataCite is the default expectation in most disciplines.
4. Data preservation, access, and timelines
- Name the repository and confirm it meets NIH’s criteria for an established, sustainable repository, rather than describing repository characteristics generically.
- State a concrete deposit timeline tied to publication or award milestones, not an open-ended commitment.
5. Access, distribution, and reuse considerations
- Address any human subjects, privacy, or controlled-access considerations explicitly, including how consent language supports secondary use.
- State the reuse licence or terms under which shared data will be made available.
6. Oversight
- Name the institutional office or role responsible for monitoring compliance with the plan across the life of the award.
- Confirm how deviations from the plan will be reported to NIH, consistent with the enforcement posture program staff have adopted since 2023.
How the NIH Genomic Data Sharing Policy Interacts With the Revised Format
Applications involving genomic data must continue to satisfy the NIH genomic data sharing policy (GDS Policy) in addition to the general DMS Plan requirements. NOT-OD-26-046 does not replace the GDS Policy’s separate requirements around Institutional Certifications, data use limitations, or submission to NIH-designated data repositories such as dbGaP. What changes is that the DMS Plan’s “standards” and “access” elements now need to explicitly reference the GDS-specific data use limitation categories and repository submission timelines, rather than treating GDS compliance as a parallel, loosely linked process. For research administration offices handling both genomic and non-genomic awards, this means the DMS Plan template can no longer be a single generic document — it needs a genomic-data branch that pulls in GDS-specific language by reference.
This tightening reflects a pattern seen across major funders: as more institutions ask “what is a data management plan supposed to demonstrate”, the honest answer has shifted from “an articulated intention” to “a verifiable operational commitment.” Reviewers are increasingly trained to check whether named repositories, standards, and identifiers actually correspond to what the applicant’s field uses, rather than accepting boilerplate language.
What This Means for Research Administrators
The practical burden of NOT-OD-26-046 falls squarely on research administration offices, sponsored programs staff, and data librarians who support investigators through the DMS Plan drafting process. Three actions are worth prioritising before the May 2026 effective date:
- Audit existing DMS Plan templates. Any institutional template built around the 2023 language should be checked against the sharpened standards and access-timeline expectations, particularly where templates currently rely on generic placeholder text.
- Build a named-standards reference list. Rather than asking each investigator to independently identify the correct metadata schema, administration offices should maintain a discipline-by-discipline reference list of accepted standards and identifier schemes, updated as fields evolve.
- Clarify oversight roles in writing. Because NOT-OD-26-046 expects a named office or role for monitoring compliance, institutions without a designated data-sharing oversight function should assign one now, rather than leaving it implicit.
None of this is exotic. It is largely the same discipline that publishers, funders such as UKRI, and initiatives like cOAlition S have already been pushing through open-access and open-data mandates elsewhere in the research lifecycle. What is new is that NIH — as the single largest funder of extramural biomedical research — is applying the same rigour to its own plan format.
A Standards-Originator Perspective
Consistent, well-documented metadata practice is the connective tissue that makes data management plans auditable rather than aspirational — the same principle that underpins contributor attribution standards. CASRAI originated the CRediT contributor role taxonomy in 2014. The standard is now stewarded by NISO as ANSI/NISO Z39.104-2022. That history is a useful reference point here: a taxonomy or metadata convention only becomes durable once a neutral standards body maintains it beyond its originating organisation, and once funders and publishers build compliance checks around it rather than treating it as optional guidance. NOT-OD-26-046 is, in effect, NIH doing the same thing for dataset metadata that CRediT did for authorship — moving from generic description toward named, checkable categories.
For grant administrators, the takeaway is not that the DMS Plan has become harder to write — it is that the plan must now say precisely what the institution intends to do, in terms that a reviewer, a repository, and an auditor can all verify independently. Offices that treat the May 2026 changes as an opportunity to formalise their metadata and oversight practices, rather than a compliance inconvenience, will be better positioned as NIH data sharing policy enforcement continues to mature through the remainder of the decade.