United States Research Security Standards

The United States (US) has implemented research security measures that impact Canadian researchers seeking American funding. It is important that researchers understand the different research security requirements established by the following US government funding agencies.

• National Institutes of Health (NIH)
• Department of Defense (DoD)
• National Science Foundation (NSF)
• Department of Energy (DoE)
   

The measures established by these agencies are guided by 2021 National Security Presidential Memo-33 (NSPM-33) and the subsequent 2022 Guidance to federal agencies for implementing NSPM-33, issued by the Office of Science and Technology Policy. These measures are also reflective of requirements set out in the 2022 CHIPS and Science Act.

Researchers are encouraged to consult with their US partners on any US institution-specific requirements beyond those identified for the funding agencies below.

Please contact the Research Security Team (RST) via the VPRI Contact listed below if you have questions or require assistance.

The specific steps researchers must take to ensure compliance with research security requirements will be included in the funding opportunity information.

See United States Research Security Definitions for detailed definitions and for information about the requirements set out by the funding agencies.
 

Applicable to All US Agencies

‘Covered Individuals’ (see US Research Security Definitions) will need to certify that they are not an active participant in a Malign Foreign Talent Recruitment Program (MFTRP) at time of proposal submission, and annually thereafter, for the life of the award. They will also need to disclose participation in all Foreign Talent Recruitment Programs (FTRPs). This regulation is effective as of May 20, 2024, for NSF and August 9, 2024, for all other externally sponsored awards (Federal and non-Federal).

Proposals submitted with past MFTRP participation (up to August 9, 2022) may warrant additional scrutiny and require mitigation measures. Contact the Research Security Team for more information.

See United States Research Security Definitions for detailed definitions of MFTRP and FTRP.
 

National Institutes of Health (NIH)

Please note that effective May 1, 2025, NIH will implement the following changes.

• No longer issue awards to domestic or foreign entities (new, renewal, or non-competing continuation), that include a subaward to a foreign entity
• No longer accept prior approval requests to add a new foreign component or subaward to an ongoing project
• Renegotiate new, renewal, or non-competing awards to remove subawards to foreign entities, and allow the funds to be re-budgeted for use by the prime recipient when the work can be performed domestically
• Work with the grant recipient to negotiate a bilateral termination if a project is no longer viable without the foreign subaward, taking into consideration any need to support participant safety and/or animal welfare
   

This is a temporary pause for foreign subawards, while NIH finalizes the implementation of the new award structure (expected no later than September 30, 2025). NIH will not retroactively revise ongoing awards to remove foreign subawards at this time. NIH continues to support direct foreign awards. This policy applies to all monetary foreign collaborations. It does not apply to funds provided to support foreign consultants, or to purchase unique equipment or supplies from foreign vendors.

The NIH requires the disclosure of all sources of research support, ‘foreign components’, and financial conflicts of interest for senior/key personnel on research applications and awards.

NIH defines a ‘foreign component’ as the performance of any significant element or segment of the project outside the United States either by the grantee or by a researcher employed by a foreign institution, whether or not grant funds are expended. Activities that would meet this definition could include the following.

• Collaborations with investigators at a foreign site anticipated to result in co-authorship
• Use of facilities or instrumentation at a foreign site
• Receipt of financial support or resources from a foreign entity
• The involvement of human subjects/or animals
• Extensive foreign travel by grantee project staff for the purpose of data collection, surveying, sampling, and similar activities (Note: Foreign travel for consultation is not considered a ‘foreign component’)
• Any activity that may impact on US foreign policy through the involvement of grantee project staff in the affairs or environment of the foreign country
   

NIH has not yet implemented mandatory research security training.

For more information, please see Foreign Interference and Updated NIH Policy on Foreign Subawards.
 

Department of Defense (DoD)

The DoD has a detailed risk-based security review process for any funding opportunities. Where possible, DoD will seek to mitigate any research security risks that may be uncovered during the review process. Such security risks may include the following.

