Tag: higher education policy

  • Beyond Named Authors: How REF 2029 Recognises Every Research Contributor

    The Research Excellence Framework has always been shaped by a narrow question: whose name goes on the output. Guidance for the next cycle, REF 2029, is beginning to unsettle that assumption. The UK’s higher education funding bodies, working through Research England and the other national funding councils, have signalled that recognition should extend to staff who “enable or support” research — regardless of their job family, contract type, or professional title. For institutions preparing submissions, this is not a cosmetic adjustment. It is a structural shift in what counts as evidence, and it exposes a gap that many research offices have not yet had to close: how do you consistently record and evidence a contribution that was never captured by authorship alone?

    Technicians, research software engineers, data stewards, project managers, and core-facility staff have long done work that underpins REF-returnable outputs without ever appearing as named authors. REF 2029’s broadened framing is an implicit acknowledgement that research is produced by teams, not by bylines. But acknowledging the principle is easier than operationalising it. Institutions now need a consistent, auditable way to describe who did what — and that is precisely the problem a structured contributor-roles vocabulary was built to solve.

    What REF 2029 Changes for Contributor Recognition

    Previous REF cycles asked institutions to attribute outputs to named individuals meeting narrow eligibility criteria, which tended to privilege senior academic staff and marginalise the contributions of technical, software, and operational personnel. The direction of travel for REF 2029 moves recognition further toward the underlying work of enabling and supporting research — echoing wider sector commitments such as the Technician Commitment and the growing professional recognition of research software engineering as a distinct career track.

    This matters for research administrators because REF submissions are evidentiary exercises. Panels expect institutions to substantiate claims about environment, impact, and contribution with documentation, not assertion. If a REF submission is going to credit a research software engineer’s role in producing a dataset, or a technician’s role in developing an experimental method, the institution needs a record of that contribution that is specific, consistent across departments, and defensible under scrutiny — not a retrospective narrative assembled at submission deadline.

    The Contributor-Roles Gap: Why Institutions Need a Structured Vocabulary

    Most institutional systems were never designed to capture contribution at this level of granularity. Authorship order is a blunt instrument: it conflates seniority, alphabetisation conventions, and actual task ownership, and it says nothing about who wrote software, who curated data, who validated methodology, or who supervised. Free-text acknowledgement sections are inconsistent between departments and impossible to aggregate at institutional scale — which is exactly what a REF submission requires.

    A structured contributor-roles taxonomy solves this by decomposing “contribution” into a fixed, comparable set of categories — conceptualisation, methodology, software, validation, formal analysis, investigation, resources, data curation, writing, visualisation, supervision, project administration, and funding acquisition, among others. Applied consistently across a REF return, this kind of vocabulary lets research offices generate exactly the kind of granular, auditable contribution record that broadened REF eligibility now implicitly demands — without inventing a bespoke internal scheme that won’t map to how publishers, funders, or other institutions record the same information.

    CRediT as a Ready-Made Framework

    Institutions do not need to build this vocabulary from scratch. The Contributor Roles Taxonomy, known as CRediT, already provides exactly this structure and is in active use across scholarly publishing. CASRAI originated the CRediT contributor role taxonomy in 2014. The standard is now stewarded by NISO as ANSI/NISO Z39.104-2022, and it is widely implemented by publishers as part of manuscript submission workflows, meaning a growing share of an institution’s outputs already carry structured CRediT statements at the point of publication.

    For REF purposes, this is a genuine efficiency gain rather than an additional administrative burden. Where publishers have already captured CRediT roles at submission, research offices can extract that metadata rather than reconstruct contribution histories from memory or informal records months or years later. Where CRediT statements were not captured — common in software releases, datasets, or non-traditional outputs — the same taxonomy can be applied retrospectively by the research office, in consultation with the individuals involved, to produce a consistent internal record. Because CRediT is externally stewarded and widely recognised rather than a proprietary institutional scheme, it also travels well: a contribution recorded this way is legible to REF panels, publishers, funders, and other institutions alike, without requiring a translation layer.

    UKRI Funding Mechanisms and the Same Evidencing Challenge

    The REF is not the only place this evidencing problem shows up. UKRI’s own funding routes increasingly ask institutions and applicants to be explicit about who is doing what, and why it matters. A UKRI Future Leaders Fellowship application, for instance, must demonstrate the fellow’s individual contribution within a wider team and host environment — precisely the kind of attribution that a structured contributor vocabulary makes easier to document consistently across a research office’s portfolio of active UKRI grants. UKRI Proof of Concept funding, aimed at translating research toward application, similarly depends on institutions being able to show which named contributors carried out which parts of the underlying research — methodology, data, software, or otherwise — before commercialisation activity began. More broadly, any UKRI fellowship scheme that supports a researcher’s transition into independence relies on host institutions being able to separate the fellow’s own contribution from that of collaborators, supervisors, and support staff.

