Skip to content

Implementation Scenario Videos

Last Updated 19 December 2024

Introduction

The Implementation Scenario Videos are a series of short videos, based on real events that have occurred in UK academia. They have been developed by the NPSA and the NCSC, under the Trusted Research advice and guidance, as learning resources to help academics identify and mitigate research security risks.

The Implementation Scenario Videos are particularly relevant to researchers in STEM subjects, developing technologies with dual military and civilian uses, pioneering emerging technologies and working on commercially sensitive research areas.

View Video Transcript

 

Trusted Research digital video script 

Scenario 1: Authoritarian government 

 

The following content is based on real events that occurred in UK academia.  

Sensitive data breach involving UK-based researcher sparks international concern 

A postdoctoral research associate has found themselves at the centre of a high-stakes security saga.  

A brilliant mind in semiconductors, the research associate had recently taken up a position at a prestigious UK university, having relocated from an overseas country with an authoritarian government.   

While employed by the UK university, the research associate travelled back to their home country for a business trip, where it’s understood they received a message from their home government - they would not be returning to the UK. The UK university had no further contact with the postdoctoral researcher and officially they remained an employee of the university. 

During a routine scan of the UK university’s network two weeks after the research associate left the UK, the university’s IT team uncovered traces of remote downloads from the Engineering faculty’s server to an overseas location - the same location that the research associate had travelled to.  

Further investigation revealed that the downloads contained sensitive data that the postdoctoral researcher had been working on when they were in the UK and that their credentials had been used to access the network at the time of the download. 

It’s not yet clear whether the postdoctoral researcher was acting voluntarily, under duress or had their university network log-in credentials stolen in a malicious cyber-attack, but it has been established that they now work in direct collaboration with the military of their home country on similar research to that which they undertook in the UK.   

What can we learn from the research associate’s story? 

  • It’s important to consider the geopolitical climate when travelling overseas as this may heighten risks while travelling. Risk factors include state involvement in military actions, strained diplomatic relations, and the presence of autocratic or authoritarian governments.  

  • University staff should be aware that foreign legislation exists which may compel individuals to cooperate or share research data with other governments or intelligence services. It’s also worth considering extra-territorial reach of export control and national security laws. 

  • Downloading research data from a UK university to an overseas location may breach export control and/or the Data Protection Act (DPA). Breaches of export control and the DPA can result in financial penalties, reputational damage and the loss of funding. In severe cases, export control breaches can also result in imprisonment.

  • Unauthorised interference and theft of data from a university network could constitute a criminal offence under the Computer Misuse Act. 

  • The National Security Act 2023 may also apply, for example, in the instance of sharing trade secrets.

  • The Trusted Research for Academia guidance provides additional advice on collaborating responsibly with international partners. 

What could the research associate have done to mitigate the risks? 

The circumstances of the situation are unclear – it's not currently known whether the research associate willingly participated in the breach, was under duress or was the victim of a cyber-attack.  

Mitigations will vary depending on the exact circumstances but may include:  

  • Contacting their research office or professional services prior to travelling overseas to understand the risks of visiting riskier locations. Completing a pre-travel risk assessment is another useful way of doing this, and having appropriate travel insurance in place is essential.  

  • Familiarising themselves with reporting mechanisms in case help is needed when overseas. Universities may also outline, as part of their travel policy, expectations for keeping in touch when travelling overseas for work. 

  • Reviewing contractual obligations to ensure they are fully understood both during and after employment, especially around ownership and sharing of intellectual property (IP).   

  • Getting advice from the research office/professional services on export control before travelling, as accessing information overseas may constitute a breach regardless of whether the information will be shared.  

  • Seeking advice on the appropriate cyber security mitigations to put in place before travelling overseas. At a minimum, unique and complex access credentials are crucial to avoid opportunistic guessing of passwords. These should always be stored safely.  

  • Identifying foreign laws, customs and political circumstances prior to travelling. 

