Compliance
Making your research legally compliant
For universities and research institutions, compliance means adhering to the rules and standards that govern scientific activity. These include national and international laws and treaties as well as internal regulations on scientific standards and ethical conduct. All of these aspects can be highly relevant in international scientific cooperation.
Export control regulations, embargo and sanctions lists as well as confidentiality obligations present particular challenges. Contracts with public and private funding bodies also require careful review, as funding conditions and legal frameworks may differ. The protection of intellectual property and the consideration of dual-use risks play a central role as well, especially in projects involving international partners.
A systematic compliance management system creates transparency, reduces risk, and helps prevent legal consequences. Compliance is therefore an essential foundation for research that is conducted both lawfully and successfully.
We have analysed best practices to help you ensure legal compliance in research. Explore our compliance resources now!
Good practice in compliance management
We have curated best practices from publicly available guidelines on research security in international R&I cooperation. This resource aims to support you in establishing and implementing measures to protect the scientific achievements and work of your institution.
EU General Data Protection Regulation (EU-GDPR)
The protection of natural persons in relation to the processing of personal data is a fundamental right. The EU-GDPR creates a consistent and homogeneous protection of personal data across the EU Member States.
European Code of Conduct for Research Integrity
The interpretation of values and principles that regulate research may be affected by social, political or technological developments and by changes in the research environment. The European Code of Conduct for Research Integrity provides a collection of principles and good research practices.
Sanction Regime
The EU’s Sanction Regime is a set of measures designed to promote the EU’s foreign policy objectives and maintain international peace and security. It provides a legal basis for imposing restrictive standards such as asset freezes and travel bans on individuals, groups or entities posing a threat to these objectives.
Export control
Apart from national export control laws several EU Regulations exists such as 2021/821 (EU Dual-Use Regulation), No. 258/2012 (Firearms Regulation), 2019/125 (Anti-Torture Regulation).
Foreign interference
The European Union Agency for Cybersecurity (ENISA) and European External Action Service (EEAS) have collaborated to develop an analytical framework for studying threat landscapes of Foreign Information Manipulation and Interference (FIMI) and disinformation. FIMI is a proposed concept by the EEAS that puts emphasis on manipulative behavior rather than the truthfulness of content being delivered. The report proposes an analytic approach describing FIMI and manipulation of information by combining practices from both cybersecurity and FIMI domains.
Ethics
Ethics is a set of moral values and principles that govern the conduct of an individual or group and an integral part of research. Ethical research implies the application of fundamental ethical principles and legislation to scientific research.
Treaty on the Functioning of the European Union (TFEU)
Article 187 TFEU specifies that the EU may set up joint undertakings (JUs) or any other structure necessary for the efficient execution of EU research, technological development and demonstration programmes. These JUs could also define specific terms for cooperation with EU funding.
EU Cybersecurity Act
The EU Cybersecurity Act is a regulation that aims to strengthen the EUs’ cybersecurity infrastructure and increase trust in digital services. It establishes a framework for EU-wide cybersecurity certification schemes for products, processes and services, ensuring that they meet specific security standards. The act also establishes the European Cybersecurity Certification Group, a body responsible for developing and maintaining certification schemes and ensuring their consistency across EU Member States.
EU Commission EU Cybersecurity Act page
In addition to national and EU level laws extraterritorial regulations could affect international research cooperation (including data regulations).
Horizon Europe – the framework programme for research and innovation
The „establishing Horizon Europe “acts as a regulatory framework (68 pages) in regard to the Horizon Europe Program. It was made by the European Parliament/Council of the European Union and published in April 2021
Value: The document can serve as an example of a regulatory framework in the context of the European scientific sphere.
Guideline paper “How to handle security-sensitive projects”
The guideline paper (8 pages) “How to handle security-sensitive projects” helps EU project applicants and recipients to review and self-asses security measurements.
Value: The document serves as an example of an European approach to establish a framework on security-sensitive projects.