Universities should do more to raise awareness of security issues with their researchers

A new @HEPI_news report, What’s next for national security and research? by Dr Alexis Brown (HEPI Report 147), reviews what measures are in place to protect UK research from foreign interference, including the new National Security and Investment Act (2021) that came into force on 4 January 2022. 

It argues that, while universities can do more to raise awareness of security issues with their researchers, any new legislative measures must also be carefully designed to avoid increasing administrative burdens in counterproductive ways. 

The National Security and Investment Act (NSIA) (2021) gives the Government new powers, based in the Department for Business, Energy and Industrial Strategy (BEIS), to intervene in the acquisition of UK entities and assets by both foreign and domestic investors.

The NSIA’s scope goes significantly beyond its global equivalents, according to experts. As Michael Leiter, former Director of the United States National Counterterrorism Center, noted in testimony to the House of Commons, the UK will see an ‘explosive increase in matters’ under this new regime, as it goes from reviewing very few cases to over a thousand each year. This number will far outstrip its US equivalent, which under the Committee on Foreign Investment in the United States (CFIUS) annually reviews approximately 240 full cases and another 100 short-form cases. Covering both tangible and intangible objects, as well as foreign and domestic investors, the sheer scope of the new UK regime ‘poses some real risk for management’, according to Leiter. 

This new regime, which will increase the administrative burden on universities, comes precisely at the time when the Government has committed to reducing research bureaucracy. More legislation aimed at protecting national security in universities may be coming down the line as well, such as the proposed Foreign Interference Registration Scheme and a proposed amendment to theHigher Education (Freedom of Speech) Bill that would require the disclosure of financial arrangements over £50,000 on a public register.

Dr Alexis Brown, author of the report and Director of Policy and Advocacy at HEPI, said: 

‘The temptation to introduce additional national security regimes through new legislation is understandable, given what’s at stake in managing these risks. But legislative and regulatory measures, however well-intentioned, do not in themselves make research safer.Indeed, if their implementation overwhelms the administrative capacity of universities and government departments alike, identifying genuine threats becomes more, not less, difficult.

‘What may be more effective and resource-efficient than additional legislation is supporting universities to better tackle these security issues themselves, especially given the importance of raising the awareness of researchers who operate within their institutional walls. Universities should do more on this count too, such as promoting easily accessible guidance and training.’ 

In the Foreword to the report, the former Chief Scientific Adviser on National Security, Professor Sir Anthony Finkelstein, said: 

‘Research is a complex and highly dynamic business, it is undertaken at scale by universities through a great variety of different routes, and it is an important UK soft and hard power asset, so interventions must be very carefully measured. Seemingly small regulatory requirements readily spawn large bureaucratic responses. Partnership with the sector and a willingness to listen are strongly in the UK’s national security interest.’ 

Ben Moore, Policy Manager at the Russell Group, said: 

‘We all understand the need for a Government to be able to monitor and, when necessary, intervene if investments from overseas organisations could pose a threat to national security. We worked with Government to help shape the National Security and Investments Act but now it has come into force, we must get implementation right to ensure it properly balances national security and the UK’s ability to build new international partnerships. 

‘The best regulatory regimes are targeted, risk-based, and impose the minimum burden required to deliver critical policy goals. By contrast, a less targeted approach that treats a partnership between a UK university and a German or US company as equivalent to one with, for example, a firm under state control in a country under sanctions could result in the new system being overwhelmed with referrals and ultimately result in more risky transactions being missed.’ 

Recommendations from the report include: 

• BEIS should introduce a list of targeted exemptions from the NSIA scheme, such as for trusted domestic investors and closely allied states, as countries such as the USA do for similar legislation.
• Government and the sector should collaborate to create a comprehensive, interactive map that details the Government departments, sector bodies and other organisations that have responsibility within the research security space. If regularly updated, this would help both university and Government stakeholders navigate what has become a complex landscape and avoid duplication of efforts.
• Universities should promote readily accessible staff guidance and training on research security to raise awareness of this issue. They should also consider developing an institutional set of principles for managing international risks.