NSIA survival guide: how not to lose university research funding

Universities’ international R&D partnerships drive innovation and knowledge sharing, and the UK is at the forefront of these collaborations. Foreign Direct Investment (FDI) delivered £1.2 billion of funding to UK universities’ R&D projects last year.

However, new regulations designed to protect national security put this income at risk. 

The National Security and Investment Act 2021 (NSIA) is a significant shift in how the UK Government scrutinises foreign investments. Since it came into force on January 4, 2022, the Government can evaluate and, if necessary, block acquisitions and investments in sensitive areas. It applies to a number of sectors, including universities.

Although these regulations are fairly new, they are not to be taken lightly. Between April 2022 and March 2023, 866 deals were referred to the Government. Ministers used national security powers to intervene in 15 transactions. Eight of these involved Chinese-linked investment in British companies.

In June, the University of Southampton wanted to licence an unnamed asset to a Canadian company called Voyis Imaging Inc. Since the transaction involved the acquisition of an asset, it fell under the NSIA. The UK government’s view was that it posed a national security risk, potentially leading to military implications for foreign states. Voyis Imaging Inc now has to conduct due diligence on new customers wishing to purchase the asset and report details to the UK government annually. Undoubtedly, the University of Southampton’s sale was delayed.

How to avoid these delays? Rigorous due diligence. If you can show that you have carried out due diligence, and the research partnership poses no threat to national security, you can accept the funding.

Of course, the level of due diligence can be commensurate with the risk — universities aren’t expected to carry out the same level of due diligence for £2,000 of funding as they would for £200,000. And not all research projects would be affected by the NSIA. However, failure to adhere to the requirements when necessary not only risks research funding, but also the broader mission of driving innovation and knowledge sharing.

This blog will take you through the regulatory framework that shapes the NSIA’s due diligence requirements, and explain how AI can help you meet them.

Who does the National Security and Investment Act 2021 apply to?

In the higher education and research-intensive sectors, the NSIA could apply to:

  • Universities
  • Trusts
  • University subsidiaries
  • University spin-outs
  • Unincorporated associations, such as a research consortium
  • Research organisations
  • Private companies or corporations doing contractual work with a higher education institution or research organisation

Under the NSIA, 17 sectors have been identified as “high risk.” These sectors, which are all related to national security, trigger mandatory notification requirements when target businesses operate within them. 

The sectors are:

  • Advanced materials
  • Advanced robotics 
  • Artificial intelligence
  • Civil nuclear
  • Communications
  • Computing hardware
  • Critical suppliers to Government
  • Suppliers to the emergency services
  • Cryptographic authentication
  • Data infrastructure
  • Defence
  • Energy
  • Military and dual-use
  • Quantum technologies
  • Satellite and space technology
  • Synthetic biology
  • Transport

What happens if institutions don’t carry out due diligence?

Non-compliance with the NSIA can pose significant risks for universities, including:

1. Loss of research funding

Failure to adhere to the NSI Act’s due diligence requirements can result in the loss of research funding. Universities heavily rely on such funding for their research projects, and a breach could lead to abrupt funding withdrawals, impacting ongoing and future research initiatives.

2. Legal challenges

Non-compliance can have legal repercussions, including fines and other penalties. Individuals responsible for due diligence, such as Principal Investigators, may face personal liability for any violations. Criminal charges may be brought against those providing false or misleading information in NSI notifications.

3. Reputational damage 

Universities that do not comply with national security regulations risk damage to their reputation. This can affect their ability to attract talented researchers, collaborators, and partnerships. It could also impact their standing in the academic and research community.

4. Disrupted collaborations

Non-compliance can disrupt international research collaborations. If a university is unable to meet due diligence requirements, it may need to sever ties with third parties from high-risk countries, potentially leading to strained relations and project interruptions.

5. Limited innovation

The NSI Act aims to safeguard national security and innovation. Non-compliance could hinder universities’ involvement in critical areas like artificial intelligence, communications, and quantum technologies, limiting their contributions to cutting-edge research and innovation.

6. Operational delays and uncertainty

The NSI Act introduces additional administrative and due diligence burdens. Non-compliance may lead to operational delays in research projects as universities work to meet the necessary requirements, potentially affecting project timelines, strategic decisions and financial stability.