Need more information? Speak with the team at your institution responsible for research security and visit the NPSA Trusted Research website  

Scenario 1 - Authoritarian government
 

This video raises awareness of the risks that authoritarian governments may present, both to academic institutions and to individual academics, when involved in international collaborations. Navigate to our Trusted Research for Academia Guidance for more advice on identifying and mitigating research security risks.

Other useful resources include:

View Video Transcript

 

Trusted Research - digital video script  

Scenario 2: Overseas presentation and government approach 

 

INTRODUCTORY LINE 

The following content is based on real events that occurred in UK academia. 

SECTION ONE – THE STORY  

UK Professor’s overseas lecture sparks export control investigation  

Following a voluntary disclosure, a respected professor of advanced materials at a prominent UK university was required to meet with HM Revenue and Customs, the enforcers of UK export controls, following an overseas trip that involved the potential disclosure of sensitive data to a foreign government. 

The UK professor’s ongoing collaboration with an overseas counterpart had spanned six months before they were invited to deliver a lecture at the overseas professor’s university. 

The topic? Advanced materials – fundamental to a wide range of science and engineering disciplines, as well as the stuff of stealth aircraft and cutting-edge defence systems. 

When the UK-based professor was invited overseas to deliver a lecture to students and researchers it seemed routine — an opportunity to share knowledge across continents. 

But it wasn’t just academics in attendance – a government representative from the overseas Science Ministry gained access to the Q&A session following the lecture and approached the UK professor for a private meeting. 

Whilst research specifics weren’t discussed due to strict non-disclosure agreement limitations with a UK defence industry partner, the foreign Science Ministry made their intentions clear - to replicate the UK professor’s research and research facilities for themselves. 

The professor explained that direct replication would not be feasible but agreed to act as a consultant to improve the overseas Science Ministry’s research facilities, accepting travel expenses and an initial retainer of £5,000 to work together. 

SECTION TWO – CONSIDERATIONS 

Breaching export control can have severe consequences. To facilitate safe and secure international collaboration, what could the UK professor have done to mitigate the risks?’ 

  • When delivering presentations and lectures overseas, or online in the UK to an overseas audience, consider whether export control applies.  

  • When taking devices overseas, the information held could be subject to export control, regardless of whether it will be shared. It may be easier and safer to take a ‘clean’ device if your institution provides this service.  

  • Content subject to export control can be difficult to identify and protect when devices are used both personally and professionally and export control will need to be considered for all overseas trips, including holidays. 

  • Funding is likely subject to terms and conditions, such as alerting of other engagements, or disclosure of paid work that could be deemed a conflict of interest or commitment. 

  • If accepting additional payment or expenses, consider whether they need to be declared to your institution, existing partners, or HMRC.  

  • Considerations may vary per country, so familiarise yourself with the rules and regulations for your destination. 

  • The Trusted Research Countries and Conferences Guidance provides additional advice on overseas travel. 

SECTION THREE 

What could the UK professor have done to mitigate the risks? 

  • Know their UK institution’s travel policies and processes… particularly around devices

  • Review contractual obligations… to ensure they are fully understood  

  • With the assistance of the research office, research all partners… to identify any potential risks or concerning links  

  • Get advice from the research office and/or professional services around… export licences, legal obligations and due diligence  

  • Identify reporting mechanisms in case help is needed when overseas 

  • Research foreign laws, customs and political circumstances prior to travelling  

WRAP UP 

Need more information? Speak to your research office or professional services. And visit the NPSA Trusted Research website. 

ENDS 

Scenario 2 - Overseas presentation and government approach

This video explores the research security risks that can arise when giving presentations overseas, as well as how to proactively mitigate them. We recommend exploring our Trusted Research Countries and Conference Guidance for more advice before travelling overseas.

Other useful resources include:

 

View Video Transcript

 Trusted Research - digital video script  

Scenario 3: Hosting sensitive data overseas] 

 [INTRODUCTORY LINE]  

The following content is based on real events that occurred in UK academia. 

[SECTION ONE – THE STORY] 

UK university’s overseas collaboration leads to major controversy and public backlash

A postdoctoral researcher at a UK university receiving funding from a UK police force for their research into artificial intelligencehas been working closely with a professor at an overseas university for the past six months. 

