European regulations targeting knowledge and research

The concept of a regulatory framework is as diverse as imaginable. It differs from country to country and can be quite confusing regarding the safeguarding of science. This chapter acts as a short overview with the focus on European jurisdiction.


© Unsplash/Bernard Hermant

Regulatory framework can be found within each country but also on a European level. Besides the conclusion of an individual case-related cooperation contract (R&I contract) it is mandatory to consider national and EU level laws and regulations. The regulatory framework plays a significant role in shaping innovation and research landscapes in Europe. In order to facilitate and promote innovation, the EU has implemented a comprehensive framework that governs research and development activities across a broad range of areas. It aims to find a balance between promoting innovation and safeguarding public interest. Topics regarding safety, ethics or sustainability are amongst others being specified. The framework is constantly evolving with new regulations and guidelines being published to keep pace with the rapidly advancing technologies and changing market conditions. A proper compliance is essential for universities and research organisations operating within the EU to prevent penalties or other negative effects.

European regulatory framework targeting research

Subsequently, some relevant regulations are being presented and shortly explained (there shall be no claim to completeness or objectivity regarding the chosen regulations): 

EU General Data Protection Regulation (EU-GDPR):

The protection of natural persons in relation to the processing of personal data is a fundamental right. The EU-GDPR creates a consistent and homogeneous protection of personal data across the EU Member States.


European Code of Conduct for Research Integrity:

The interpretation of values and principles that regulate research may be affected by social, political or technological developments and by changes in the research environment. The European Code of Conduct for Research Integrity provides a collection of principles and good research practices.

EU Code of Conduct for Research Integrity (PDF)

Sanction Regime:

The EU’s Sanction Regime is a set of measures designed to promote the EU’s foreign policy objectives and maintain international peace and security. It provides a legal basis for imposing restrictive standards such as asset freezes and travel bans on individuals, groups or entities posing a threat to these objectives.

EU Sanctions Map

Export Control:

Apart from national export control laws several EU Regulations exists such as 2021/821 (EU Dual-Use Regulation), No. 258/2012 (Firearms Regulation), 2019/125 (Anti-Torture Regulation).

BAFA Export Control page

Foreign Interference:

The European Union Agency for Cybersecurity (ENISA) and European External Action Service (EEAS) have collaborated to develop an analytical framework for studying threat landscapes of Foreign Information Manipulation and Interference (FIMI) and disinformation. FIMI is a proposed concept by the EEAS that puts emphasis on manipulative behavior rather than the truthfulness of content being delivered. The report proposes an analytic approach describing FIMI and manipulation of information by combining practices from both cybersecurity and FIMI domains.

ENISA FIMI Threat Landscape Publication


Ethics is a set of moral values and principles that govern the conduct of an individual or group and an integral part of research. Ethical research implies the application of fundamental ethical principles and legislation to scientific research.

Ethics and EU grants (PDF)

Ethics guidelines for trustworthy AI

Treaty on the Functioning of the European Union (TFEU):

Article 187 TFEU specifies that the EU may set up joint undertakings (JUs) or any other structure necessary for the efficient execution of EU research, technological development and demonstration programmes. These JUs could also define specific terms for cooperation with EU funding.

Council Regulation: Establishment of nine Joint Undertakings

EU Cybersecurity Act:

The EU Cybersecurity Act is a regulation that aims to strengthen the EUs’ cybersecurity infrastructure and increase trust in digital services. It establishes a framework for EU-wide cybersecurity certification schemes for products, processes and services, ensuring that they meet specific security standards. The act also establishes the European Cybersecurity Certification Group, a body responsible for developing and maintaining certification schemes and ensuring their consistency across EU Member States.

EU Commission EU Cybersecurity Act page

In addition to national and EU level laws extraterritorial regulations could affect international research cooperation (including data regulations).

Read more


Horizon Europe – the Framework Programme for Research and Innovation

The „establishing Horizon Europe “acts as a regulatory framework (68 pages) in regard to the Horizon Europe Program. It was made by the European Parliament/Council of the European Union and published in April 2021
Value: The document can serve as an example of a regulatory framework in the context of the European scientific sphere.

Shortened abstract:

It establishes Horizon Europe — the framework programme for research and innovation (the ‘programme’) for the duration of the 2021-2027 multiannual financial framework, and lays down its rules for participation and dissemination. The regulation:

  • determines the framework governing European Union (EU) support for research and innovation (R & I) in terms of the scientific and technological objectives to be achieved and the relevant priorities, indicates the broad lines of such activities and fixes the maximum overall amount and the detailed rules for EU financial participation in the framework programme and the respective shares in each of the activities provided for;
  • sets out rules for the participation of undertakings, research centres and universities and lays down the rules governing the dissemination of research results.

Guideline paper “How to handle security-sensitive projects”

The guideline paper (8 pages) “How to handle security-sensitive projects” helps EU project applicants and recipients to review and self-asses security measurements.
Value: The document serves as an example of an European approach to establish a framework on security-sensitive projects.

Shortened abstract:

The guidance will help you with the security self-assessment at proposal stage and the special security documents you may be asked to fill out during grant preparation. In addition, it contains instructions about the handling of security sensitive projects during grant implementation. The security self-assessment is part of the security review process that must be conducted by EU granting authorities before they can sign security-sensitive grants. It aims to identify projects that may require EU classification of information (EUCI) under Decision 2015/444 and/or other security recommendations.

Related topics