Considerations on COM(2024)26 - Enhancing research security

Please note

This page contains a limited version of this dossier in the EU Monitor.

 
dossier COM(2024)26 - Enhancing research security.
document COM(2024)26
date May 23, 2024
 
(1) Openness, international cooperation, and academic freedom are at the core of world-class research and innovation. Yet, with growing international tensions and the increasing geopolitical relevance of research and innovation, our researchers and academics are increasingly confronted with risks to research security when cooperating internationally resulting in European research and innovation being affected by malign influence and being misused in ways that affect our security or infringe our ethical norms. It is therefore vital that European higher education institutions and research performing organisations, both public and private, are supported and empowered to address these risks. Precise and proportionate safeguarding measures are needed to keep international cooperation open and safe.

(2) Open science ensures that science is made as accessible as possible for the benefit of science, the economy and society at large while international cooperation contributes to tackling global challenges effectively. Academic freedom implies that researchers are free to conduct their research and choose the research methods as well as their research partners from around the globe, while international mobility of research talent enriches scientific enquiry and is essential for fostering innovation and achieving scientific breakthroughs.

(3) Growing strategic competition and the return to power politics are leading to increasingly transactional relations between States. This shift has resulted in threats that are more diverse, unpredictable, and oftentimes hybrid1. Given the pivotal role of technology for political, economic, and military pre-eminence, some of the EU’s competitors are seeking global primacy in emerging and disruptive technologies to enhance their military and intelligence capabilities while actively pursuing civil-military fusion strategies.

(4) Hybrid threats may affect all relevant sectors, however, owing to its openness, academic freedom, institutional autonomy and worldwide collaboration, the research and innovation sector is particularly vulnerable. EU-based researchers and innovators are targeted to capture state-of-the-art knowledge and technology, at times using methods that are deceptive and covert or through outright theft, but more often exploiting seemingly bona fide international academic cooperation. Next to jeopardising our security, these hybrid threats could affect academic freedom in Europe.

(5) Higher education institutions and other research performing organisations are thus navigating an increasingly challenging international context, with risks of undesirable transfer of critical knowledge and technology to countries of concern, where it may be used to strengthen the capabilities of their military, or for purposes that are in violation of fundamental values. While not always legally prohibited, these collaborations are undesirable as they pose significant security and ethical concerns.

(6) In accordance with institutional autonomy and academic freedom, higher education institutions and other research performing organisations are primarily responsible for developing and managing their international cooperation. Public authorities at all levels should provide them with assistance and support, empowering them to take informed decisions and manage the risks to research security involved, ensuring that international cooperation in research, innovation and higher education remains both open and secure.

(7) In recent years, discussions on strengthening research security have been ongoing at the EU level, where several initiatives have also been undertaken:

- In May 2021, the Commission published its communication on the Global approach to research and innovation2, outlining a new European strategy for international research and innovation policy. The Council responded in September 2021 through the adoption of Council conclusions3 giving a political mandate to working jointly on research security.

- Several safeguards were introduced in the EU’s framework programme for research and innovation 2021-2027, Horizon Europe4, giving effect to the EU’s distinctive responsibility as one of Europe’s largest research funders.

- In November 2021, the Council adopted the ERA policy agenda 2022-2024 as part of its conclusions on Future governance of the European Research Area (ERA)5, in which tackling foreign interference is included in one of its priority actions.

- In January 2022, following up on its commitments stemming from both the Global approach and the ERA policy agenda, the Commission published its staff working document on tackling R&I foreign interference6. Additionally, to facilitate peer learning among Member States, a Mutual Learning Exercise (MLE) took place throughout 2023.

- The Commission’s communication on ‘A European Strategy for Universities’7 recalls that higher education institutions have a unique position at the crossroads of education, research, innovation, thus playing a critical role in achieving the European Education Area8 and the European Research Area, identifies foreign interference in higher education institutions as a threat and supports the implementation of the guidelines on foreign interference. The role of higher education institutions in protecting European democratic values is at the core of the strategy.

- The European Parliament adopted on 9 March 2022 a resolution on ‘Foreign interference in all democratic processes in the European Union, including disinformation’ in which it calls for strengthening academic freedom, improving transparency of foreign funding as well as mapping and monitoring of foreign interference in the cultural, academic and religious spheres9.

- From a broader security and defence perspective, work is ongoing in the framework of the EU Security Union strategy10 as well as the Strategic Compass for Security and Defence11 aiming at a shared assessment of threats and challenges and greater coherence in actions in the area of security and defence, including through different instruments to detect and respond to hybrid threats in an EU Hybrid Toolbox.