    None of these funding instruments mandate CRediT specifically. But institutions that already maintain structured contributor records for publication purposes are better placed to answer these funder questions quickly and consistently, rather than reconstructing the answer for each application, report, or REF cycle in isolation.

    What This Means for Research Administrators

    The practical implications for research offices are immediate and largely operational rather than exotic:

    • Audit current metadata capture. Determine which outputs already carry CRediT statements from publishers and which do not, particularly software, datasets, and other non-traditional research outputs likely to benefit most from REF 2029’s broadened recognition.
    • Extend contribution tracking to non-traditional outputs. Software repositories, data deposits, and core-facility work rarely carry formal author lists; a lightweight internal process for recording contributor roles at the point of creation avoids reconstruction later.
    • Align internal recording with ORCID. Linking structured contribution records to ORCID iDs, which are now widely mandated across funders and publishers, reduces duplicate data entry and improves the auditability of REF evidence.
    • Brief technical and professional staff early. Research software engineers, technicians, and data stewards should understand that their contributions are now potentially REF-relevant, and that consistent role attribution — not informal acknowledgement — is what will support that recognition.
    • Treat this as institution-wide practice, not a submission-deadline scramble. Contribution records built incrementally, output by output, are far more defensible than narratives assembled retrospectively under REF submission pressure.

    A Forward-Looking Perspective

    REF 2029’s broadened recognition of who contributes to research reflects a wider sector reckoning with how research is actually produced — as team science, increasingly software- and data-dependent, and reliant on professional staff whose work has historically gone uncredited. A structured contributor-roles vocabulary does not resolve every judgement call the funding bodies or REF panels will have to make about eligibility and weighting. But it gives institutions something they have lacked until now: a consistent, externally recognised way of answering the question REF 2029 is now explicitly asking — not just who wrote the paper, but who did the work.

  • Institutional AI Governance in 2026: How Leading Universities Are Structuring Their Policies

    Institutional AI governance policy is no longer a stopgap memo issued in the panic months after ChatGPT’s public release. Four years on, a small cohort of research universities has converged on something that looks like a durable governance model: scoped definitions of covered technology, annual review cycles, explicit distinctions between staff, student, and researcher use cases, and carve-outs for legitimate research activity. Georgia Institute of Technology’s June 2026 policy update is the clearest recent example, and it arrives alongside two documents that help explain why the model looks the way it does — the American Association of University Professors’ 2025 report on AI and academic labour, and a framework paper from the Centre for International Governance Innovation (CIGI) on AI oversight structures.

    Taken together, these three sources sketch a benchmark against which other institutions can measure their own AI policies. This matters because the gap between universities with a mature institutional AI policy framework and those still operating on interim guidance is widening, and that gap has direct consequences for research integrity, staff workload, intellectual property, and compliance exposure as external mandates — from funder data policies to national AI regulation — continue to tighten around the edges of academic work.

    This piece maps the recurring components of mature governance and asks what they mean in practice for research administrators who are being asked to operationalise policies that, in many cases, were drafted by committees with limited administrative bandwidth.

    What Institutional AI Governance Policy Actually Covers

    The first mark of maturity in an institutional AI governance policy is precision about scope. Early policies, written under time pressure in 2023 and 2024, tended to bundle generative text tools, coding assistants, research data tools, and administrative automation into a single undifferentiated category of “AI.” That approach is now widely recognised as unworkable, because the risk profile, evidentiary standard, and appropriate oversight body differ sharply across those use cases.

    Georgia Tech’s update narrows scope by activity type rather than by tool brand — distinguishing, for instance, between AI used in instructional settings, AI used in the conduct of research, and AI embedded in institutional administrative systems (procurement, HR screening, admissions support). Each activity type sits under a different accountability line, which avoids the common failure mode of routing every AI question through a single overloaded committee.

    This scoping approach echoes a broader pattern visible across AI policies universities 2026 have adopted more generally: policy documents increasingly separate “AI as a subject of study or research” from “AI as a tool used in the process of research or teaching.” That distinction sounds obvious once stated, but its absence is one of the most common sources of confusion in first-generation policies, where a single acceptable-use clause was expected to govern both a chatbot used to draft an email and a machine-learning model that is itself the object of a funded research project.