 Both academics' research focused on using AI to identify criminality and terrorism through CCTV footage. As a result of their shared research interests, both academics agreed to share their developments and data. 

 To facilitate their collaborative working, the overseas professor suggested that they use a new IT platform developed by their university which had advanced functionality. The UK researcher agreed to host their work, including bulk personal data from the UK police force, on the platform. 

 The situation deteriorated when a UK national newspaper alleged that in collaboration with the UK university, the overseas institution had provided their country's police force with AI technology that could facilitate widescale surveillance on minority groups. This technology was reportedly used to support a regime of repression and ill-treatment. 

 The fallout was immediate and severe. The UK university’s reputation suffered significant damage, facing widespread criticism from the public and academic community. In an attempt to mitigate the situation, the researcher tried to access the overseas university’s IT platform to remove the bulk personal data but was denied access. 

 The researcher reported the incident to their internal IT team, but the damage had already been done. The breach of data security led the UK police force to withdraw funding from multiple projects at the UK university, leaving a trail of disrupted research and financial instability. 

[SECTION TWO – CONSIDERATIONS] 

Considerations may vary slightly depending on which overseas country is involved in this type of scenario. What can we learn from the UK researcher's story? 

  • Under the National Security and Investment Act, the UK government can scrutinise qualifying acquisitions if there is reasonable suspicion of a risk to national security. Acquisitions related to sensitive areas of the economy, such as AI, are more likely to trigger scrutiny. Universities can voluntarily notify the government about an acquisition to determine if it will be called in. 
  • The handling of sensitive research and bulk personal data must comply with the Data Protection Act. When sending personal data collected by visual surveillance technology overseas, the Act requires assurances that the overseas jurisdiction's data protection laws are essentially equivalent to the UK’s.  
  • Knowledge transfer overseas, especially with dual-use application research like AI, may require an export control licence, which should be secured before sharing knowledge or data on an overseas IT platform. It’s also important to consider whether an export licence is required on military end-use grounds, which can apply regardless of the knowledge or good being transferred overseas.  
  • Recipients of funding must comply with the associated terms and conditions. These may include conducting due diligence on funding sources and partners, including new members and additional funding streams introduced during the project. 
  • The NCSC’s guidance on protecting bulk personal data outlines 15 good practice measures. 

[SECTION THREE – Mitigations] 

What could the UK researcher have done to mitigate the risks? 

  • Conduct open-source research on all partners and their funding sources at the outset and refresh this regularly for the duration of the project. This should be undertaken in conjunction with the research office and/or professional services to ensure a comprehensive understanding of the entities and funding structures involved and the ultimate beneficiary of the research.
  • Get advice from the research office and/or professional services around export licences, legal obligations and due diligence. 
  • Seek advice from the university’s Chief Information Security Officer or the IT department on institutional policies and legal obligations regarding hosting data. They may recommend hosting research data within the institution’s network to maintain a higher degree of control over the data. 
  • Familiarise themselves with the terms and conditions attached to any information or data received from partners and ensure that these terms and conditions define acceptable methods and locations for processing, storing, and transporting data. 

[WRAP UP] 

Need more information? Speak to your research office or professional services. And visit the NPSA Trusted Research website. 

 

Scenario 3 - Hosting sensitive data overseas
 

This video explores the negative impact of a data security breach, which results in reputational damage and the withdrawal of funding from a key partner.  We recommend exploring the NCSC’s guidance on protecting bulk personal data for further guidance on managing data securely.

Other useful resources include:

View Video Transcript

Trusted Research - digital video script 

Scenario 4: Talent plan, funding conflicts and changing research scope

[INTRODUCTORY LINE]

The following content is based on real events that occurred in UK academia.

[SECTION ONE – THE STORY]

Innovative UK medical research terminated following a researcher’s failure to comply with key legal agreements.

A UK university had its medical research government funding withdrawn after a researcher took action that conflicted with the conditions of the funding.

