Export Control Considerations for Research and Education
Cornell University Guidelines on Sensitive and Proprietary Research adopted by the Cornell Research Council on May 20, 1985 and subsequently updated by the Office of the Vice President for Research and Innovation states:
Given the open nature of Cornell University, research projects which do not permit the free and open publication, presentation, or discussion of results are not acceptable. Nor will the university enter into any agreements unless the principal and co‐principal investigators have the final authority on what is to be published or presented. In particular, research which is confidential to the sponsor or which is classified for security purposes is not permitted at Cornell University. The university will accept only sponsored research projects which are expected to further the research and educational mission of the institution.
Cornell conducts only research that qualifies as fundamental research. This is defined as basic and applied research in science and engineering that is ordinarily published and shared broadly within the scientific community (EAR 734.8(a)).
Research will not be considered fundamental research if there are restrictions on the publication of scientific and technical information resulting from the project.
Research will not be considered fundamental research if Cornell has accepted any restrictions (such as foreign national participation), due to proprietary or national security reasons.
This is distinguished from “proprietary research” and from “industrial development, design, production, and product utilization, the results of which ordinarily are restricted for proprietary reasons or specific national security reasons” (EAR 15 CFR §734.8)
ITAR further limits fundamental research to research conducted at institutions of higher learning in the U.S. (22 CFR § 120.11 (a)(8)).
Bona fide Employee Exemption (limited use for Cornell faculty)
The ITAR (U.S. 22 CFR §125.4 (b)(10)) authorizes the transfer of unclassified technical data by U.S. institutions of higher learning to foreign persons in the United States who are bona fide, full-time regular employees of that institution. Three criteria are required:
- The employees’ permanent abode throughout the period of employment be in the United States.
- The employee can NOT be listed as a national of a country listed in 126.1 of the ITAR.
- The employee is notified in writing that the technical data may not be transferred to other foreign persons with the prior written approval of the Department of State.
Export Controls do not apply to information that is already public, and the regulations contain exclusions for information that is “publicly available” (EAR) or is in the “public domain” (ITAR).
The “publicly available” exclusion under EAR includes a wide range of obvious categories, such as information that is available in a library, that has been published, or that is typically taught in for-credit courses.
An important protection for university research is the “Fundamental Research Exclusion.” The information that results from Fundamental Research is excluded from export controls.
Research on Campus
Export control laws have the potential to substantially impact research at Cornell University. If research involves specified technologies, and it does not quality for the Fundamental Research Exclusion, the EAR and/or ITAR may require prior federal approval:
- Before allowing foreign nationals to participate in the research.
- Before partnering with a foreign company.
- Before sharing research results in any manner (including by publication or presentation at conferences) with persons who are not U.S. persons.
Export regulations apply whether or not the recipient is funded by a grant, contract, or other agreement, and apply whether or not the EAR or ITAR are cited in the award document. If a researcher accepts export-controlled technology or technical data, the researcher is subject to ITAR or EAR regulations.
Please also see Off Campus Research.
Most Cornell research activities are excluded from export controls because of the exception known as the “Fundamental Research Exclusion” under the export control regulations. By not accepting any restriction on publication or the appointment of foreign nationals to the research, Cornell protects the Fundamental Research Exclusion.
- Foreign National Visitors to campus should be screened against the denied entity and SDN lists. International Scholars and students visiting on J-1 VISAS as well as non-students and visiting faculty should be screened to ensure that the individual or the affiliated institution is not included in any U.S. Government lists prohibiting access to certain materials and information on campus.
- Appropriate protections should be put in place to ensure that foreign visitors do not have access to restricted, controlled, or proprietary information or items.
- Faculty and staff should know who is in their labs at all times. Records should be maintained noting the name and affiliation of all lab visitors, as well as the date(s) and purpose of the visit.
In general, collaborations between Cornell University faculty and scholars at foreign institutions or organizations do not require export licenses unless they involve export controlled or restricted research, or the research involves scholars in sanctioned countries. The University needs to determine if export licenses are required and to verify that the foreign individual and/or organization are not blocked or sanctioned prior to engaging in an international collaboration.
The Department of the Treasury’s Office of Foreign Assets Controls (OFAC) administers economic sanctions programs which should be reviewed prior to travel.
