Accessibility Tools
As EU policy makers pay increased attention to the security of research carried out in Europe, EUA’s Sergiu-Matei Lucaci examines how recent developments, newly proposed measures and persistent thorny questions affect the state of play for universities and researchers.
Research security is highly prominent on the European Union’s political agenda, not least since ministers from member states adopted a recommendation on enhancing it in May 2024. So, how has the debate evolved since then? And where is it heading?
Universities are internationally-oriented institutions with a wide range of partnerships. This has naturally triggered reflection about the growing focus on security in political discourse and its implications for scientific cooperation. The issue itself may not be new, as there have always been security and commercial exceptions to Open Science, for instance long-established procedures for export controls that touch upon universities’ knowledge assets.
Nevertheless, in light of the mantra ‘As open as possible, as closed as necessary’, current developments in both geopolitics and national politics seem to broaden what falls under necessary. In this context, it is important to take stock of diverse approaches among universities across Europe, as well as how the bodies that represent them at national level (i.e. national rectors’ conferences) support them.
Firstly, there is a sizeable reservoir of existing knowledge and expertise from the pioneers of research security, mainly situated in northwestern Europe.
These are generally university systems with a headstart from pre-pandemic times, when guidelines for responsible internationalisation or principles for risk management and due diligence were already being devised. There is a noticeable process of mutual learning between these systems, which solidifies the sense of belonging to a community of practice.
Nevertheless, it has to be said that voices from other European regions are often still absent and that, on the whole, the university sector has perhaps not yet fully moved beyond this pioneering phase. Capacity building is still needed, and so are resources.
Another important factor is the reality that relationships with governments are not equally straightforward across Europe and do not always reflect the principle of co-creation that respects academic freedom and institutional autonomy. Moreover, the diversity of university systems and national or subnational governance means that no one-size-fits-all approach to research security is even possible.
Secondly, the alignment and further development of research security initiatives should be better supported at European level.
In this regard, the European Commission has announced next steps, including:
However, this is somewhat eclipsed by the still unknown impact of an earlier announcement that the next framework programme for R&I, FP10, will be dual use by default. Unfortunately, we are nowhere near a shared definition of dual use in Europe, and the concept is subject to varying interpretations among governments. Additionally, it is difficult to reconcile the recent EU narrative of dual use by default with the more established notion in the wider multilateral community of dual use as an exception, typically connected to biochemical warfare or weapons of mass destruction.
Hence, efforts to align research security approaches may be hampered by the concomitant militarisation of R&I, whereby everything is seen as having defence applications. This would likely tilt the balance away from risk awareness and management, which many existing approaches favour, towards generalised risk aversion and the sense that all knowledge, including fundamental research, can eventually be weaponised. It would thus be antithetical to the cooperative ethos of science and the need for proportionality in safeguarding knowledge assets.
Finally, research security discussions still tend to be rather high level and have not yet properly reached individual researchers. The latter may have a good understanding of which risks are common in their respective fields, but in the absence of systematic training and awareness raising – caused by limited resources – it is an open question if they can actually carry out due diligence for their projects. So, what can be done to better equip researchers for this challenge?
One option would be for research funders and governments to make the application and screening process as detailed as possible in terms of risks to be assessed and conditions to be fulfilled. Here, the obvious downside is that in times of ever stronger calls for simplification such prescriptiveness may be seen as a considerable administrative burden.
Yet conversely, if researchers conduct self-assessments without sufficient guidance and support, there is also too much room for mistakes or inadequate risk appraisals, as well as complicated liability issues when security breaches do occur. It would appear that the matter cannot be properly tackled either way unless there is more widely shared expertise across the sector, as well as sufficient trust and dialogue with government agencies.
Looking towards the future, there is evidently much to be done. But while the glass may still only be half full, it is important to not misinterpret this as a need for more stringency, rules and top-down steering. As a speaker at a recent event aptly put it, car traffic runs fluidly not because the police is omnipresent, but because traffic rules and drivers’ training are sufficiently clear. Similarly, research security protocols should help consolidate trust in science and empower researchers by giving them the confidence to pursue their projects. Rather than constantly devising new restrictions and regulations, it is worth asking whether success for research security means the removal of some barriers to cooperation once we are sure that all the right safeguards are in place.
Note: Over three days in late October 2025, the European Commission and twelve stakeholder groups from the research and innovation sector, including EUA, co-organised the first European Flagship Conference on Research Security. With more than 500 participants from Europe and beyond, the event was a valuable opportunity for the university sector to present its achievements, objectives and challenges. To this end, EUA convened a conference session on ‘The role of umbrella organisations in research security: national rectors’ conferences as interfaces between governments and universities’, with expert input from Universities UK International, Universities of the Netherlands, the Flemish Interuniversity Council (VLIR) and the German Rectors’ Conference (HRK).