The researcher had been conducting groundbreaking, UK government-funded research on the subject of genome editing for the development of new medicines. After publishing several academic papers, the researcher was approached by a senior employee from a UK subsidiary of an overseas synthetic biology company.

The senior employee expressed keen interest in the research and during a meeting, offered additional funding and lab space at their UK facility through an informal talent plan. The senior employee assured the researcher that this did not require notification to the researcher’s university.

The researcher accepted the offer and continued their research, working both at the university and the company facility. Over the next three months, the researcher found the staff at the company facility very welcoming, frequently attending networking events andintroducing numerous colleagues from the UK university.

However, when the researcher’s government funding partner discovered that they were receiving additional funding, which conflicted with the terms and conditions of the government funding, the researcher’s government funding was withdrawn.

Shortly after the withdrawal of government funding, the UK subsidiary company offered the researcher further funding to work on a new project, using synthetic biology to enhance physical and cognitive human performance, which the researcher accepted, exposing them to a significant amount of further risk.

[SECTION TWO – CONSIDERATIONS]

What can we learn from the UK researcher’s story?

  • Accepting payment from an overseas company can result in reputational damage to both researcher and institution, negatively impacting the potential for future partnerships.
  • Researchers should be aware of who ultimately benefits from their work. When collaborating with UK subsidiaries of overseas companies, researchers should work with their research office and/or professional services to explore the organisation’s entire ownership structure as part of due diligence, then consider whether export controls apply based on information transfer within that structure.
  • A reliable research partner should not hide their affiliations from you or your employer, nor should they request you to do so. Legitimate collaborations should be formalised by contracts; it is a red flag if a partner insists that a contract is not required.
  • Foreign talent plans often incentivise members to recruit existing partners and colleagues, leading to increased transfer of research and intellectual property.
  • Due diligence is an ongoing process and should be revisited with changes in research scope, funding source, or the addition of new individuals in the partnership.
  • Under the National Security and Investment Act, the UK government can scrutinise qualifying acquisitions if there’s reasonable suspicion of a risk to national security. Acquisitions related to sensitive areas of the economy, such as synthetic biology, are more likely to trigger scrutiny. Universities can voluntarily notify the government about an acquisition to determine if it will be called in.
  • Institutions should educate and protect vulnerable staff and students from potentially exploitative approaches, particularly those early in their careers or on insecure contracts.

The Trusted Research for Academia guidance provides additional advice on collaborating responsibly with international partners

[SECTION THREE - Mitigations]

What could the UK researcher have done to mitigate the risks?

  • Check the terms and conditions of existing contracts before accepting additional funding to ensure there is no breach of terms.
  • Notify their institution of collaborations, in line with the relevant policies and processes. For example, international collaboration, due diligence and conflicts of interest policies.
  • With the assistance of the research office, conduct open-source research on all partners and their funding sources. This should happen at the outset, but also be refreshed regularly for the duration of a project.
  • Consider the wider possible applications of research, such as dual-use applications.
  • Maintain awareness of changes in the scope of a research project, which may require additional consultation with the research office regarding due diligence and legal obligations.

[WRAP UP]

Need more information? Speak to your research office or professional services. And visit the NPSA Trusted Research website.

ENDS

Scenario 4 - Talent plan, funding conflicts and changing research scope

This video demonstrates risks which may arise from joining talent plans, or similar arrangements. It also highlights the importance of understanding the ultimate beneficial owner of your research. We recommend exploring the Trusted Research for Academia guidance for further advice on collaborating securely.

Other useful resources include:

 

View Video Transcript

 

Trusted Research digital video script 

Scenario 5: University spin-out 

 

The following content is based on real events that occurred in UK academia. 

UK research associate ensnared in overseas military scandal 

A recently commercialised drone, designed to track endangered species in extreme weather conditions, appears to be the focal point of an international military scandal. 

The research associate that designed the drone, cashed in on their invention when a UK subsidiary of an overseas tech giant offered to invest and help commercialise the technology, through the formation of a university spin-out company. 

