Early review at the pre-award stage gives the PI and the university a "heads up" that the project is a high risk for export control issues before foreign nationals are hired for the project and before budgets are finalized if customized information security systems are needed.

The PI should complete the Pre-Award Checklist to identify potential export control issues prior to submitting proposal documents to their College Research Liaison Officers or OCG Pre-Award Administrators. The administration staff will review and confirm whether additional approvals are needed before proceeding with the proposal submission. Note: A completed Pre-Award Checklist is required for every transmittal.

Pre-award review allows the Export Control Office to highlight and advise on potential export control issues including:

Critical Export Concerns

• References to "classified" information
• Program related transactions or engagement with OFAC sanctioned countries
• Includes collaboration with an entity or an individual located in or governed by a high-risk country
• Involves foreign government agencies
• Requires work to be performed in sanctioned or high-risk countries

Critical export concerns require approval from the Assistant Dean for Research and the Vice President for Research prior to proposal submission.

Significant Export Concerns

• Pre-award sponsor information that defines the scope of work as either export controlled under the Export Administration Regulations (EAR) or the International Traffic in Arms Regulations (ITAR)
• Includes publication restrictions of any kind
• Includes citizenship restrictions or qualifications
• Requires a Non-disclosure Agreement (NDA) or other Confidential Data Agreement (CDA) to receive proprietary, export-controlled information from the sponsor or a related third party
• Requires DFARS 7012/19/20- mandated data security requirements to cover Controlled Unclassified Information (CUI), or other data security requirements
• Requires any of the following:
  • Access to U.S. Government data bases or other US Government information
  • Physical access to a U.S. Government research site or facility
  • Personal Health Information (PHI) or Personally Identifiable Information (PII) considered protected data under HIPAA, FERPA, or EU General Data Protection Regulations
• Requires procuring or receiving export-controlled instruments, software, or materials of any kind
• Requires the sharing of specialized instrument technology (including vendor-proprietary installation or repair information) or exposure to a party’s proprietary instrument or software design technology
• Requires sharing of source code for 128-bit encryption software or mass-market encryption products
• Involves instruments, software, materials or technology specially designed or modified for defense purposes
• Requires the international transfer or export (by any means e.g. shipment, courier, hand carried) of any item

Significant export concerns will alert the Export Control Office and/or Information Security team to reach out to the PI with guidance related to the identified concern. While no additional approvals are needed to move forward with a proposal submission, careful consideration should be taken if the project will involve receipt, handling or generation of CUI as this may require obtaining third-party IT resources to accept the award. 

More information about CUI can be found on the National Archives website CUI Registry | National Archives.