I’ve written previously about the increase in oversight and the issuance of formal notices terminating participation in government-funded research programs that organizations are receiving. Foreign Ownership, Control, or Influence (FOCI) is a growing problem for US businesses. While the issue isn’t new, it seems to be growing at an alarming rate due to systematic actions by foreign governments and actors. Let’s examine the latest developments, including assessment tools (agency-specific) and other government (agency and government-wide) actions. [Note: This article is not comprehensive for each agency’s requirements and programs. Most specific examples and information involve NIH, NSF, and DoW.]

Office of Science and Technology Perspectives

In 2020, Dr. Kevin Drogmeier gave a presentation on the background, challenges, and other aspects of research conducted in an era of increased foreign influence, espionage, and factors impacting government-funded research. Let’s examine the key takeaways, concerns, and recommendations.

Key Takeaways

Maintain Research Integrity

Core Principles

• Transparency,
• Honesty,
• Accountability,
• Objectivity,
• Respect,
• Freedom of inquiry,
• Reciprocity, and
• Merit-based competition.

The federal government is still committed to funding research. However, when it involves foreign individuals, institutions, or other entities, it must be disclosed. Principled international collaboration and foreign contributions remain critical to U.S. research success. A key aspect of continued participation in government-funded research is making appropriate disclosures and certifications as required. Certain individuals and foreign governments violate these principles, creating risks to research security.

The full extent of undisclosed intellectual property diversions that undermine U.S. innovation, security, and economic competitiveness is unknown. In 2020, the NIH found more than 87 institutions with confirmed violations involving more than 150 scientists. The outcomes of some of these cases included resignations from prominent institutions, guilty pleas to false-claims violations, termination of employment, and other criminal and civil penalties.

So, the U.S. government is taking deliberate, targeted steps to mitigate risks while preserving an open and collaborative research environment. As a result, investigators and agencies are focused on identifying significant concerns and formalizing and broadening oversight and risk assessment activities.

Significant Concerns

One of the most significant issues is the rise of undisclosed “shadow laboratories” where US-based researchers or scientists work on US government-funded projects while secretly working for (and paid by) foreign institutions. Divided “loyalties” is the first issue, but there are many more. These foreign influence relationships take many forms. The following list is compiled from multiple sources, including the CHIPS and Science Act of 2022 and agency-specific guidance.

• Undisclosed foreign employment or full-time contracts
• Commitments to relocate U.S. labs or IP to foreign countries
• Undisclosed foreign patents, research support, or duplicative funding
• Undisclosed compensation (often in secret foreign accounts)
• Preferential treatment for certain foreign students/visitors
• Obligations to assign credit to foreign institutions or keep arrangements secret
• Transfer of proprietary information/technologies
• Restrictions on contract termination
• Significant undisclosed financial conflicts of interest
• Violations of peer review confidentiality

Government Action and Laws

As of May 2026, the core “key takeaways” from Dr. Drogmeier’s presentation remain unchanged. They remain foundational elements to US government policy. With an emphasis on research integrity, principled (disclosed) international collaborations, and balanced security measures to prevent risks from undisclosed foreign relationships (influence), IP diversion, and other emerging issues, businesses engaged in research, especially government-funded, need to build into their organizations compliance tools and monitoring that facilitate prevention, detection, and reporting.

Laws, Rules, Regulations, and Government Oversight

Since 2020, the most significant changes have flowed from the CHIPS and Science Act of 2022, National Security Presidential Memorandum-33 (NSPM-33, 2021), and OSTP/JCORE coordination activities. These reforms have moved the government’s approach from case-by-case investigations to comprehensive, standardized, government-wide requirements. Furthermore, these new rules mandate training, certifications, and institutional programs on relevant subject matter (security, disclosures, etc.).

Risks from Foreign Entity (Individual, Government, Institutions, etc.)

One key compliance tool is the filing of an FOCI certification. However, this is only as effective as it is accurate. Many organizations have failed to take the time to understand the questions and information requested fully. Additionally, the internal business and compliance systems have failed to meet the required due diligence standards for qualifying foreign entities (direct and indirect relationships). Again, many small businesses and other organizations do not even ask about foreign relationships, require annual updates to company information, monitor, or track changes in the entities they work with.