    Annual Review Cycles Replace One-Off Mandates

    A second defining feature of mature policy is the shift from a static document to a living one. The AAUP’s 2025 report on AI and academic labour was explicit that policies adopted in haste and then left untouched had become a source of friction — faculty and staff reported that guidance no longer matched the tools they were actually using, and in several cases contradicted updated vendor terms of service or new funder requirements. The report’s recommendation, echoed in Georgia Tech’s structure, is a formal annual review cycle with a named owner, a defined trigger for interim revision (such as a material change in an underlying vendor’s data-handling terms), and a public changelog.

    This is a meaningful departure from the “policy as PDF” era. An annual review cycle converts an institutional AI policy framework into infrastructure that can absorb changes in vendor practice, national regulation, and disciplinary norms without requiring an entirely new committee process each time. It also gives institutions a defensible answer when auditors, funders, or accreditation bodies ask how currency is maintained — an increasingly common question as national and supranational AI rules, including phased implementation of the EU AI Act, ratchet up compliance expectations for organisations that use AI in decision-relevant contexts such as admissions or hiring.

    Staff, Student, and Researcher Distinctions

    Perhaps the most consequential structural choice in a mature institutional AI governance policy is the separation of rules by role rather than by tool. Staff use of AI in administrative workflows — drafting correspondence, summarising meeting notes, triaging routine enquiries — is generally governed by data-handling and confidentiality standards tied to institutional IT policy. Student use is governed primarily through academic integrity frameworks, disclosure requirements, and course-level instructor discretion. Researcher use sits in a third, more complex category, because it intersects with authorship norms, data provenance, funder mandates, and publication ethics simultaneously.

    The CIGI framework paper argues that conflating these three populations under one policy voice is a structural error, because the accountable body, the acceptable evidentiary standard, and the consequences of non-compliance differ by role. A staff member who uses an unapproved AI tool on sensitive administrative data creates a data-governance problem; a student who uses AI undisclosed on an assessment creates an academic-integrity problem; a researcher who uses AI in data analysis or manuscript preparation without disclosure creates a research-integrity and publication-ethics problem that may implicate journal policies, institutional review processes, and funder compliance obligations at once.

    This is precisely why AI governance framework academic bodies now typically nest researcher-facing AI rules inside existing research-integrity infrastructure — offices that already handle authorship disputes, data management plans, and misconduct allegations — rather than creating a wholly new AI-specific enforcement body. It reuses trusted process rather than duplicating it.

    Research-Specific Exemptions and the CIGI Framework

    The fourth component, and arguably the hardest to get right, is the carve-out for legitimate research activity. Blanket restrictions on AI use are unworkable in disciplines where AI systems are themselves the subject of study — computer science, computational linguistics, bioinformatics — or where machine-learning tools are standard, disclosed components of a methodology, as is increasingly the case in fields ranging from materials science to systematic-review methodology in evidence synthesis.

    Mature policies handle this through explicit, narrowly defined exemptions rather than case-by-case waivers. The CIGI paper frames this as a proportionality test: restrictions should scale to the actual risk the use case presents, not to the presence of the word “AI” in a project description. In practice this means a researcher using an approved AI-assisted coding tool to accelerate data-cleaning scripts operates under different disclosure requirements than one using a generative model to draft substantive interpretive text for a manuscript — the latter engages authorship and disclosure norms that funders and journals, in the CRediT contributor-role tradition administered under NISO’s ANSI/NISO Z39.104-2022 standard, have already begun to address through explicit AI-disclosure statements distinct from human contributor roles.

    This is also where governance intersects most directly with open science mandates. Institutions preparing for REF 2029 in the UK, or complying with UKRI’s updated open access policy and NIH’s enforced data-sharing requirements, need AI exemption clauses that are legible to external auditors — vague or overly broad exemptions create exactly the kind of ambiguity that funders and publishers are now actively screening for.

    What This Means for Research Administrators

    For research administrators, the practical implications of this benchmarking exercise are concrete rather than abstract.