The overseas tech company stated that they intended to market the drone to the producers of wildlife, travel and extreme sports documentaries. However, aware that the technology could have dual-use applications – to track people, withstand explosions and function in extreme weather – the research associate conducted open-source research on the UK subsidiary, which left them feeling assured that the intended use was for civilian purposes only. 

Confidence bolstered, the research associate partnered with their institution’s Technology Transfer Office (TTO) and went ahead with forming the university spin-out company, providing the tech company with exclusive licensing rights. 

Following a year of R&D to further develop the drone’s capabilities, the research associate was shocked to find that the country in which the UK subsidiary was headquartered had recently produced a military drone with near identical capabilities and identical appearance. 

When the research associate approached the partner company, they denied involvement in the development of the military drone but soon after they terminated their agreement with the university spin-out. 

What can we learn from the UK research associates’ story? 

  • Researchers should familiarise themselves with institutional policies related to university spin-out companies, particularly in regard to shareholding and intellectual property (IP) ownership.  

  • Under the National Security and Investment Act, the UK government can scrutinize qualifying acquisitions if there’s reasonable suspicion of a risk to national security. Acquisitions related to sensitive areas of the economy, such as military and dual-use, are more likely to trigger scrutiny. Universities can voluntarily notify the government about an acquisition to determine if it will be called in. 

  • Researchers should be aware of who ultimately benefits from their work. When collaborating with UK subsidiaries of overseas companies, explore the organisation’s entire ownership structure as part of due diligence. Consider whether export controls apply based on information transfer within that structure. 

  • Working with overseas partners or in foreign markets may require you to obtain additional IP protections as they are often limited by territory, meaning IP protections held in the UK may not be recognised overseas. Note that IP enforcement varies across different territories; not all uphold protections as rigorously as the UK. 

  • The NPSA’s and the NCSC’s Secure Innovation campaign offers guidance on safeguarding start-ups and spin-outs. 

What could the UK research associate have done to mitigate the risks? 

  • Conducting open source research on all partners and their funding sources, not just those based in the UK, at the outset and refreshing this regularly for the duration of a project. This should be undertaken in conjunction with the research office, professional services and/or TTO to ensure a comprehensive understanding of the ownership and funding structures involved and the ultimate beneficiary of their work.  

  • Ensure that you are compliant with institutional policies with regard to the legal owner of any intellectual property that is developed when you are employed by a university, developing a spin-out or accepting funding from a third party. 

  • Consult institutional policies on holding external appointments, conflicts of interests and IP ownership prior to becoming involved in university spin-outs. 

  • Identify any legal obligations overseas partners, and their funders, may be subject to. 

Need more information? Speak with the team at your institution responsible for research security and visit the NPSA Trusted Research website 

Scenario 5 - University spin-out
 

This video highlights the need to identify the ultimate beneficial owner of research in order to secure your IP and be legally compliant when developing a spin-out company. For more information on embedding security into spin-outs, explore our Secure Innovation Guidance.

Other useful resources include:

View Video Transcript

Trusted Research digital video script 

Scenario 6: Identifying export controls and sanctions 

The following content is based on real events that occurred in UK academia. 

SECTION ONE – THE STORY 

UK University Avoids Breach of Sanctions in Near-Miss Incident  

A postdoctoral researcher at a UK university had hoped to collaborate with their former PhD supervisor, but the proactive identification of export control concerns and UK sanctions meant that the risks were identified at the outset. This allowed both them, and the university, to avoid legal issue and reputational damage. 

The postdoctoral researcher, who obtained a PhD in advanced materials from an overseas university, currently works at a prestigious UK institution and has been conducting extensive research into the application of graphene as a protective material. 

Keen to collaborate, the postdoctoral researcher reached out to their former PhD supervisor at the overseas university, who is an expert in the application of graphene as a construction material. Eager to be involved, their former PhD supervisor emphasised that to understand the UK project’s requirements, the full research aims and findings would need to be shared. 

