This section outlines the University’s approach to research security, based on the Council Recommendation of 23 May 2024 on enhancing research security (C/2024/3510) (“Recommendation”), adopted within the framework of the European Union.
In response to the changing geopolitical context, the Recommendation calls for the EU research and innovation ecosystem to be supported in anticipating and managing the risks, such as: undue or malign foreign influence; unwanted transfer of critical knowledge or technology; and threats to research integrity, ethics, and fundamental rights, while continuing to promote openness and international cooperation.
For the purposes of the Recommendation, research security is defined as the anticipation and management of risks related to:
(a) undesirable transfer of knowledge or technology;
(b) malign or undue influence on research activities;
(c) ethical breaches and violations of research integrity or fundamental rights.
Research security refers to the measures and practices that protect research, researchers, data, and infrastructure from misuse, unauthorised access, undue influence, or exploitation.
In a university context, research security seeks to:
(a) safeguard academic freedom while managing legitimate security and compliance risks;
(b) ensure that research outputs are used for peaceful, lawful, and socially beneficial purposes;
(c) protect sensitive data, intellectual property, and research infrastructure;
(d) support responsible international collaboration in line with EU values and legal obligations.
Research security does not aim to restrict collaboration, but to ensure that risks are identified early and managed proportionately.
Dual-use research refers broadly to legitimate academic or civilian research that generates knowledge, technologies, software, methodologies, or data that could also be repurposed for non-civilian, security-sensitive or harmful applications. The term draws from the concept of dual-use technologies as recognised in EU law and policy; items, software or technologies that are suitable for both civilian and military or security objectives.
In the European Union, dual-use considerations arise most directly under the EU Dual-Use Regulation (Regulation (EU) 2021/821), which governs export, transit, brokering and technical assistance relating to dual-use items that’s defined as goods, software and technology that can be used for both civilian and military applications.
At the research level, dual-use research is not limited to physical goods. It can include:
(a) software and algorithms with applications in cybersecurity, surveillance, or autonomous systems;
(b) biotechnologies that, while addressing health or agricultural questions, also have potential misuse pathways (e.g., gene editing techniques);
(c) advanced materials, sensing or navigation technologies whose capabilities might be applied in both civilian systems and defence or security contexts;
(d) high-performance computing, artificial intelligence, and data analytics that may accelerate capabilities relevant to national security or strategic competition.
The EU’s Annex to Commission Recommendation C(2023)6689, which identifies critical technology areas for further risk assessment, provides a practical lens on emerging domains where dual-use risk assumptions are heightened. This list includes, for example, quantum computing and cryptography, synthetic biology and genetic modification techniques, secure communications infrastructure (such as Open RAN and 6G), autonomous systems, and advanced sensing technologies, all of which are research areas with substantial civilian value but also potential dual-use implications depending on their development and transfer pathways.
In the context of research security, dual-use risk assessment means researchers and institutions should be alert to whether:
(a) project outputs could be repurposed for military, surveillance or other security-sensitive uses;
(b) research may implicate technologies that fall within EU export control frameworks or evolving risk lists;
(c) collaborations or knowledge transfers may involve intangible transfers of know-how that attract regulatory or ethical scrutiny.
Researchers should reflect on whether their research:
(a) involves critical or emerging technologies with potential dual-use applications, generates detailed technical knowledge (including software, algorithms, source code or prototypes), enables intangible technology transfer, or could be applied in military, surveillance, cybersecurity, intelligence or repression-related contexts.
(b) is supported by non-transparent funding, indirect funding through intermediaries with unclear ownership, pressure to conceal funding sources or affiliations, or funding conditions that unduly restrict academic independence or publication.
(c) includes international partnerships where collaborators operate in jurisdictions with weak rule-of-law protections or limited academic freedom, where agreements contain unusual confidentiality or publication restrictions, where there is resistance to standard due-diligence or approval processes, or where a partner seeks exclusive control over research outputs without clear academic justification.
Researchers should pause where projects may affect fundamental rights, human dignity or ethical norms, where ethics review is discouraged or bypassed, where there is pressure to alter methodologies or findings for non-scientific reasons, or where researchers or students experience coercion, intimidation or monitoring by external actors.
Be alert where research falls within or close to areas associated with EU dual-use controls or critical technology risk assessment, or where research results, data or expertise may be transferred outside the EU through publications, conferences, cloud services or collaboration tools.