Aarhus University has guidelines in place to safeguard research and innovation collaboration from espionage and misuse.
These guidelines follow the recommendations issued by the Ministry of Higher Education and Science’s Committee on Guidelines for International Research and Innovation Collaboration (URIS).
The intention behind the guidelines is to enable researchers and the university to work as openly as possible – and as securely as necessary.
On 1 January 2026, new guidelines came into force in two areas:
AU has introduced new guidelines for the risk assessment of research and project collaborations for which external funding is being applied or which involve written collaboration agreements between the participants.
All members of staff at AU must take special precautions when travelling to high-risk countries.
Travel to high-risk countries must be approved in writing by the head of department/school (or equivalent).
With regard to IT equipment, staff must follow the advice in the ‘Business trips tohigh-risk countries’ section of the information security webpages on the AU website. When travelling to high-risk countries, staff must take special travel smartphones and laptops with limited access to AU’s data and systems. These devices can be borrowed from AU IT.
High-risk countries are designated by the Danish Security and Intelligence Service (PET). Currently, Iran, China and Russia are designated as high-risk countries in regard to research. These particular states have been singled out for inclusion on the background of PET’s intelligence about which countries are particularly aggressive in their attempts to gain illicit access to research results from Danish research institutions and groups.
Collaboration with researchers who are citizens of these countries is not prohibited, but background checks will be carried out in connection with recruitment, enrolment of PhD students and hosting guests.
It’s also important to remember that these regimes may attempt to acquire knowledge illicitly in other ways, including by putting pressure on individuals, regardless of citizenship, or through cybercrime.
Read more in PET’s assessment of the espionage threat to Denmark (link to PDF)
In relation to the sanctions against Iran, please notice that three specific Iranian universities are on the sanctions list and no cooperation is allowed. The universities in question are:
Sanctions are typically legal tools used by the European Union and the United Nations to influence the behavior of countries, organizations, or individuals that threaten international peace, violate human rights, or undermine democratic values.
Aarhus University and all staff and students must respect the sanctions, as they are legally binding. Sanction violations can e.g. result in fines or a jail sentence.
The department must consult the EU Sanctions List (www.sanctionsmap.eu), especially when entering into cooperation with countries outside the EU and the approved countries (USA, UK, Canada, Norway, Switzerland, Iceland, Australia, New Zealand and Japan).
Please contact the Research Data Office at dualuse@au.dk for assistance.
Critical research is defined by the EU and is subject to heightened security requirements.
Read what this means for your department/school
Controlled research is also defined by the EU and is covered by the rules on dual-use export control.
If a country is subject to sanctions imposed by the international community, collaboration with individuals, organisations and institutions in these countries is prohibited. At AU, virtually all collaboration with Russia and Belarus has therefore been put on hold. You can see which countries are subject to sanctions on the EU’s Sanctions Map.
Academic staff members must disclose any sideline employment connected with their work at Aarhus University every year.
Academic staff members must report any planned sideline employment involving a high-risk country or critical or controlled research to their head of department/school at least fourteen days in advance. Staff members whose planned sideline employment is assessed as being compatible with employment at AU must comply with AU’s standard guidelines for sideline employment.
It’s important that new employees are made aware that a focus on research security and complying with the URIS guidelines are part of their responsibility as university employees. The following points are particularly important:
At AU, we often do background screening on researchers working in fields assessed as critical or controlled or when research teams include people from high-risk countries. For example, we do background screening when recruiting PhD students or inviting guests with citizenship in a high-risk country. We may also do background screening when researchers leave or join research groups conducting critical or controlled research, when they apply for external funding for a project collaboration, or when they enter into written collaboration agreements with partners from high-risk countries. It may also be necessary to do background screening as part of a risk assessment of hosts or host institutions in high-risk countries.
It is important that you take research security into account when offboarding members of staff. This is included in the checklist for offboarding members of staff at AU.
It is particularly important that you:
PET identifies risk countries. As at 1 July, the high-threat countries to research are: Iran, Russia and China.