Luckily before any data exchange, the postdoctoral researcher consulted with their institution’s professional services team. The team helped them navigate the university’s collaborations policy, which required consideration of UK export controls and sanctions. Through this process, it was established that due to the potential dual-use application of graphene as a protective material, the research would be subject to export control. It was also discovered that the overseas university was subject to UK sanctions. 

Recognising that the collaboration couldn’t go ahead, the postdoctoral researcher informed the UK university that whilst there had been contact with a sanctioned university, no intellectual property had been transferred and they would seek alternative partners with which to continue their research.  

SECTION TWO – CONSIDERATIONS 

What can we learn from the researchers’ story? 

  • The researcher was right to flag this potential international collaboration with their institution. Identifying potential research security risks and complying with UK legislation, as well as institutional policies, is a key part of protecting your research. 

Working with research offices/professional services helps to ensure that legal obligations are upheld and institutional policies and processes are followed. These teams can also provide advice on how to report and record interactions that may be a concern.  

  • Graphene as a protective material falls under the Export Control Order 2008. Use of graphene in body armour is also listed on the UK Government’s consolidated list of strategic military and dual-use items requiring export authorisation.  

  • The Department for Business and Trade’s Goods Checker tools can help to determine if technology is subject to export control. Since the tool is primarily designed for goods, it is always beneficial to discuss requirements with the research office/professional services.   

  • The UK Government can impose various sanctions on individuals, organisations, or countries, so sanction lists must be consulted before transferring goods, technology, or knowledge.  

  • Researchers should be alert to the use of third-party countries in international collaborations to circumvent UK sanctions. 

SECTION THREE – MITIGATIONS  

  • What did the researcher do to reach this positive outcome? 

  • Notified their institution of the proposed collaboration at the outset. 

  • Conducted open-source due diligence, with the assistance of their research office, regardless of their prospective collaboration partner being personally known to them.

  • Sought the advice of their research office on export control requirements for the topic of their proposed project. 

  • Checked the UK sanctions list to identify whether any individual or institution involved had been designated. 

Need more information? Speak with the team at your institution responsible for research security and visit the NPSA Trusted Research website 

Scenario 6 - Identifying export controls and sanctions

This video explains how an academic successfully navigated their institution’s collaborations policy and worked with their research office to avoid breaching UK export controls and sanctions. We recommend using the Trusted Research Collaboration Checklist to identify research security risks at the outset of a collaboration.

Other useful resources include:

 

View Video Transcript

Trusted Research - digital video script 

Scenario 7: Identifying dual-use applications before commercialisation

[INTRODUCTORY LINE]

The following content is based on real events that occurred in UK academia.

[SECTION ONE – THE STORY]

UK lecturer involved in near-miss IP theft incident 

A lecturer who developed an innovative solution for disposing of radioactive waste was able to protect themself from serious repercussions, including reputational damage, following overseas interest in their dual-use research.

The lecturer specialises in nuclear energy and was approached by an overseas company to create a university spin-out. The lecturer sought approval for travel expenses to visit the company and discuss terms.

The lecturer identified that the potential collaboration fell outside the scope of a mandatory notification under the National Security and Investment Act. However, recognising the wide ranging civilian and military uses of nuclear energy, the lecturer’s Head of Department recommended detailed research into the overseas company and referred the matter to the university’s research security team and the technology transfer office.

The lecturer provided the research security team with a detailed specification of their product, which enabled them to determine that the product included components listed on the UK Government’s consolidated list of strategic military and dual-use items, which would require an export licence. Further open-source research also revealed the overseas company had a concerning history of IP theft disputes.

Given these findings, and the potential for dual-use applications, the research security team escalated the collaboration to the research risk review board. The board decided to voluntarily notify the UK Government of the potential collaboration under the NSI Act, considering the nature of the product and the overseas company’s background.

As a precaution, the Head of Department advised the lecturer not to travel overseas until the review was completed, ensuring all legal obligations were met and the lecturer’s intellectual property was safeguarded.

[SECTION TWO – CONSIDERATIONS]

What can we learn from the UK lecturer’s story?