- In the domain of EU export control rules for dual-use goods and technology, the EU’s Export Control Regulation12 is of significant importance to research security. To help higher education institutions and research performing organisations, the Commission published in September 2021 a recommendation on compliance programmes for research involving dual-use items13.

(8) The Commission and the High Representative adopted a joint communication on European economic security strategy14 which aims to ensure that the Union continues to benefit from economic openness, while minimising risks to its economic security. The Strategy proposes a three-pillar approach: promotion of the EU's economic base and competitiveness; protection against risks; and partnership with the broadest possible range of countries to address shared concerns and interests. In each of the pillars, research and innovation have a key role to play.

(9) Following up on this joint communication, the Commission has identified critical technology areas for the EU's economic security for further risk assessment with Member States in its recommendation of 3 October 202315. Risk assessments have already been launched as a matter of priority on four of the ten identified critical technology areas, namely advanced semiconductors, artificial intelligence, quantum and biotechnologies. The outcome of risk assessments, when finalised, could inform other measures to implement the European economic security strategy, including measures to enhance research security.

(10) The joint communication on the European economic security strategy furthermore announced that the Commission would propose measures to enhance research security by ensuring the use of the existing tools and identifying and addressing any remaining gaps, while preserving the openness of the research and innovation ecosystem.

(11) In terms of gap identification referred to in the previous point, discussions with Member States and stakeholder organisations demonstrate an urgent need among policymakers and practitioners for more conceptual clarity, a shared understanding of the issues at hand as well as of what constitutes a policy response that is both proportionate and effective.

(12) An increasing number of Member States has developed or is in the process of developing policies aimed at enhancing research security. While these efforts generally contribute to raising awareness and boosting resilience, an uncoordinated multiplication of national measures would result in a patchwork of national policies, disparities among Member States, and thereby fragmentation of the European Research Area. EU level coordination is therefore needed to provide for a level-playing field and to protect the integrity of the European Research Area.

(13) It should be emphasised that research security safeguards can only be truly effective if consistently applied at all levels, including EU, national, regional as well as the level of individual public and private research performing organisations, so as to avoid loopholes and circumvention.

(14) In specific cases, compliance to relevant EU legislation and rules could benefit from interpretative guidance. This applies in particular to export control rules, notably the intangible transfer of technology (ITT), the visa requirements for foreign researchers16, as well as the interpretation of certain open science and intellectual asset management requirements from a research security perspective.

(15) It is important that hybrid threats affecting the research and innovation ecosystem are structurally assessed, enhancing situational awareness among policymakers by relying on the Single Intelligence Analysis Capacity (SIAC), in particular the Hybrid Fusion Cell, the work of the European Centre of Excellence for Countering Hybrid Threats (Hybrid CoE)17 as well as ENISA in relation to cybersecurity threats18

(16) Taking into account that a significant share of research and innovation takes place in the private sector, it is key to develop targeted guidance and tools for business, notably research-intensive start-ups and small and medium sized companies. While the risks to which companies are exposed may be similar, their situation differs from higher education institutions and research performing organisations. In this light, attention should be drawn to the existing rules, including those on the control of exports of dual-use items, the screening of foreign investments as well as the ongoing work on the monitoring of outbound investments.

(17) In the preparation of this recommendation, due attention has been paid to experience from Member States, as well as from the EU’s partners, both in bilateral and multilateral settings. It takes into account policy lessons from key partners, while emphasising that an approach should be formulated that suits the unique European context. Continued efforts are being made with our partners to exchange information and experience, share good practices and to seek ways to align safeguard measures, including through the multilateral dialogue on values and principles, as part of association negotiations and joint S&T steering committee meetings in the context of international science and technology agreements, as well as in multilateral fora, such as G7, OECD and NATO, and relevant multilateral export control arrangements.

(18) Research security is a concern that is gaining increasing attention and the ongoing debate on the risks involved and how to best manage them is intensifying. Consequently, there is a need to further raise awareness, facilitate peer learning between Member States and relevant stakeholder organisations, as well as contribute to a learning approach that is both flexible and agile.

SCOPE

1. For the purposes of this recommendation, ‘research security’ refers to managing risks related to:

(a) the undesirable transfer of critical knowledge, know-how and technology that may affect the security of the EU and its Member States, for instance if channelled to military purposes in third countries;

(b) malign influence on research, where research can be instrumentalised by or from third countries in order to diffuse certain narratives or incite self-censorship among students and researchers infringing academic freedom and research integrity in the EU;

(c) ethical or integrity violations, where knowledge and technologies are used to suppress or undermine fundamental values, whether in the EU or elsewhere.

