Research security compliance: What US universities need to know

Introduction

US universities, like their counterparts across the UK, EU and Canada, are under mounting pressure to protect their research from foreign influence. Three successive National Defense Authorization Acts have tightened expectations around research security, and the Department of Defense (DoD) now actively audits federally funded research for compliance. Universities that fall short risk losing funding and facing significant fines.

Research compliance and security teams are being asked to do more than ever. They’re required to vet international collaborators and individual scholars, map partner organisations for foreign ownership, and maintain auditable records of it all. Most are either doing this manually or using multiple sources and databases — this often leads lead to inefficient, inconsistent due diligence that can’t keep pace with the changing regulatory landscape.

Increasing federal scrutiny on research security

The National Defense Authorization Acts for Fiscal Years 2024, 2025, and 2026 have progressively upped the expectation for universities to guard research from foreign influence, particularly for activities pertaining to defence and engineering. In 2024, the federal government updated what is often called the “1286 list,” which originated in the National Defense Authorization Act for Fiscal Year 2019 and is updated annually by the DoD. The 1286 list includes hundreds of “foreign institutions engaging in problematic activity,” naming affiliations with the People’s Republic of China and the Russian Federation, among others.

Further requirements related to this list have ensued in recent years. In 2025, the DoD began to periodically examine university-allocated research awards to check compliance against federal regulations. Universities that receive federal funding have received a clear message: if you collaborate with an entity on the 1286 list, you will face devastating funding cuts and hefty fines.

Federal funding agencies now require universities to provide comprehensive lists of partnerships, putting the onus on research teams to ensure they’ve disclosed everything. Furthermore, new regulations require vetting domestic entities for foreign ownership, creating a more complex scope of due diligence. No longer must a partner be physically located in a problematic region to signal risk.

The standard is high, then, for universities to not only know about a potential partner but also its related entities. They also need access to robust tracking, report storage, and searchable databases, to assess all data for its potential impact on national security.

Research teams are often strapped for time and resources as is, so this in-depth level of due diligence is challenging.

Vetting individual scholars

The US federal government has put further pressure on universities to assess individual international students and researchers. One commonly cited example for why universities must thoroughly vet individual scholars is China’s Thousand Talents Program. This was a scheme funded by the Chinese government to bring science and technology scholars from abroad back to China.

“Through its talent recruitment programs, like the so-called Thousand Talents Program, the Chinese government tries to entice scientists to secretly bring our knowledge and innovation back to China…” — former FBI Director Christopher Wray

This program and others like it are now a strong point of national security concern. Federally funded research programs are prohibited from engaging with any malign foreign talent recruitment program.(footnote on US Chips & Science Act 2022, 2024 National Science Foundation’s Proposal and Awards Policies and Procedures Guide). These regulations hold universities to a high standard to fully know their individual researchers, and those researchers’ affiliations.

However, international scholars are often difficult to assess based on manual internet searches or traditional screening tools, which are insufficient in covering information across geographies, languages and scripts.

Calling in reinforcements: Built-for-purpose AI

Xapien enables Research Offices to streamline their due diligence on foreign collaborators with comprehensive real-time due diligence reports on both individuals and organisations.

Unlike a keyword search or a static database check, Xapien’s resolution engine searches across languages, corporate records, and and sanctions lists simultaneously. The platform disambiguates results to ensure you’re looking at the right person or organisation, not someone else of the same name.

A partner institution may appear clean on the surface while maintaining funding ties to a problematic entity. Xapien maps the full network of related organisations and individuals, including board members, donors, and partners — making hidden connections visible. The platform also flags links to locations the federal government might consider high risk such as China, North Korea, or Russia.

Manual due diligence on a single researcher can take days, and most teams are vetting dozens at a time. Xapien needs only a name to generate a comprehensive report in minutes, and can run multiple searches in parallel. Users can ask questions of the end report for more specific information, such as relation to the 1286 list or Thousand Talents Program.

Federal regulations on research security are expanding faster than manual processes can keep up. The gap between what compliance now demands and what overstretched research teams can realistically deliver is where funding is lost, fines are issued, and reputations are damaged.

Xapien closes that gap. Institutions get the speed, depth, and confidence to meet every requirement, protect their federal funding, and get back to the research that advances US scientific and technological leadership.

About Xapien

Xapien is an AI-powered due diligence platform that generates comprehensive background reports on individuals and organisations in minutes.

It covers global web and media, corporate registry data and sanctions, watchlists, and PEP lists.

Leading universities globally rely on Xapien across a range of due diligence functions, including on research partners, donors, and other third parties. US clients include Dartmouth College, Florida State University, and the University of Michigan.

Book a demo today to find out how Xapien can support your university’s research security processes.