    • Audit your policy’s scope taxonomy. If a single clause is expected to govern chatbots, coding assistants, and administrative automation equally, it is a first-generation document and due for restructuring along activity-type lines.
    • Assign an owner and a review date. A policy without a named annual-review owner and a public revision date will drift out of alignment with vendor terms and funder mandates within a single academic year.
    • Route researcher-facing AI questions through existing research-integrity channels. Duplicating enforcement infrastructure is expensive and creates jurisdictional confusion; nesting AI oversight inside established authorship and misconduct processes is more durable.
    • Write exemptions that are legible to external reviewers. As funders and journals tighten AI-disclosure expectations, vague research exemptions become audit risk rather than administrative flexibility.
    • Benchmark against peer institutions publicly, not just internally. Bodies such as ARMA, NCURA, EARMA, and INORMS are increasingly convening peer discussion on this exact question, and shared benchmarking reduces the cost of getting scope and review-cycle design right the first time.

    These steps do not require large budgets. They require treating AI governance as an ongoing administrative process — with an owner, a calendar, and a defined interface with existing research-integrity structures — rather than a one-time policy document.

    Conclusion

    The direction of travel across AI policy higher education is now reasonably clear. Georgia Tech’s June 2026 update, the AAUP’s labour-focused critique, and CIGI’s proportionality-based framework are converging on a shared architecture: precise scope, scheduled review, role-based distinctions, and calibrated research exemptions. Institutions that have not yet moved past interim, tool-specific guidance face a widening gap — not just in policy sophistication, but in their ability to answer the questions that funders, publishers, and accreditation bodies are starting to ask routinely. As REF 2029 preparation intensifies and open science mandates continue to strengthen globally, institutional AI governance policy is fast becoming table-stakes infrastructure rather than a discretionary add-on, and the institutions treating it that way now will have considerably less remedial work to do later.

  • What the EU AI Act Means for Your Research Institution: A Practical Guide for Administrators

    From 2 August 2026, the bulk of the EU Artificial Intelligence Act (Regulation (EU) 2024/1689) becomes fully applicable, closing the phased transition that began when the regulation entered into force in August 2024. For research administrators, this date matters more than most institutional calendars acknowledge. EU AI Act universities guidance has moved from policy briefing to operational requirement: several everyday campus tools are now reclassified as “high-risk” — admissions algorithms, proctoring software, recruitment screening systems — triggering documentation, oversight and conformity obligations that most procurement offices have not yet built into their workflows.

    The timing is awkward. Institutions are simultaneously absorbing REF 2029 preparation, tightening open access mandates from UKRI and NIH, and managing a wave of AI-related research integrity concerns — all while a genuinely new compliance regime lands on the desks of research offices, HR departments and IT governance committees. Unlike GDPR, which most universities have spent a decade operationalising, the AI Act’s risk-tiered structure is unfamiliar territory, and its research exemption is narrower than many assume. The AI Act 2026 universities transition has been years in the making, but the operational detail — who signs off an impact assessment, who reviews a vendor’s conformity file — has only recently reached most institutional risk registers.

    This guide sets out what changed on 2 August, which systems are affected, where the Article 2(6) research carve-out genuinely applies, and what UK institutions — inside or outside direct EU jurisdiction — need to do next.

    Prohibited Practices: What Article 5 Rules Out on Campus

    The Act’s prohibitions took effect earlier, from February 2025, but they remain the baseline every institution must revisit as enforcement matures. Article 5 bans a small number of “unacceptable risk” practices outright, with no exemption for research or education. Two are directly relevant to campus operations.

    First, emotion-recognition systems are prohibited in educational institutions except for narrowly defined medical or safety purposes. This rules out software marketed to detect student “engagement,” attentiveness or distress via facial or vocal analysis in classrooms and remote proctoring — a category that had been gaining traction in some exam-integrity and lecture-analytics products.

    Second, social scoring — evaluating or classifying individuals based on behaviour or characteristics in ways that lead to unjustified detrimental treatment — is banned, along with manipulative AI techniques that exploit vulnerabilities such as age or disability. Admissions and pastoral-care systems that build composite “risk scores” for students without transparent, justifiable criteria sit uncomfortably close to this line and warrant legal review, not just IT sign-off.

    High-Risk Systems: What EU AI Act Universities Must Assess in Recruitment and Student Tools

    The provisions taking effect on 2 August 2026 are where most research-administration workload will land. Annex III of the Act classifies AI systems used to determine access to educational institutions, to evaluate learning outcomes, to assess appropriate levels of education, or to monitor and detect prohibited student behaviour during tests, as high-risk. Separately, AI systems used to recruit or select natural persons — including targeted job advertising, applicant screening and candidate evaluation — are also high-risk under Annex III. Both categories map directly onto tools research offices and HR departments already use: automated essay scoring, admissions-ranking algorithms, AI-assisted shortlisting for postdoctoral and technician posts, and exam-proctoring software with anomaly detection.