For additional guidance regarding working with China, see Engagement with China: FAQ.
The Office of Sponsored Programs (OSP) performs a thorough review of all proposals and agreements to assist in determining export control risks, and works to remove any language which is in direct conflict with the University’s performance of Fundamental Research.
In addition, OSP performs Restricted Party Screenings on the entities being contracted with, prior to release of award.
During the proposal and agreement review process, OSP looks for:
- Reference to U.S. export regulations
- Restrictions on non-U.S. citizen participation
- Restricted access to project information
- Receipt of proprietary information
- Publication restrictions (including sponsor approval to publish)
- Foreign travel
- International collaborations
- International shipment of equipment or materials
- Payments to or from OFAC restricted locations
The above list includes indicators that the work may be subject to export control laws. The final determination of the applicability of the regulations depends on the specific details and the specific technology involved in the research. The Grant & Contract Officer and Export Control and Compliance Officer will work with the PI to assess the applicability of export control laws to the work.
Sponsor or Third Party Provided Technology
It is critical that incoming items and all proprietary technical information be assessed to determine whether or not they are export controlled.
Usually the provider is the best source of information regarding the export control classification, but ultimately it is the University's responsibility to know what we are accepting and to protect it appropriately.
As per the EAR, the initial transfer of information from an industry sponsor to University researchers is subject to the EAR where the parties have agreed that the sponsor may withhold from publication some or all of the information so provided
Simple operation of EAR controlled items by foreign nationals in the US generally does not require a license. Access to controlled information may require a license depending on the reasons for control, country of citizenship, and the availability of an applicable license exception.
U.S. export control regulations define an “export” to include both physical shipments of tangible items out of the U.S., as well as the “transmission” of export controlled technology by any means, outside the U.S., or to a foreign national in the U.S.
Sending export controlled information to a foreign national, either in or outside of the U.S. whether by fax, email, etc. is an export. Similarly, using cloud computing servers or storing digital data on a third-party server which is located in a foreign country or is otherwise not secured, may implicate export control violations. If the information exported is controlled, the exporter (the person who transmitted the data) could face civil and/or criminal prosecution.
It is the responsibility of the user to ensure that the controlled technology or technical data is appropriately protected. Contact the ECCO if you suspect that you are in receipt of controlled technology or technical data.
A Technology Control Plan (TCP) is required for all research which involves any ITAR controlled items or technical data, involves any EAR controlled technology, or otherwise falls outside the Fundamental Research Exclusion (FRE). The TCP shall include:
- A physical and information security plan.
- Personnel screening procedures.
- A process for using and storing the information in a controlled environment.
All TCPs are developed by the faculty and staff involved in the research project, with help from the Export Control and Compliance Officer (ECCO). The ECCO must approve all TCPs prior to receipt of the controlled information or material.
In addition, all members of the research team will be required to read, understand, and sign the TCP before the project can begin.
Transfer of Tangible Materials
Providing controlled materials to foreign nationals may require an export license. The exemption of fundamental university research from export licensing requirements does NOT extend to the export of tangible objects from the U.S.
In addition to the above, to transfer materials out of Cornell University, please contact CTL to arrange for the necessary Material Transfer Agreements.
Most university courses are excluded from export controls in that the information released in the courses is considered to be publicly available.
- The EAR provides that educational information released by ‘instruction’ in catalog courses and associated teaching laboratories of academic institutions (with some encryption exceptions) is not subject to the EAR [EAR §734.3(b)(3)(iii) ]
- The EAR education exclusion does not extend to the release of information in research labs not associated with catalog courses.
- The ITAR provides that information concerning general scientific, mathematical or engineering principles commonly taught in schools, colleges and universities, is not included in the definition of ‘technical data’ subject to the ITAR [§120.10(a)(5)].
The EAR considers information released at an open conference, meeting, seminar, trade show, or other open gathering to be published, and so excluded from control.
The ITAR considers information released through unlimited distribution at a conference, meeting, seminar, trade show or exhibition, generally accessible to the public, in the United States to be in the public domain, and so excluded from ITAR control.
Caution: Follow up discussions could be considered a defense service (assisting a non-US person with a defense article), if the information you provide is not in the public domain.
Controlled items, software, or technical data cannot be released in open conferences.