In the vast majority of cases, there is no risk in collaborating with researchers from countries identified by PET as high-threat countries. There are only a few areas where we need to pay special attention. These include in particular dual use areas - research with both military and civilian applications.
We’re not. At Aarhus University, we’re responsible for implementing the URIS guidelines to protect researchers and research from abuse and unwanted attention. That’s our responsibility. We can’t outsource background checks to PET because assessing a potential employee's field of research and their application requires the university's expertise, but PET has provided input on how background checks can be performed.
Our focus is on the potentially risky use of research and the people who are at risk of coming under pressure.
Freedom of research means that researchers are free to choose what they want to research within their field, what methodology they use, and where they publish. Sharing raw data with is regulated under other parts of the University Act than the definition of freedom of research.
The background checks will involve several people, but primarily the hiring manager in collaboration with the new HR unit. Briefly, the HR unit will conduct an open source search, and the hiring manager will answer a questionnaire, which includes questions about the type of research the potential employee will be involved in. Based on this, in consultation with the dean, the head of department will then assess the overall security risk and either approve or reject the applicant.
HR at the NAT/TECH administrative centre will set up a new unit trained by PET and others, to conduct screenings.
The background checks will use open sources that are accessible via the internet. Training includes distinguishing between credible and non-credible sources.
We don't know exactly how effective the tool is. During the pilot period at Tech and Nat, some applicants have been turned down. The reason was that we weren’t 100 per cent certain that we could protect the person from being pressured into disclosing confidential information.
Yes, if they want to hire an employee, enrol a PhD student or bring in a guest from a high-threat country, they will need to help ascertain the background of the prospective employee or guest.
No, we have no reason to believe that our employees from Iran, Russia or China are potential spies. This initiative is also about safeguarding our employees from being put under pressure by those regimes. If they receive unwanted attention or an unpleasant enquiry from their home country's intelligence services, employees should always be able to go to their manager. In theory, any researcher with access to sensitive data can be put under pressure, including Danish researchers. We screen researchers from URIS countries because PET believes they are at a higher risk of being contacted.
No. We shouldn't be wary of any researcher who asks relevant questions. We do checks at the front door.
Having a healthy and positive work culture is a shared responsibility. We shouldn't start being concerned about colleagues with citizenship from certain countries.
Yes, an off-boarding procedure is on the way, and it will be included in the second roll-out of URIS procedures, expected in late 2024.
In general, no. If they are hired then they should be treated as any other employee. It will be up to the individual laboratory to determine what information the student should have access to.
Visitors to AU don’t have access to sensitive information, and thanks to GDPR guidelines, we’ve become much more aware of protecting information. Upper secondary school students are still very welcome.
Yes of course, which is why we need to be very careful about not over-implementing the guidelines. I can't guarantee that we won't say no once too often, but we won't automatically say no because a person is a citizen of a high-threat country.
No. There will be a procedure for devices when travelling, which means that when you travel to a high-threat country, you’ll be given a computer and mobile phone that will be reset by the IT department when you return.
Not necessarily. But an archaeological researcher may have knowledge about the location of underground cables, for example, which may be sensitive information that should not be shared with hostile states.
No. But we can’t know exactly who has knowledge that could be of interest to hostile states. I usually compare it to the rules for handling radioactive material: I expect all researchers at AU to know that there are rules for working with radiation. I don't expect many people to know the rules in detail because the rules are only relevant to those who work with radiation. It’s the same with the URIS guidelines; everyone should know that it's a regulated field. But no many need to know the rules in depth.
The URIS implementation group was created by the senior management team in order to develop proposals for URIS guidelines at AU. The proposals must be approved by the senior management team before they are implemented.
In 2020, the Ministry of Higher Education and Science set up the Committee on Guidelines for International Research and Innovation Collaboration (URIS), which in May 2022 published "Guidelines for International Research and Innovation Collaboration" (URIS Guidelines). The task of the implementation group is to adapt these these guidelines to an AU context to enable researchers at AU can engage in research collaborations as openly as possible - and as safely as necessary.
Members of the URIS implementation group: