By David Clark and Jackie Bernal
On Jan. 14, 2021, just one week before the end of his term in office, former President Trump signed National Security Presidential Memorandum 33 (NSPM-33) to “direct actions to strengthen protections of the United States Government-supported Research & Development (R&D) against foreign government interference and exploitation.” NSPM-33 was formally endorsed by the Biden Administration in August 2021 and the National Science and Technology Council’s (NSTC) Subcommittee on Research Security published Guidance for Implementation of NSPM-33 in January 2022.
The directive responds to challenges within the fundamental activities and openness of America’s government-sponsored research, recently highlighted by undisclosed conflicts and participation in programs sponsored by foreign governments, most notably the People’s Republic of China and its Thousand Talents Program. Since 2018, such undisclosed and unwanted engagement with foreign governments and the misappropriation of intellectual property from U.S. government-funded projects has been a focus of the Department of Justice.
Background
The objective of NSPM-33 is to prevent foreign governments from obtaining any non-public results of U.S.-funded research, whether by conflicts of interest or commitment or a research security breach. The memorandum highlighted a need for enhancements to key areas of government oversight and protection of funded research activities, including:
- Restrictions and education for federal personnel regarding participation in foreign government-sponsored talent recruitment programs.
- Strengthened vetting processes for foreign students and researchers.
- Increased disclosure requirements for research grant applications and ongoing recipient reporting, to be standardized across agencies to the greatest extent practical.
- Implementing policies regarding the use of a Digital Personal Identifier (DPI) for federally funded researchers.
- Establishing requirements for research security programs at research institutions.
In an effort to maintain America’s commitment to openness, transparency and honesty in research, federal departments and agencies, recipient organizations and individual researchers will need to join together to implement and comply with the requirements of NSPM-33.
NSPM-33 Implementation Progress
NSPM-33 is a call to action for all federal agencies to standardize and strengthen disclosure activities, under NSTC’s leadership. In January 2022, NSTC issued NSPM-33 implementation guidance to agencies, summarizing the varying expectations and time frames for compliance in the following five key areas:
- Disclosure Requirements and Standardizations
- Digital Persistent Identifiers (DPI)
- Consequences for Violation of Disclosure Requirements
- Information Sharing
- Research Security Programs
While more detailed standards and requirements related to disclosure processes and research security programs are expected to emerge, here is what we know so far.
Updated Disclosures
Agencies were given 120 days to address certain expectations, including enhancements to disclosure processes and collection of broader, consistent levels of information within grant proposals and throughout the life of federal awards. The National Institutes of Health (NIH), National Science Foundation (NSF) and Office of Science and Technology Policy (OSTP) co-chaired an interagency working group to coordinate and cooperate in the design and implementation of new disclosure requirements. While agencies attempted to standardize disclosure expectations as much as possible to ease administrative burden, the uniqueness and nuances of programs offered by the various agencies made a single, common disclosure form and process impractical.
While many agencies have published updated guidance and templates regarding what, when and by whom information must be disclosed, work continues to establish DPI standards and processes for analyzing and working with the collected data.
Research Security Program
Beyond the enhanced disclosure requirements, organizations receiving in excess of $50 million per year in “total federal research funding” will be required to complete a certification that they have implemented a research security program following the expectations of NSPM-33. While exactly how this certification will be accomplished is still in development by OSTP, the NSTC Subcommittee on Research Security, and the Office of Management and Budget (OMB), organizations meeting the funding threshold must address the currently vague guidance related to enhancing processes and controls around:
- Cybersecurity
- Foreign travel security
- Research security training
- Export control training
Research organizations must appoint a research security point of contact (POC) and provide a publicly accessible means (such as through a website or social media) to contact that individual. Organizations subject to other existing federal security standards, such as those involving classified or controlled unclassified information (CUI) can combine research security POCs, but would not need to apply the most stringent requirements associated with classified information or CUI to all research within the general program.
Challenges and Criticisms
While it is understandable that the government felt the need to move toward NSPM-33, challenges still exist for impactful implementation. Beyond the difficulties coordinating standardization of disclosure forms and processes across agencies and the condensed timeline to complete development, implementation and communication from the government, the largest concern raised is related to how this shift impacts the overall intent and purpose of fundamental research conducted across the country. The openness of the federally funded research enterprise within the U.S. has been paramount to our ability to improve healthcare, ensure the safety and well-being of Americans, advance technology and promote innovation around the globe. Further, disclosures will be the responsibility of individual researchers and key project employees, so the urgency of training, education and monitoring will be paramount to ensuring these enhanced processes yield their intended effect.
Written by David Clark and Jackie Bernal. Copyright © 2022 BDO USA, LLP. All rights reserved. www.bdo.com
