Immediate: Regulatory and Policy Changes
Research Misconduct: Procedures and requirements for research misconduct proceedings for institutions receiving funding from HHS: Rule effective: January 2025, Institutions must comply by: January 2026
- U.S. Department of Health and Human Services (HHS) Final Rule - Public Health Service Policies on Research Misconduct
- Office of Research Integrity (ORI) Release - Public Health Service Policies on Research Misconduct
- Ropes & Gray Highlights of Key Changes to ORI’s Research Misconduct Regulations
Updated NIH Processes for No-Cost Extensions: NIH has temporarily disabled the No-Cost Extension functionality in eRA Commons as of May 7, 2025. At this time, all requests for NCEs must be submitted as a prior approval request in eRA Commons, for NIH review and approval.
Updated NIH Policy on Foreign Subawards: NIH will not issue awards to domestic or foreign entities (new, renewal or non-competing continuation), that include a subaward to a foreign entity. Additionally, NIH will no longer accept prior approval requests to add a new foreign component or subaward to an ongoing project. NIH plans to expand this policy to domestic subawards in the future. In addition, NIH is establishing a new award structure that will prohibit foreign subawards from being nested under the parent grant. NIH anticipates implementing the new award structure by no later than September 30, 2025. Effective May 1, 2025.
Synthetic Nucleic Acids: Screening required for purchasers and providers of Nucleic Acid Sequences: April 2025 for 200 base pairs or more. October 2026 for 50 base pairs or more.
NIH SBIR and STTR Foreign Disclosure Post-Award Requirements for Active SBIR and STTR Awardees: Active Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) recipients that did not undergo foreign risk assessment at the time of their original application may be required to disclose all funded and unfunded relationships with foreign countries. Effective April 29, 2025
Dept. of Justice (DOJ) Notice of Final Rule - Preventing Access to Americans’ Bulk Sensitive Personal Data and USG-Related Data by Countries of Concern: No U.S. person, on or after the effective date, may knowingly engage in a covered data transaction involving data brokerage with a country of concern or covered person. Effective April 8th, 2025
NIH Controlled-Access Data and Repositories Security:NIH has updated its security standards in the NIH Security Best Practices for Controlled-Access Data Subject to the NIH Genomic Data Sharing (GDS) Policy for users of controlled-access data under the GDS Policy. Effective January 25, 2025
Research Security Training: Covered individuals as defined by NSPM-33: January 2025
- Harvard Research Security Program
- Harvard Research Security Program Training: Coming January 2025
Watchlist: Future Regulatory and Policy Changes
Executive Orders and Research Policy Changes 2025 - Harvard OVPR website
NIH Implementation Update: Promoting Maximal Transparency Under the NIH Guidelines for Research Involving Recombinant or Synthetic Nucleic Acid Molecules (NOT-OD-25-082): On June 1, 2025, the NIH Office of Science Policy (OSP) will publicly post the rosters of all active IBCs registered with OSP via the IBC-Registration Management System (RMS). In addition, the NIH expects that approved meeting minutes from all IBC meetings occurring on, or after June 1, 2025 will be posted publicly on an institutional website.
2024 NIH Public Access Policy: Requires Author Accepted Manuscripts accepted for publication in a journal, on or after July 1, 2025, to be submitted to PubMed Central upon acceptance for publication, for public availability upon the Official Date of Publication. The Policy applies to any Author Accepted Manuscript accepted for publication in a journal that is the result of funding by NIH in whole or in part through a grant or cooperative agreement, including training grants, a contract, an Other Transaction, NIH intramural research, or the official work of an NIH employee. Effective July 1, 2025
Research Security Program: National Security Presidential Memorandum 33 (NSPM-33) requires Research Institutions receiving over $50 million to establish and operate a research security program which includes elements of cybersecurity, foreign travel security, insider threat awareness and identification, and export control training. Estimated Implementation Date: January 2026