7. Financial hits

Universities may incur financial costs to rectify non-compliance issues, such as conducting retrospective due diligence or implementing necessary security measures. These costs can strain institutional budgets, and can be far higher than carrying out due diligence in the first place.

8. Loss of international partners

Non-compliance may discourage international collaborators from partnering with universities due to concerns about their ability to navigate regulatory requirements. This could limit the diversity and scope of research partnerships.

Manual research alone is too slow and resource intensive

It’s clear that universities need to conduct more due diligence than before on partners, funders and customers. But how can this be done without being a huge drain on resources?

UK Research and Innovation (UKRI) recommends starting the due diligence process with an online search on the partner organisation, including their official website and news stories. 

They say this should provide, “an indication of the activities at the organisation and any good or bad news stories. It will also reveal details of  any other projects the organisation has been involved in and therefore indicate whether they have the capacity to carry out the required research.”

While this is a valuable step, it becomes impractical to do manually as the number of partnerships grows. It also only scratches the surface. Sometimes vital information is buried on page 30 of Google, or in a language you don’t speak.

Traditional compliance databases are the logical next step, but they lack clear guidance on how to determine whether a third party is high or low risk. They can only provide a binary answer, which is rarely nuanced enough.

AI makes due diligence easy

Given the growing volume and complexity of partnerships, the impracticality of manual searches, and the high stakes of non-compliance, using AI for due diligence is a no-brainer.

It takes AI like Xapien just minutes to carry out comprehensive research across the entire indexed internet, perform nuanced analyses, and generate detailed human-like reports that meet NSIA due diligence requirements.

You’ll know you have the whole picture of partners from the outset, helping you protect research funding and avoid wasting time.

The difference between manual due diligence and AI-powered due diligence

Xapien’s AI-powered research tool gives universities the advantages of efficiency, scalability, accuracy, and consistency. It helps you to comply with regulations, demonstrate comprehensive due diligence, and stay on top of growing numbers of research partnerships.

1. Efficiency and speed

Conducting due diligence manually can be time-consuming and labour-intensive. Researchers and compliance officers need to search for information, review it, and assess risk factors individually, which can result in delays and inefficiencies.


Xapien uses artificial intelligence and automation to swiftly gather information from across the indexed internet, analyse, and generate reports. This significantly speeds up the compliance process, allowing universities to make faster, data-driven decisions.

2. Scalability

As the volume of research partnerships and collaborations grows, manual due diligence becomes increasingly impractical. Universities might struggle to keep up with the expanding workload.


AI tools like Xapien are highly scalable. They can handle a large number of due diligence tasks in minutes, adapting to the growing complexity of partnerships without compromising quality.

3. Risk assessment

Human assessors often rely on their judgement and may not have access to comprehensive data sources. This can lead to subjectivity and incomplete risk assessments.


Xapien can access extensive databases and searches through the entire indexed internet in over 133 languages, providing a more objective and thorough risk assessment. It can identify and analyse risk factors more comprehensively, leading to a more accurate understanding of partners.

4. Consistency and accuracy

Manual processes are susceptible to human error, including inconsistencies in data collection and reporting.


AI ensures consistency and accuracy by following predefined rules and algorithms. It eliminates the risk of human errors and ensures that all information is processed consistently.

5. Data collection

Gathering data manually requires researchers to search multiple sources, often resulting in incomplete or outdated information.


AI tools can access a vast array of data sources simultaneously, ensuring that the most current and relevant information is retrieved for analysis.

6. Reporting and documentation

Creating detailed compliance reports manually can be time-consuming. They may lack uniformity in presentation.


Xapien generates standardised, fully-sourced, and well-structured compliance reports, making it simple to present findings and demonstrate due diligence to stakeholders and regulators.

When it comes to due diligence, let Xapien do the heavy lifting

Universities that don’t perform due diligence on research partners risk losing their funding. And without that, you can’t continue doing your good work. Let Xapien do the heavy lifting: it can research, analyse, and it’ll turn those findings into a human-like written report in minutes. 

Interested in learning more? Speak to one of the team here.

Monthly AI tips and insights to your inbox

Xapien streamlines 
due diligence

Xapien's AI-powered research and due diligence tool goes faster than manual research and beyond traditional database checks. Fill in the form to the right to book in a 30 minute live demonstration.