To ensure that the Canadian research ecosystem is as open as possible and as secure as necessary, the Government of Canada introduced in July 2021 the National Security Guidelines for Research Partnerships (NSGRP) to integrate national security considerations into the development, evaluation and funding of research partnerships.

The Risk Assessment Review Process of the NSGRP provides a framework through which researchers, research institutions and Canada’s federal funding organizations can undertake consistent, risk-targeted due diligence to identify and mitigate potential national security risks linked to research partnerships.

When applying to a research partnership grant program that applies the NSGRP as a requirement, grant applications involving one or more private sector partner organizations — including when they participate alongside other partner organizations from the public and/or not-for-profit sectors — must include a completed a Risk Assessment Form as an integral part of their application. This questionnaire requires applicants to consider any risks associated with the nature of their research and proposed private sector partner organizations. Applicants must also develop a tailored risk mitigation plan commensurate with the risks identified that will be implemented for the duration of the grant. Following the principles of the NSGRP, risk mitigation measures must never lead to discrimination against or profiling of any group or member of the research community.

For the purposes of the implementation of the NSGRP by the federal granting agencies, private sector partner organizations subject to the Risk Assessment Form include for-profit organizations (excluding any Canadian Crown Corporations) or organizations that assist, support, connect and/or represent the common interests of a group of for-profit organizations, such as an industry association or a formal or informal consortium, but excluding producer groups.

To learn about the Canada Foundation for Innovation’s implementation of the NSGRP, please consult its dedicated guidance page.

The NSGRP apply to selected federal research partnership funding programs. Consult the appropriate funding opportunity literature to determine if the NSGRP apply to your research partnership grant application and if a Risk Assessment form is required as a mandatory component.

At this time, the NSGRP apply to the following programs:

For general questions related to completing the Risk Assessment Form, please consult the Frequently Asked Questions (FAQ): National Security Guidelines for Research Partnerships. The following FAQs are intended to complement the broader FAQs concerning the implementation of the NSGRP at the granting agencies.

Resources are provided by the Government of Canada on the Safeguarding Your Research portal, including guidance and training on conducting open-source due diligence, as well as information on mitigating research security risks and mitigating economic and/or geopolitical risks in sensitive research projects.

No, only one Risk Assessment Form is required per application, but it must consider all private sector partner organizations involved (both formally and informally) in the proposed research project.

When filling out the Risk Assessment Form, you must consider each private sector organization participating in the project (when applicable) and/or those that may exploit the research results.

Every application submitted with a Risk Assessment Form is reviewed on a case-by-case basis as part of a Risk Assessment Review Process. This process is conducted independently from the merit review process.

First, the granting agency reviews the Risk Assessment Form as part of an internal administrative process to ensure completeness. It then conducts an administrative risk validation using open-source intelligence (OSINT) methods. Any application with possible or identified risks is referred to the agency’s internal Risk Assessment Committee, where these risks are considered against the mitigation plan provided:

• If the Risk Assessment Committee determines that the risks are appropriately mitigated, the mitigation plan is approved.
• If the Risk Assessment Committee determines that a national security assessment is required to inform the funding decision, the application is referred to Public Safety Canada’s Research Security Centre for advice.

The granting agency then makes its funding decision following the results of the merit review and considering any advice requested and received from the Research Security Centre.

In most cases, the granting agencies would refer applications for national security assessment and advice in cases where:

• the nature of the proposed research could be deemed sensitive (per Annex A of the NSGRP), and
• one or more private sector partner organizations were identified from open-source information to be
  • associated with, or originating from, organizations or countries that are subject to sanctions, and/or
  • associated with criminal or ethical concerns

If your application requires a national security assessment by the national security departments and agencies, this additional process may extend the overall expected assessment time by up to 10 weeks. The national security departments and agencies remain committed to meeting their assessment service standard to minimize impacts on the research community.

Where possible, the corresponding granting agency will communicate any new and relevant information it receives from the national security departments and agencies as part of its notice of decision letter. In some cases, the information provided may be limited due to the classified nature of the assessment.

In cases where the funding is conditional on additional mitigation measures or where funding was declined due to the result of the national security assessment, applicants are also offered the opportunity to request a meeting with representatives from the granting agency administering the funding opportunity, and representatives from the Government of Canada’s Research Security Centre, to discuss the results of the application’s national security assessment.

Yes. The risk mitigation plan proposed in your application is considered as part of the Risk Assessment Review Process to determine whether the potential risks to your research partnership are appropriately mitigated. As per the terms and conditions of the grant, you must implement all the risk mitigation measures identified in your risk mitigation plan and award letter, if applicable.

You are also expected to confirm the implementation of these risk mitigation measures as part of the regular grant reporting process, where applicable.

Yes. Annual reports relating to the Government of Canada’s research security measures are published on the Safeguarding Your Research portal, which include results from the implementation of the NSGRP and highlights other initiatives underway to safeguard Canadian science, data and research.

The National Security Guidelines for Research Partnerships (NSGRP) are distinct from, but complementary to, the Policy on Sensitive Technology Research and Affiliations of Concern (STRAC). These policies operate independently and apply distinct requirements at the grant application stage and for the duration of the grant. Consult the appropriate funding opportunity literature to determine whether the NSGRP and/or the STRAC Policy apply. In some cases, both the STRAC Policy and the NSGRP may apply to the same funding opportunity.

The NSGRP address risks related to research projects conducted in partnership with private sector partner organization(s). Applications that apply the NSGRP undergo a Risk Assessment Review Process that supports the identification, analysis and mitigation of risks as part of the development, evaluation, and funding of research partnerships. The NSGRP apply to selected federal research partnership programs, where applicants seeking grant funding for research with one or more private sector partner organization(s) must complete a Risk Assessment Form, and grant recipients must implement any risk mitigation measures identified in their completed Risk Assessment Form and in their notice of decision.

The STRAC Policy addresses risks related to sensitive technology research performed with research organizations and institutions that pose the highest risk to Canada’s national security. This policy applies to all relevant funding opportunities that fund research grants to university and university-affiliated institutions. For these funding opportunities, any research grant applications that aim to advance a Sensitive Technology Research Area (STRA) will require the submission of attestation forms by researchers with named roles on the grant application certifying that they are not currently affiliated with or are in receipt of funding or in-kind support from a Named Research Organization (NRO). For the duration of the grant, all research team members involved in the activities funded by the grant are individually responsible for ensuring that they do not hold an active affiliation or receive funding or in-kind support from any of the listed NROs, following the version of the NRO list that was publicly available on the date that the grant application was submitted. No additional requirements apply for grant applications that do not aim to advance any of the listed Sensitive Technology Research Areas. For more information, consult the Tri-agency guidance on the STRAC Policy.

Question 1.6 of the National Security Guidelines for Research Partnerships’ (NSGRP) Risk Assessment Form asks whether you are working in a research area that may be considered sensitive or dual-use as listed under List 1 of Annex A of the NSGRP. List 1 of Annex A is composed of the list of Sensitive Technology Research Areas (STRA), along with additional potentially sensitive research areas such as those relating to critical minerals, critical infrastructure, large datasets, and the use of personal data. Therefore, if your research aims to advance a listed STRA, you are bound to be working in a research area relating to List 1 of Annex A and you must answer ‘YES’ to question 1.6 of the Risk Assessment Form.