Legislation & Congressional Activity

Direct link to COGR's Matrix of Science & Security Laws, Regulations, and Policies.

September 2024, report ordered by Committee on Homeland Security. States that IHEs which have a relationship with a Confucius Institute or Chinese entity of concern is ineligible to receive any funds from the Department of Homeland Security, unless the institution terminates the relationship.

OSTP to issue guidance to Federal research agencies to prohibit participation in 'foreign talent recruitment programs' by agency personnel and provide additional clarification to the research community regarding which activities are considered 'foreign talent recruitment programs.' OSTP is also directed to issue guidance clarifying that researchers working on Federally supported research projects must disclose participation in FTRPs in Federal research award proposals. OSTP is further directed to issue guidance for Federal research agencies to prohibit researchers working on agency-funded projects from participating in 'malign foreign talent recruitment programs,' and certify both at the time of proposal and annually that they are not part of a malign foreign talent recruitment program.

A chart that compares federal laws, regulations, and policies in the area of science and security. The chart is divided into three separate tabs that cover (a) major federal-wide legislation or policy, (b) agency disclosure requirements for researchers and research institutions; and (c) agency conflict of interest policies. Updated September 30, 2025.

Signed December 20, 2019. Section 1746 directs OSTP to establish an interagency working group (the Research Security Subcommittee) under the NSTC to protect federally funded R&D from foreign interference, cyberattacks, theft, or espionage and to develop recommendations for best practices for federal agencies and grantee institutions. Section 1746 also called on the National Academy of Science, Engineering and Medicine to stand up a new Roundtable on Science, Technology, and Security. Includes Confucius Institute waiver criteria for DoD.

Signed January 3, 2020. Section 223 mandates disclosure of funding sources in applications for federal R&D awards and holds universities accountable for ensuring faculty awareness. Section 1299C is an amendment to FY 2019 NDAA Section 1286 requiring designation of an official responsible for liaising with academic institutions and briefing them on espionage risks. Section 1062 restricts DoD and NSF funds to institutions hosting a Confucius Institute. Section 9907 prohibits any funds for microelectronics initiatives to a foreign entity of concern.

Signed into law in August 2022, the CHIPS and Science Act includes a number of research security provisions. Key sections address research security at DOE, NIST cybersecurity guidance, NSF Office of Research Security and Policy, research security training requirements, information sharing analysis organizations, Confucius Institute restrictions, foreign financial support reporting, and foreign talent recruitment program requirements.

September 2022. Requires agencies to implement a due diligence program to assess security risks for SBIR and STTR proposals. Disclosure requirements include information on foreign ties, business relationships, investment, and ownership. [Source: AAU, January 2024].

A congressional hearing held in February 2024 with representatives from the White House (OSTP), NSF, NIH, and DoE examining federal science agency actions to secure the U.S. science and technology enterprise.

The Congressional Research Service (CRS) issued a report on May 20, 2025, summarizing federal research security policy efforts to date, and providing options Congress might consider to address perceived gaps or deficiencies while also remaining cognizant of the potential increase to administrative burden they would present. Proposed options discussed include: a. Expanding sources of foreign support researchers are required to disclose, b. Broadening the scope of who is required to disclose Current and Pending (Other) Support, c. Increasing the frequency of post-award updates, d. Expanding agency requirements when reviewing disclosed information, e. Focusing risk assessment activities more narrowly on critical and emerging technologies, f. Expanding agencies' requirements to report to congress on research security violations, mitigation measures, and implementation status.