• Indicators of participation in a foreign talent recruitment program (FTRP)
• Co-authorship and patents are not, on their own, sufficient cause to deny funding for a fundamental research project proposal
• Patents or patent applications resulting from US government funded research that were filed in a FCOC or on behalf of FCOC connected entity before filing on in the US
• Affiliation with an entity on the US Bureau of Industry and Security (BIS) Entity List
   

Beginning August 9, 2024, DoD is prohibited from providing funding to or making an award of a fundamental research project proposal in which a covered individual is participating in an MFTRP or to a proposing institution that does not have a policy addressing malign foreign talent programs. For more information, see Security Considerations for Foreign Talent Programs. DoD is still evaluating when it will implement mandatory research security training.

For detailed information on DoD requirements, including a list of MFTRPs and foreign institutions confirmed to be engaging in activities of concern, please see 2025 DoD Component Decision Matrix to Inform Fundamental Research and Fiscal Year 24 Lists Published in Response to Section 1286 of the National Defense Authorization Act.
 

National Science Foundation (NSF)

NSF began an annual MFTRP certification on June 7, 2025, for all PIs and co-PIs named on an NSF award made on or after May 20, 2024, and is working to expand the requirement to all senior/key personnel roles at a future date. Those with more than one active award made on or after May 20, 2024, are only required to certify once annually.

As mandated by the CHIPS and Science Act, the NSF has established the Research Security and Policy Office to identify potential security risks. NSF requires universities applying for NSF funds to disclose agreements and gifts from China and other Foreign Countries of Concern (FCOCs). Likewise, the NSF requires individuals to submit various disclosures, including appointments, affiliations and current and pending support from external funding sources.

Effective October 10, 2025, NSF will require mandatory research security training.

For more information, please see Research Security at the National Science Foundation.
 

Department of Energy (DoE)

DoE prohibits employees, contractors, and certain subcontractors, including university researchers funded by DoE contracts or subcontracts, from currently or in the future participating in Foreign Government-Sponsored Talent Recruitment Programs of a Foreign Country of Risk (analogous to a Malign Foreign Talent Recruitment Program (MFTRP)).

In addition, DoE restricts participation in Other Foreign Government Sponsored or Affiliated Activities of a Foreign Country of Risk. Disclosure of pending and current participation is required. Foreign nationals who wish to work on DoE-funded fundamental research projects at universities must receive an approval from DoE before they can work on research projects. As defined by DoE, anyone who is not a US citizen by birth or naturalization is a foreign national.

Effective May 1st, 2025, DoE requires mandatory research security training.

For more information, please see Office of Science Laboratory Policy Science and Security, the DOE O 486.1A, Foreign Government Sponsored or Affiliated Activities Frequently Asked Questions and DoE Research Security Training Requirement.

While PIs may utilize any training that addresses cybersecurity, international collaboration, foreign interference, and rules for use of funds, disclosure, conflict of commitment, and conflict of interest, the NSF-funded SECURE Center has developed an updated and condensed version of the four modules, designed to meet the government-wide research security requirement. NSF, NIH, DOE, and DOD all recognize completion of the condensed module and the original four-module research security training as compliant with their respective training requirements.

Covered individuals must certify that they have completed the training within the 12 months immediately preceding the application date. Covered individuals must retain records of their training certification.

• Research Security Training (4 modules) - NSF, DoE, DoD and NIH partnership
• SECURE Center Consolidated Training Module

Individual academic institutions / corporations in the US may also have their own research security requirements to abide by in addition to government requirements. If available, these requirements can generally be found on the institution’s website under ‘Research Security’.

In addition, be mindful of the US sanctions / restricted entity lists when applying for international grants. Helpful resources include the US Bureau of Industry and Security (US BIS) Lists of Parties of Concern and the Office of Foreign Assets Control (OFAC) Sanctions List Search.