  • The absence of a requirement for a mandatory notification under the NSI Act does not mean that a collaboration is low risk. Thorough due diligence should still be undertaken, and all legal obligations fulfilled.
  • If the lecturer had travelled to visit the overseas company and presented the product without an export licence, they would have been in breach of export control regulations, committing a criminal offence punishable by fines or up to ten years imprisonment. 
  • The theft of IP can result in a loss of competitive edge, reputational damage, a slowdown in research progress or business growth, and a loss of trust from partners and funders. If the IP is dual-use or sensitive, it can also negatively impact the UK’s national security.
  • Institutions should identify and protect their most sensitive/valuable IP through measures like patents, cyber security, non-disclosure agreements, selective sharing, IP ownership agreements, restricted physical and network access and clear international collaboration policies.
  • IP ownership agreements should include: identification and notification of arising IP, protection decisions, management of IP, commercialisation and use of IP, termination agreement, background and foreground IP, jurisdiction and governing law, where information is stored, and allowances and limitations of usage of IP.
  • The Trusted Research Countries and Conferences Guidance provides additional advice on steps to take before travelling overseas.

[SECTION THREE - Mitigations]

What did the UK institution do to reach this positive outcome?

  • The lecturer followed internal processes and sought approval from their Head of Department for travel expenses, prior to travelling overseas.
  • The Head of Department recognised the need to refer the potential collaboration to the research security team and the technology transfer office due to the subject matter of nuclear energy and the product’s potential dual-use. 
  • The lecturer worked collaboratively with the research security team, providing them with the necessary technical information to establish whether an export licence would be required. 
  • The research security team conducted thorough due diligence and made the decision to escalate the potential collaboration to the research risk review board. 
  • The university’s research risk review board was aware of their ability to voluntarily notify the government about the acquisition under the National Security and Investment Act.

[WRAP UP]

Need more information? Speak to your research office or professional services. And visit the NPSA Trusted Research website.

ENDS

Scenario 7 - Identifying dual-use applications before commercialisation

This video shows how proactively identifying dual-use applications of research can help researchers to protect their work and their reputation. Before travelling overseas to meet with partners, familiarise yourself with the Trusted Research Countries and Conferencesguidance.

Other useful resources include:

 

Disclaimer:

This resource has been prepared by NPSA and NCSC and is intended to aid academic institutions to help them understand and mitigate security risks arising from research, in combination with additional resources and the application of institutions’ own judgement. This document is provided on an information basis only, and while NPSA and NCSC have used all reasonable care in producing it, NPSA and NCSC provides no warranty as to its accuracy or completeness.​
It is important to emphasise that no security measures are proof against all threats. You remain entirely responsible for the security of your own sites and/or business, and compliance with any applicable law and regulations. You must use your own judgement as to whether and how to implement our recommendations, seeking your own legal/professional advice as required.​
To the fullest extent permitted by law, NPSA and NCSC accept no liability whatsoever for any expense, liability, loss, damage, claim or proceedings incurred or arising as a result of any error or omission in the document or arising from any person acting or refraining from acting, relying upon or otherwise using the guidance. This exclusion applies to all losses and damages whether arising in contract, tort, by statute or otherwise including where it is a result of negligence. NPSA and NCSC separately and expressly exclude any liability for any special, indirect and/or consequential losses, including any loss of or damage to business, market share, reputation, profits or goodwill and/or costs of dealing with regulators and fines from regulators.​
Institutions and individuals have a responsibility to ensure that they comply with all relevant legal obligations, as well as any other obligations to which they are beholden. This guidance included in this document should not be considered exhaustive. This guidance raises issues for consideration but does not dictate or purport to dictate what conclusions institutions should reach. 
 

Crown Copyright Statement:

 OGL logo © Crown Copyright 2024​
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3​
You may use or reuse this content without prior permission but must adhere to and accept the terms of the Open Government Licence for public sector information.​
You must acknowledge NPSA as the source of the content and include a link to the Open Government Licence wherever possible. Authorisation to reproduce a third party’s copyright material must be obtained from the copyright holders concerned.