Real World Example

A former client engaged a contract research organization (CRO) for one of their clinical trials. At the time they entered the subcontract, the company was US-owned and operated. Within six months of the contract signing, a Chinese company acquired the company, and some US facilities were downsized, and certain functions were offshored to China. The client was aware of the acquisition but failed to act to terminate the contract or disclose the issue to the government.

The inevitable happened during a technical review. The government was monitoring Chinese (and other foreign entities) acquisitions. As a result of the failure to disclose and to take action to terminate the subcontract, the client company lost its current funding. It was removed from consideration for two pending awards. The total funding lost was over $10 million.

Failing to comply with requirements is more expensive than any system you implement. In addition to loss of funding, repayment of funds, suspension/debarment from participation in funding programs, there are potential civil and criminal actions and penalties. (See my article on False Claims.)

Certifications

In addition to completing and filing the company FOCI certification, senior/key personnel (individuals) are required by some agencies (NIH/NSF) to certify that they are not currently party to a Malign Foreign Talent Recruitment Program (MFTFP). Again, the problematic aspects of those relationships include the items listed previously.

Disclosure Requirements

Area	Current Requirements
Disclosures	Standardized Common Forms for:BiosketchOther support.Full disclosure of all foreign appointments, funding, and talent programs.
Decision Tools	The NIH Decision Matrix is used to assess potential foreign interference (NSF, DoD, and DOE have similar tools).
Training	Research Security Training (RST) is mandatory for all senior/key personnel working on NIH grants (applied for on or after May 25, 2026). Training covers disclosure, conflicts, cybersecurity, and foreign interference.
Institutional Responsibility	Research Security Programs are required at all institutions that receive more than $50 million in federal R&D per year as of July 2024. This includes training, security for foreign travel, and export controls.
Foreign Subawards and Components	NIH now requires direct NIH oversight or separate linked awards for any foreign component of R&D projects. Also, restrictions have been placed on biospecimen transfers to “Countries of Concern.”
Case Volume and Outcomes	Most cases are now being self-reported by institutions. This indicates improved compliance. However, public cases and prosecutions are still taking place.

What Does This Mean for Your Business?

The government continues to emphasize the importance of protecting US research, IP, and innovation. There is a particular focus on government-funded projects and entities. However, every business, large and small, needs to understand the importance of identifying, monitoring, and disclosing foreign influence. That influence may come from any number of sources, relationships, and transactions. It requires vigilance and continuous monitoring as business relationships are dynamic and evolving. A best practice for any business is to incorporate screening questions in your recruiting, hiring, and performance systems for employees, contractors, and vendors. Additionally, businesses need to implement periodic reviews and leverage technology tools to monitor public information (press releases, merger and acquisition announcements, etc.) for entities they work with. As with any law, regulation, term, or condition, “I didn’t know.” It isn’t a defense for violations (civil or criminal).

Many small businesses think that they can ignore the requirements. Others think it is “too expensive” to comply. Neither is true. Even the smallest business can implement an affordable, proactive compliance system to screen and monitor their business relationships, transactions, and other disclosure requirements.

Next Steps

I recommend you do a quick self-assessment to identify any potential, recognizable sources of foreign influence risk. Review employee, vendor, subrecipient, and other relationships. Use AI to quickly search for ownership and other information about key individuals, institutions, and groups involved with your business.

Once you have your basic list and some background, then review your FOCI certification (if you have filed one) and the biosketches for senior and key personnel. If you haven’t already done so, request an update of biosketches (make this at least an annual requirement).

If you are feeling uncertain or overwhelmed, work with a business and compliance expert who is familiar not only with FOCI requirements but also with comprehensive compliance across business systems, functional areas, government-funding-related topics, and “regular” business topics (taxes, labor reporting, etc.). It is less expensive to invest in a comprehensive system that addresses all your requirements than to take a piecemeal approach that leaves gaps and increases your risk.