The Impact of the National Science Foundation TRUST Framework

Does your institution receive National Science Foundation (NSF) funding, and are you prepared for the recent release of the NSF’s Trusted Research Using Safeguards and Transparency (TRUST) framework? In June of 2024, NSF’s Office of the Chief of Research Security Strategy and Policy (OCRSSP) released the revised TRUST framework to guide the agency in assessing grant proposals for potential national security risks. The revised TRUST framework aims to protect U.S. taxpayer investments in research and innovation by preventing unwanted foreign influence and theft of federally funded research during the proposal phase. The new developments by the NSF to curtail foreign influence in U.S. research come from the CHIPS and Science Act of 2022, which directs the NSF to identify areas of research involving foreign access to unclassified or classified information and determine a due diligence process to grant NSF funding. Furthermore, the FY 2023 Appropriations Report requires collaboration between the NSF, Secretary of Defense, and Director of National Intelligence to maintain a list of NSF-funded open-source research capabilities known or suspected of impacting foreign military operations. The NSF, recognizing the need to safeguard U.S. innovation while participating in globally conducted research, developed the new TRUST framework to balance global participation and security. The TRUST framework aims to allow institutions funded by the NSF to pursue essential research partnerships while being aware of and accepting the risk by preventing unwanted influence in the proposal phase.

The TRUST framework aims to prevent institutions and individuals from being too concerned about risk and avoiding beneficial research activities by using due diligence to identify, address, and understand potential risks. The TRUST framework approaches the research security process in “three branches.” The first branch includes “assessing active personnel appointments and positions.” The second branch focuses on identifying noncompliance with disclosures and other requirements. Finally, the third branch consists of a new incentive by the NSF to include “potential foreseeable national security considerations” during the proposal process. According to the NSF, the three-branch approach desires to protect the core values of fairness and due process, ensuring that researchers' rights and interests are protected while protecting innovation and preventing unknown foreign acquisitions.

The impact of the new TRUST framework is crucial for individuals and organizations to understand. The design of the TRUST framework is to identify, understand, and address potential risks so researchers can continue to work, partner, and participate with a global audience. This ensures the maximum benefit and contribution to the good of humankind, while adequate due diligence guarantees the knowledge and acceptance of potential risks. However, before applying for NSF funding, there is now an expectation that organizations or individuals will assess their potential risk and be aware of the impact and extent of the relationships surrounding the risk. All institutions that do not have an effective research security program are placing

themselves at the potential of losing NSF funding if they do not have the adequate capability to identify, access, understand, and address the full extent of possible threats. Furthermore, including the “maintained list of research capabilities known or suspected of impacting foreign militaries” in the NSF framework demonstrates that organizations not taking a protective approach to research security will be out of compliance with the NSF guidelines and lose additional federal funding. Additionally, the NSF will expect institutions to understand the full extent of the relationships between researchers and foreign institutions of concern, a distinct change from the former “compliance approach” to the new “research security approach.”

The implications of the new TRUST framework are significant, and institutions must act now. It's crucial to prepare and adopt the requirements related to the NSF TRUST framework. Organizations should immediately assess their programs to understand their current research security capabilities and ensure they can proactively identify, vet, and verify their researcher’s collaborations and partnerships. Phase one of the roll-out plan, which focuses on quantum-related proposals, is just the beginning. The NSF will soon expand to review all potential national security applications of NSF technology and include all key technology areas and priorities. Furthermore, other federal funding agencies are expected to follow suit, making it even more urgent for institutions to identify and understand an acceptable risk profile to prevent foreign influence risk.