    Deployers of high-risk systems (which, for most universities, means the institution using a vendor’s product, not building one from scratch) must, among other obligations:

    • Conduct a fundamental rights impact assessment before deployment
    • Ensure human oversight with the authority to override automated outputs
    • Maintain records enabling traceability of system decisions
    • Confirm the provider has completed conformity assessment and registered the system in the EU database
    • Inform affected individuals — applicants, students, candidates — that a high-risk AI system is in use

    Institutions cannot outsource this responsibility to the software vendor. Procurement teams need updated due-diligence checklists that ask vendors directly whether a product falls under Annex III, and legal or governance teams should require conformity documentation as a contractual condition before renewal, not after an incident.

    The Article 2(6) Research Exemption — and Its Limits

    Article 2(6) exempts AI systems and models “specifically developed and put into service for the sole purpose of scientific research and development” from the Act’s requirements. This is the provision most frequently misread by research offices as a blanket exclusion for university activity. It is not.

    The exemption applies to the research and development activity itself — building, training and testing a novel model as a research output. It does not extend to that same system once it is deployed operationally, for example if a machine-learning tool developed in a computer science department is subsequently adopted by the registry to screen applications or by HR to shortlist candidates. At that point, the system’s purpose has shifted from research to a real-world high-risk use, and the exemption falls away.

    This distinction matters for institutions increasingly practising translational and applied research: an AI model that starts life as a PhD project can cross into regulated territory the moment it is put into institutional service. Research administrators should build a review checkpoint into technology-transfer and innovation-office workflows specifically to catch this handover, rather than assuming legal status is fixed at the point of creation.

    UK Divergence: A Different Regulatory Path

    UK AI regulation 2026 looks markedly different from the EU model. Rather than a single cross-sectoral statute, the UK has continued with a “pro-innovation,” principles-based approach, relying on existing sectoral regulators — the Information Commissioner’s Office, the Office for Students, and others — to apply AI-specific guidance within their existing remits, supported by the UK AI Security Institute’s technical evaluation work. No UK equivalent of the EU AI Act’s binding, tiered obligations has been enacted.

    This creates a genuine compliance gap for UK institutions with any EU-facing dimension. The Act’s extraterritorial scope catches organisations outside the EU whose AI system outputs are used within the EU — relevant to UK universities running joint degrees, Erasmus-adjacent exchange programmes, EU-based satellite campuses, or admissions processes serving EU applicants. For these institutions, the EU AI Act universities in the EU-27 must observe is not a foreign regulation to monitor from a distance; it is a direct compliance obligation running in parallel with domestic UK requirements.

    What This Means for Research Administrators

    The AI Act compliance research organisations now need is fundamentally a governance exercise, not solely a legal one. Research administration bodies such as ARMA, EARMA, NCURA and INORMS have all flagged AI governance as an emerging competency area for the profession, and institutional response should reflect that breadth. Practical steps for the months following 2 August 2026 include:

    • Inventory every AI-enabled tool used in admissions, assessment, proctoring, recruitment and grant triage, and classify each against Annex III
    • Establish a standing checkpoint where research-originated AI tools are reviewed before operational deployment, closing the Article 2(6) gap
    • Update procurement templates to require vendor conformity documentation as a condition of contract
    • Brief pro-vice-chancellors for research, registrars and HR directors jointly — this is not solely an IT or legal matter
    • For institutions with EU touchpoints, treat the AI regulatory framework universities in the EU must follow as binding, not advisory

    This work sits alongside, rather than replaces, existing research integrity obligations. The AI regulation academic research now operates under intersects directly with long-standing standards around transparent authorship, data provenance and reproducibility — areas where established identifier systems, such as ORCID and DataCite DOIs, already give institutions a documentation backbone to build AI governance on top of, rather than starting from zero.

    Looking Ahead

    The 2 August 2026 milestone is not the end state of AI regulation for universities; it is the point at which theoretical compliance planning becomes operational reality. Enforcement mechanisms, national supervisory authorities and guidance from the European AI Office will continue to mature over the following year, and institutions should expect further clarification — particularly on where the research exemption’s boundary sits in practice. Research administrators who treat this as an ongoing governance discipline, embedded in procurement, HR and research-office workflows, will be far better positioned than those who treat 2 August as a single compliance deadline to clear and forget.