2. For the purposes of this recommendation, ‘international cooperation’ should be understood as cooperation of public and private research performing organisations and higher education institutions with research and innovation organisations and companies based outside the EU. Research and innovation organisations and companies based in the EU but owned or controlled from outside the EU should be considered on the basis of a risk appraisal.

3. In the context of this recommendation, ‘risk appraisal’ refers to a process in relation to international research and innovation cooperation in which a combination of main risk factors is taken into consideration. The combination of those factors determines the risk level. The key elements to be assessed can be grouped in four categories:

- The risk profile of the EU-based organisation entering into the international cooperation: consider the organisation’s strengths and vulnerabilities, including financial dependencies, relevant to the research project;

- The research and innovation domain in which the international cooperation is to take place: consider whether the project focusses on a research domain, e.g. a critical technology area, or involves methodology or research infrastructure considered particularly sensitive from a security or ethical/human rights perspective;

- The risk profile of the third country where the international partner is based or from where it is owned or controlled (e.g.: is the country subject to sanctions or does it have a flawed rule of law or human rights protection track record, an aggressive civil-military fusion strategy or limited academic freedom);

- The risk profile of the international partner organisation: perform due diligence into the organisation you envisage to cooperate with to find out whether it has links to the government or the military, the affiliations of the researchers/staff involved as well as the partner’s intentions regarding the end-use or application of the research results.

4. For the purposes of this Recommendation, the ‘research and innovation sector’ covers all research performing organisations and higher education institutions across the Union, both public and private. In light of the importance of other stakeholders, such as technology transfer offices, internationalisation agencies, chambers of commerce and research intensive companies, this recommendation can be equally relevant to all other actors in the EU’s research and innovation ecosystem. Where relevant, education-related international cooperation activities could be considered as well.

PRINCIPLES FOR RESPONSIBLE INTERNATIONALISATION

1. Continue to promote and defend academic freedom and institutional autonomy, taking into account that responsibility for international research and innovation cooperation primarily lies with higher education institutions and other research performing organisations;

2. Continue to promote and encourage international cooperation in research and innovation with partners in third countries that is both open and secure, in line with the principle ‘as open as possible, as closed as necessary’, ensuring that research outputs are findable, accessible, interoperable and reusable (FAIR), with due consideration to applicable restrictions, including security concerns;

3. Ensure proportionality of measures: where safeguards are introduced, these should not go beyond what is strictly necessary to mitigate the risks at stake and avoid unnecessary administrative burden. The objective is to de-risk, not to de-couple;

4. Steer research security measures to safeguarding economic security, including Union and national security, and defending shared values, including academic freedom, while avoiding protectionism and unjustified political instrumentalisation of research and innovation;

5. Promote self-governance within the sector, empowering researchers and innovators to take informed decisions, underscoring the societal responsibilities of higher education institutions and other research performing organisations, building on the principle that ‘with academic freedom comes academic responsibility’;

6. Adopt a whole-of-government approach, which brings together relevant expertise and skills, ensures a comprehensive approach to research security and fosters coherence of governmental actions and messaging towards the research and innovation sector, including concrete steps to upskill and reskill the relevant workforce;

7. While pursuing a risk-based approach, adopt policies that are country-agnostic, identifying and addressing risks to research security wherever they emanate from, as this is the best guarantee that a balanced approach to opportunities and risks in the research and innovation cooperation is maintained and that evolving developments in the threat landscape, including the emergence of new threat actors, are not overlooked;

8. Ensure that every effort is made to avoid all forms of discrimination and stigmatisation, direct as well as indirect, that could occur as unintended side-effects of safeguarding measures and ensure full respect of fundamental rights and shared values;

9. Acknowledge the dynamic nature of research security shaped by evolving risks, new insights, and geopolitical contexts, which requires a learning approach with periodical reviews being carried out to ensure research security policies remain up-to-date, effective and proportionate.

HEREBY RECOMMENDS THAT MEMBER STATES

with full regard to institutional autonomy and academic freedom, and in accordance with national circumstances and their responsibility for national security:

1. Work towards developing and implementing a coherent set of policy actions to enhance research security, making best use of the elements listed in this section, while taking into account the aforementioned principles for responsible internationalisation;

2. Engage in dialogue with research and innovation stakeholders with a view to defining responsibilities and roles, and developing a national action plan, formulating national guidelines where relevant, and listing relevant measures and initiatives to boost research security, together with a timeline for their implementation.

3. Create a support structure, e.g.: a Research Security Advisory Hub, to help researchers and innovators deal with risks related to international cooperation in research and innovation. Bringing together cross-sectoral expertise and skills, it should provide information and advice that research performing organisations can use to take informed decisions, weighing opportunities and risks of a prospective international cooperation as well as other services for which the research and innovation sector has a clear need, including awareness raising activities and trainings.

4. Strengthen the evidence base for research security policymaking, through analysis of the threat landscape, including from a cybersecurity perspective, as well as through conducting or commissioning policy-relevant research.

5. Pay specific attention to those critical technologies identified by the Commission recommendation on critical technology areas for the EU's economic security for further risk assessment with Member States19, and to the outcomes of such collective risk assessments.

6. Reinforce cross-sectoral cooperation within government, notably bringing together policy-makers responsible for higher education, research & innovation, foreign affairs, and intelligence & security.

7. Facilitate information exchange with public and private research performing organisations on the aforementioned analysis and research, including through classified and non-classified briefings or dedicated liaison officers.

8. Gain insight in the resilience of the sector as well as the effectiveness and proportionality of the applicable research security policies, including possibly through regular resilience testing and incident simulations.

9. In order to ensure compliance with the applicable EU’s export control rules for dual-use items and the sanctions adopted pursuant to Article 29 TEU and Article 215 TFEU, take national measures notably on intangible technology transfer (ITT), as well as to strengthen the implementation and enforcement of sanctions regimes that are relevant to research and innovation, such as those prohibiting the transfer of certain technologies.

10. Proactively contribute to the EU’s one-stop-shop platform on tackling R&I foreign interference by sharing tools and resources developed through public funding with the aim to facilitate the cross-border uptake of these tools and resources and deliver them in a user-friendly and accessible manner.

11. Develop, together with the private sector, targeted information and guidance for business involved in private research and innovation, including for research-intensive start-ups and small and medium size companies.

12. Consider, where relevant, and based on risk-assessment, the application of the measures contained in this recommendation to international cooperation activities in higher education, including to student and staff mobility activities.

Role of research funding organisations

13. Engage with research funding organisations to ensure that:

(a) Research security is an integral part of the application process that takes into account the different factors that, taken together, define the risk profile of the project. The objective is to stimulate beneficiaries to think through the context in which the R&I cooperation takes place and what motivations and (hidden) agendas could play a role, ensuring potential risks and threats are identified up front with the aim to avoid as much as possible problems at a later stage.

(b) Research projects selected for funding that raise concerns (‘red flags’) undergo a risk appraisal proportionate to their risk profile, resulting in agreeing appropriate safeguard measures addressing the identified risks while ensuring that the time-to-grant is not unnecessarily delayed, and avoiding any unnecessary administrative burden.

(c) When applying safeguarding measures in national funding programmes, those applied in relevant EU funding programmes are taken into account.

(d) Applicants are seeking assurances, for instance through agreeing a partnership agreement, from prospective partners for projects with a high risk profile that the research results will be used in a manner that upholds fundamental values, including respect of human rights.

(e) Adequate expertise and skills are available within the funding organisation to address research security concerns as well as to have adequate monitoring and evaluation measures in place to oversee projects at different stages, including keeping track of incidents and taking credible measures in case of non-compliance.


Support to higher education institutions and other research performing organisations

14. Encourage and support higher education institutions and other research performing organisations to

(a) Create a sector-wide platform of stakeholders to facilitate information exchange, peer learning, development of tools and guidelines, and incident reporting. Consider resource pooling to make best use of scarce and scattered resources and expertise;

(b) Implement internal risk management procedures in a structural manner, including through risk appraisal, due diligence into prospective partners and escalation to higher levels of internal decision-making in case of elements that raise concerns (‘red flags’), while avoiding unnecessary administrative burden;

(c) Whenever entering into research partnership agreements with foreign entities, including through Memoranda of Understanding, insist on including key framework conditions, such as respect for fundamental values, academic freedom, reciprocity and arrangements on intellectual assets management, including the dissemination and valorisation of results, licensing or transfer of results and spin-off creation, and ensure there is an exit strategy in place in case the conditions of the agreements are not complied with;

