Most research is unambiguously for the good: it cures disease, feeds people, advances understanding. But a portion sits in a more difficult place, where the same knowledge that brings benefit could also cause serious harm if misused. A study of how a pathogen spreads can guide vaccines or, in the wrong hands, inform a weapon; an advance in a sensitive technology can serve civilian and military ends alike. This is the territory of dual-use research, and it forces a genuine tension with the dominant movement of contemporary science, which is towards greater openness. How institutions manage research that is both valuable and potentially dangerous — without betraying the openness that makes science work or ignoring real risks — is the subject of this article, which draws on the research-security domain of the CASRAI Dictionary.
Dual-use research of concern
The phrase dual-use research of concern, or DURC, refers specifically to life-sciences research that could be reasonably anticipated to provide knowledge, products or technologies that could be directly misused to threaten public health, agriculture, the environment or national security. The concept narrows a vast and unhelpful category — almost any knowledge could in principle be misused — to a manageable set of research with a credible and serious potential for harm. In the United States, oversight of such work has been organised through DURC policy and the related potential pandemic pathogen care and oversight (P3CO) process, which requires particularly risky research — for instance, work that could enhance a pathogen’s transmissibility or virulence — to undergo additional review before it proceeds. The aim is not to stop the research but to ensure its risks are deliberately weighed against its benefits by people equipped to judge.
Export controls: a different lever
Alongside biosecurity oversight sits a quite different and often less familiar set of obligations: export controls. These are legal regimes that restrict the transfer of certain sensitive goods, technologies and technical knowledge across borders — and crucially, in many regimes, a transfer to a foreign national can occur even without anything leaving the country, simply by sharing controlled knowledge. For researchers, this means that international collaboration, hosting visiting scholars, or sharing technical data can fall within the scope of export law. Several regimes matter here. The Wassenaar Arrangement is a multilateral export-control regime through which participating states coordinate controls on conventional arms and dual-use goods and technologies. In the United States, the Export Administration Regulations (EAR) govern most dual-use items, while the International Traffic in Arms Regulations (ITAR) govern defence-related articles and services. In the United Kingdom, the Export Control Joint Unit administers strategic export controls, and the European Union’s dual-use regulation provides a common framework across member states. The details differ, but the principle is shared: some knowledge cannot be transferred freely.
Screening and the fundamental-research exclusion
To meet these obligations, institutions increasingly carry out screening — checking collaborators, partners and destinations against sanctions and restricted-party lists, and assessing whether a project involves controlled technology. Properly done, this is not suspicion towards international colleagues; it is due diligence to ensure legitimate collaboration does not inadvertently breach the law or aid a hostile actor. Importantly, most export-control regimes include an exclusion for fundamental research — basic and applied research ordinarily published and shared broadly with the scientific community. This exclusion allows the vast majority of open academic research to proceed without entanglement in export law. The controls bite mainly where research is genuinely sensitive, restricted from publication, or involves specifically listed technologies.
The tension with open science
The difficulty is plain: the default and the aspiration of modern research is openness — open access, open data, open methods, free international collaboration — while DURC oversight and export controls are, by nature, mechanisms of restriction. The two genuinely pull against each other, and pretending otherwise helps no one. The mature response is not to abandon openness, the engine of scientific progress, nor to ignore risk, which would be reckless. It is to recognise that the vast majority of research should be as open as possible, while a small, identifiable subset requires careful handling. The skill lies in identifying that subset accurately — neither over-restricting, which chills legitimate science, nor under-restricting, which courts real harm. This is the same calibrated thinking that governs sensitive data: as open as possible, as closed as necessary.
Security without closing the door
Getting this balance right is partly a matter of culture and partly of process. A trusted-research approach asks institutions to build awareness of these issues into the research lifecycle — at the point of forming partnerships, applying for funding, hosting visitors and preparing to publish — so that risks are spotted early and handled proportionately, rather than discovered late or missed entirely. Embedding this within ordinary research administration, rather than treating it as an exceptional intervention, is what allows security and openness to coexist. The goal is a research environment that is both open and secure: confident enough in its openness to collaborate widely, and alert enough to handle the genuinely sensitive cases with care.
A shared vocabulary for sensitive research
For research-security obligations to be managed consistently across institutions, funders and national systems, the concepts involved must be described in compatible ways — what counts as controlled technology, what a screening determination records, how a dual-use assessment is captured. That consistency is what the CASRAI Dictionary works towards: a shared vocabulary so that the information about sensitive research and its handling means the same thing wherever it is recorded. And because the work of conducting research responsibly — including the oversight and stewardship that sensitive work requires — is part of the research record, it can be described alongside the contributions captured in the CRediT taxonomy and its full set of contribution roles. Open science and research security are not enemies; managed well, they are two aspects of doing research responsibly in a connected and sometimes dangerous world.