The 2025 Higher Education Export Control Association annual conference convened over 80 practitioners, legal professionals, institutional leaders and government representatives to share best practice on all matters relating to research security. Luntu Hlatshwayo, REWIRE’s Commercialisation and IP Manager, shares key takeaways from the event, including how the research and innovation community is embracing fresh solutions to navigate a fast-evolving regulatory landscape. From practical case-studies to emerging compliance frameworks, the conference underscored the pragmatic steps organisations are taking to meet the intensifying scrutiny of today’s national security landscape.
The extraordinary explosion of technology innovations coming out of UK universities has placed a significant burden on national security policymakers to evolve and update the broad range of threats that may directly affect the UK and its interests. Both universities and industry have collectively taken earnest steps to secure and protect their technologies from foreign adversaries, as evidenced by the huge investments made in their compliance infrastructure. At the same time, internationalisation and open science is the engine of innovation.
The market entry of emerging technologies relies on dynamic networks of collaborations: in the semiconductor industry this is particularly pronounced by highly globalised supply chains. How can the national security regime be balanced with open flows of investment and knowledge exchange required to successfully commercialise new technologies? The 4th instalment of the HEECA conference created a vital space for sector wide dialogue. Here are my three main takeaways from the event.
1. Understanding Exposure to Risk
The world is increasingly adversarial, and the global research environment is now at the centre of an intensified and contentious battle for technology and science superiority. Understanding true exposure to national security risks isn’t simple but it is foundational. What is required is a highly dynamic and pragmatic compliance model – one that understands national security as a fluid state constantly influenced by the changing geopolitical developments.
The truth is, there are no fixed certainties on whether international collaboration activity is safe or not and this requires on-going risk profiling. Understanding exposure to risk starts with several key questions:
- Who are you working with?
- What technology or knowledge is being shared?
- What is the intended and potential end use?
At the conference, compliance practitioners brought these challenges into sharp focus, highlighting the practical and operational complexities involved in identifying and responding to research security risks. We heard from universities that are enhancing their risk assessment processes—some through the implementation of structured risk scoring systems, and others by adopting more governance-intensive approaches, such as establishing cross-department risk management working groups.
The Export Group for Aerospace, Defence & Dual-Use, an industry interest group, reflected on how export control has become a top corporate priority and how businesses are adapting to the increasing scrutiny of their international transactions. They identified four key risk areas that organisations must carefully manage:
- Understanding the jurisdiction and laws of other countries
- Identifying if the technology falls under the regulations
- Fully vetting the end-user and end-use of the technology, and
- Understanding that export controls extend beyond physical goods and cover more opaque activities like data sharing and cloud storage.
Research security requirements aren’t going anywhere – in fact they are likely to become even more stringent over time. Agile and responsive models will be key to universities and businesses staying ahead in a rapidly changing national security landscape.
2. Systems Thinking – A Necessary Response to Today’s Complex National Security Landscape
The Department of Science and Innovation led a breakout session titled ‘Systems Thinking in Research Security’. The session urged for a shift from traditional linear thinking to whole-of-system strategies to effectively address the innovations, solutions and improvements needed to protect research. At the core, the session highlighted that collaboration across university business units- research office, IT cyber systems, faculties, human resources and estates- creates the critical synergies needed to effectively respond to risks. While research security is usually thought of as a compliance issue, there is a need for a thinking mindset that considers how one component interacts with another to weaken or strengthen research security management.
In a report by the US Senate’s Permanent Subcommittee on Investigations, semiconductor firms were called out for inadequate execution of compliance audits concerning both their own export compliance programs and those of their distributors. The report highlights that there are some glaring failures in conducting internal and distributor audits related to export control and that semiconductor manufacturers are potentially increasing the vulnerability of the US to national security threats. The report recommends several actions all underscoring the ethos of systems thinking, it calls for a mindset shift that recognises the changes in geopolitical and regulatory realities and how these influences the definition of compliance risks. It advocates for a re-evaluation of the entire export control compliance programmes pivoting from scripted rigid auditing processes to a more qualitative approach that considers the full spectrum of end-use.
In practice this means more frequent internal audits, more robust processes for auditing their distributor’s export compliance programmes and the need to incorporate the broader principles of the various agencies and departments responsible for national security into compliance programmes. This perspective not only aids risk management but also strengthens institutional resilience in the face of rapidly changing threats.
3. The Dual Role of Universities in Research Security: Protection and Innovation
Universities do more than support national security risk assessments through advanced compliance frameworks: they stand at the very heart of national security technology innovation. In a keynote address delivered by the CEO of His Majesty’s Government Communications Centre, a national agency for communications and security technology, the groundbreaking research driven by universities was hailed as the cornerstone of future advancements in the field. The speech spotlighted government funding opportunities in key areas such as electronics, secure communications, artificial intelligence, quantum technologies, and advanced materials. It also emphasised the importance of onshoring manufacturing capabilities, championing the development and commercialisation of homegrown technologies as a strategic priority.
A light-hearted remark during the opening address mentioned that the previous year’s conference ran out of coffee. In contrast, the 2025 HEECA conference was overflowing in every way: engaging and thought-provoking discussions, action-based learning, meaningful opportunities to connect and collaborate with professionals from across the sector -and most importantly, plenty of coffee!
References
1. United States Senate Permanent Subcommittee on Investigations, Majority Staff Report: The U.S. Technology Fueling Russia’s War in Ukraine: Examining Semiconductor Manufacturers’ Compliance with Export Controls. (Sept.10, 2024).