(d) Assess risks related to foreign government-sponsored talent programmes in higher education and research, notably focusing on any undesirable obligations imposed on their beneficiaries, and guarantee that foreign government-sponsored on-campus providers of courses and trainings abide by the host institution’s mission and rules;

(e) Invest in dedicated in-house research security expertise and skills, assign research security responsibility at the appropriate organisational levels, and invest in cyber hygiene and in creating a culture in which openness and security are in balance;

(f) Develop training programmes, including online courses, for practitioners and new staff members, as part of their on-boarding, as well as curricula aimed at training the next generation of security advisers and policy-makers. Train recruiters to check and detect, as part of a structural vetting process, elements that raise concerns (‘red flags’) in applications for research positions, especially those in critical research domains;

(g) Ensure in scientific publications and all other forms of dissemination of research results full transparency of funding sources and affiliations of research staff, avoiding that foreign dependencies and conflicts of interest or commitment affect the quality and content of the research;

(h) Introduce compartmentalisation, both physical and virtual, guaranteeing that for areas, such as labs and research infrastructure, data and systems that are particularly sensitive, access is granted on a strict need-to-know basis, and, for online systems, robust cybersecurity arrangements are in place;

(i) Ensure that all forms of discrimination and stigmatisation, both direct and indirect, are prevented, that individual safety is guaranteed, with particular attention to coercion of diaspora by the state of origin and other forms of malign influence, which could give rise to self-censorship and may have security implications for the foreign researchers, doctoral candidates and students involved, and that incidents are reported.

Supporting actions at union level

15. Fully cooperate in view of facilitating the actions which the Commission has taken or intends to take to support implementation of this recommendation, and in particular:

(a) Making full use of the open method of coordination, notably the ERA governance structures, to raise awareness, to facilitate peer learning, as well as to facilitate consistency of policies;

(b) Establishing a European Centre of Expertise on Research Security as a focal point, linked to the Commission’s one-stop-shop platform on tackling R&I foreign interference, contributing to creating an EU-wide community of practice and maintaining a structural dialogue with stakeholder organisations as well as to policy-relevant research into research security and analysing trends and patterns across the Union;

(c) Enhancing, in cooperation with the High Representative, situational awareness among policymakers by structurally assessing hybrid threats affecting the research and innovation ecosystem;

(d) Developing a resilience testing methodology that can be used at national level on a voluntary basis by higher education institutions and public and private research performing organisations;

(e) Continuing its work, together with the Member States and with involvement of the stakeholders, on assessing risks of critical technologies20, as well as engaging in a dialogue to ensure information sharing and consistency of approach regarding risk appraisal and research security safeguards in national funding programmes and those in relevant EU funding programmes;

(f) Developing tools and resources, both country-agnostic and country-specific, to support higher education institutions and public and private research performing organisations to perform due diligence into prospective partners; as well as organising, together with EU-level stakeholder organisations, a biennial Stakeholder Forum on Research Security;

(g) Preparing interpretative guidance, where necessary, on the development of risk appraisal procedures as well as on the application of relevant EU legislation;

(h) Engaging with the research and innovation sector to assess how best to increase transparency of research funding sources and affiliations of researchers;

(i) Strengthening the dialogue with international partners on research security, as well as taking initiatives to bring about a common EU voice on the topic in multilateral fora.


REPORTING

1. It is recommended that Member States implement this recommendation as soon as practicable. They are invited to share their action plan (referred to in point 2 of the recommendations to the Member States) with the Commission by [insert date 9 months after adoption by Council] setting out the corresponding measures to be taken to boost research security, taking into account their respective starting positions.

2. The progress made in implementing this recommendation will be monitored by the Commission, using ERA governance monitoring and reporting frameworks, in cooperation with the Member States and after consulting the stakeholders concerned, and report to the Council every two years, as part of its biennial reporting on the Global Approach to Research & Innovation. After in-depth assessment and in light of the future evolution of the geopolitical situation, further steps and measures can be proposed.

Done at Brussels,

For the Council

The President

1Joint communication of the Commission and the High Representative on the European economic security strategy, JOIN(2023)20 of 20.06.2023 (link).

2Commission communication on the Global approach to research and innovation: Europe's strategy for international cooperation in a changing world, COM(2021) 252 of 18.05.2021 (link).

3Council conclusions on the Global approach to R&I of 28.09.2021 (link), notably paragraphs 3, 11 and 23.

4European Commission, Directorate-General for Research and Innovation, Tackling R&I foreign interference – Staff working document, Publications Office of the European Union, 2022 (link).

5Resolution of the European Parliament on a global approach to research and innovation, P9_TA(2022)0112 of 06.04.2022 (www.europarl.europa.eu/doceo/document">link).

6Commission recommendation on critical technology areas for the EU's economic security for further risk assessment with Member States, C(2023) 6689 of 03.10.2023 (link).

7Commission communication on the EU Security Union Strategy, COM(2020)605 of 24.07.2020 (link).

8Council of the EU: A Strategic Compass for Security and Defence, ST 7371/22 of 21.03.2022 (link).

9Regulation (EU) 2021/821 setting up an EU regime for the control of exports, brokering, technical assistance, transit and transfer of dual-use items (link).

10Commission recommendation on internal compliance programmes for controls of research involving dual-use items […], 2021/1700 of 15.09.2021 (link).

11Commission communication on Defence of Democracy, COM(2023) 630 of 12.12.2023 (link).

1See for instance the ‘annotated collection of guidance for secure and successful R&I cooperation’ (2022) that DLR-PT compiled at the request of the Commission (www.science-diplomacy.eu/wp-content/uploads/2022">link).

2More information can for instance be found on the following websites: for the US (link), for the UK (www.ukri.org/manage-your-award">link), for Australia (www.education.gov.au">link), and for Canada (link).

3More information on the multilateral dialogue on values and principles can be found here: link.

1Hybrid threats refer to when, state or non-state, actors seek to exploit the vulnerabilities of the EU to their own advantage by using in a coordinated way a mixture of measures (i.e.: diplomatic, military, economic, technological) while remaining below the threshold of formal warfare (link).

2Commission communication on the Global approach to research and innovation: Europe's strategy for international cooperation in a changing world, COM(2021) 252 of 18.05.2021 (link).

3Council conclusions on Global approach to R&I of 28.09.2021 (link), notably paragraphs 3, 11 and 23.

4The Horizon Europe regulation, EU 2021/695 of 28.04.2021 (link), provides inter alia for a security appraisal of all projects selected for funding (Article 20), the possibility to exclude entities based in or controlled by third countries from certain calls (Article 22(5)), as well as to add eligibility criteria to those set out in paragraphs 2 to 5 to take into account specific policy requirements or the nature and objectives of the action (Article 22(6)) and the right for the Commission or the relevant funding body to object to transfers of ownership of results, or to grants of an exclusive license regarding results (Article 40(4)). Similar provisions are included in the European Defence Fund and the European Space Programme.

5Council conclusions on Future governance of the European Research Area (ERA) of 26.11.2021 (link).

6European Commission, Directorate-General for Research and Innovation, Tackling R&I foreign interference – Staff working document, Publications Office of the European Union, 2022 (link).

7Commission communication on a European strategy for universities, COM(2022)16 of 18.01.2022 (link).

8Commission communication on achieving the European Education Area by 2025, COM(2020)625 of 30.09.2020 (link).

9European Parliament resolution on Foreign interference in all democratic processes in the European Union, including disinformation, P9_TA(2022)0064 of 09.03.2022 (www.europarl.europa.eu/doceo/document">link).

10Commission communication on the EU Security Union Strategy, COM(2020)605 of 24.07.2020 (link).

11Council of the European Union: A Strategic Compass for Security and Defence, ST 7371/22 of 21.03.2022 (link).

12Regulation (EU) 2021/821 setting up an EU regime for the control of exports, brokering, technical assistance, transit and transfer of dual-use items (link).

13Commission recommendation on internal compliance programmes for controls of research involving dual-use items […], 2021/1700 of 15.09.2021 (link).

14Joint communication on European economic security strategy, JOIN(2023)20 of 20.06.2023 (link).

15Commission recommendation on critical technology areas for the EU’s economic security for further risk assessment with Member States, C(2023) 6689 of 03.10.2023 (link).

16Directive (EU) 2016/801 on the conditions of entry and residence of third-country nationals for the purposes of research, studies, training, voluntary service, pupil exchange schemes or educational projects and au pairing of 11.05.2016 (link).

17The Hybrid CoE is an autonomous, network-based international organisation countering hybrid threats, established in 2017, based in Helsinki (www.hybridcoe.fi/">link).

18The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe (www.enisa.europa.eu/">link).

19Commission recommendation on critical technology areas for the EU's economic security for further risk assessment with Member States of 03.10.2023 (link).

20Commission recommendation on critical technology areas for the EU's economic security for further risk assessment with Member States of 03.10.2023 (link).

EN EN