Stay Informed with Conflicts of Interest and Export Control Updates

PIs and senior/key personnel are required to complete financial conflict of interest training every three years. Currently, the UO uses CITI to deliver the training.

Effective January 1, 2026, PIs and senior/key personnel will instead complete training in MyTrack Learning. Links to the new training will be available on our website and shared in upcoming issues of Frontline. 

The new training uses examples relevant to UO research and includes information on federal regulations, UO policy, and UO procedures. The training takes approximately one hour to complete. 

Existing training completion in CITI will continue to be valid. Those whose training expires after January 1, 2026, will need to complete the new MyTrack training. 

Please email coi@uoregon.edu with any questions about the training requirement. 

PIs and senior/key personnel are required to complete financial conflict of interest training every three years. Currently, the UO uses CITI to deliver the training. 

However, a new MyTrack training is coming this fall. The training uses examples relevant to UO research and includes information on federal regulations, UO policy, and UO procedures. The training takes approximately one hour to complete. 

Existing training completion in CITI will continue to be valid. Beginning this fall, those whose training will expire soon will need to complete the new MyTrack training. 

Please email coi@uoregon.edu with any questions about the training requirement. 

Around the O Workplace published a notice about the international shipment form.

In an effort to reduce administrative burden on researchers, OVPRI is adjusting its implementation of research security training requirements, which stem from the CHIPS and Science Act and National Security Presidential Memorandum-33 (NSPM-33).

Effective October 1, 2025, PIs, Co-PIs, and senior/key personnel who apply to or have federal sponsors must annually complete research security training. Any researcher who contributes in a substantive, meaningful way to the scientific development or execution of the project is considered senior/key personnel and has the training requirement.

The training must be completed prior to submitting a proposal and annually during the period of a federal award. The research security training is available in MyTrack Learning (DuckID required to log in). It takes approximately one hour to complete. Researchers must advance the training to the very end, until they see the certificate of completion, for MyTrack to recognize they’ve completed the module.

More details can be found on the research security training webpage, and if researchers experience issues, please email exportcontrols@uoregon.edu.

Subawardees and Contractors: The subawardee PI, co-PI, and senior/key personnel need to complete research security training, as does any other subaward researcher who contributes in a substantive, meaningful way to the scientific development or execution of the project. Contractors who contribute in a substantive, meaningful way to the scientific development or execution of the project also need to complete research security training. Some contractors will meet this definition and others won’t.

Subawardees and contractors can complete the one-hour, condensed version of the research security training offered by the SECURE Center. They should complete, print, and retain the certificate of completion at the end. DGAs should request the certificate of completion and upload it into the subaward or contractor section in EPCS. Please note that any UO researcher with a Duck ID must complete the research security training via MyTrack Learning.

Certifications: The National Science Foundation (NSF), the US Department of Energy (DOE), and the US Department of Agriculture (USDA) require PIs and senior/key personnel to certify at the time of proposal that they have completed research security training in the previous 12 months and to re-certify annually for the duration of the award. The National Institutes of Health (NIH) will be re-releasing their requirements for certification soon.

PIs should carefully read all certifications. If you have questions or concerns about a certification, contact your SPS post-award team. 

Drones manufactured by companies located in a foreign country of concern are prohibited from being purchased with or used in federally sponsored research.

This prohibition includes drones made by DJI or Autel, among others, and the prohibition stems from national security concerns of foreign adversaries gaining access to sensitive data or infrastructure.

If your research team currently has any drones manufactured by a company in a foreign country of concern (such as DJI or Autel) or if your research team is unsure about the manufacturer's country of origin, please contact exportcontrols@uoregon.edu for further guidance.

The Department of Defense (DOD) will implement enhanced cybersecurity requirements for all DOD research awards involving sensitive, unclassified information proposed after November 10, 2025. If you are a researcher, Sponsored Projects Administrator, or DGA, and you anticipate working on a new DOD-funded award, please be aware of the Cybersecurity Maturity Model Certification (CMMC).  

The CMMC has three tiers, Levels 1, 2, and 3. As described in the proposed rule, “Under the CMMC program, defense contractors and subcontractors will be required to implement certain cybersecurity protection requirements tied to a designated CMMC level and either perform a self-assessment or obtain an independent assessment from either a third-party or DOD as a condition of a DOD contract award.  

Research Integrity is prepared to help facilitate researcher compliance with CMMC 1.0 and will work with you to ensure that appropriate associated costs are included in your proposal. If you pursue an award that requires compliance with CMMC 2.0, please be in touch as early as possible, as those heightened cybersecurity standards require extensive planning and investment, and the time we have to prepare may impact whether it is possible to pursue the award.   

The scope of applicable exceptions, appropriate allocation of cost burdens, and the impact on existing awards are just a few of several questions that remain to be answered. We will take compliance seriously; failure to comply with the cybersecurity standards can result in False Claims Act liability. We will continue to monitor implementation and associated guidance

Departments shipping materials internationally (excluding immigration, marketing, or admissions materials and published research materials such as journal articles) must submit an International Shipment Form before sending through UO Mail Services or external carriers, such as the US Postal Service, UPS, FedEx, or DHL.

Once submitted, the International Shipment Form provides the shipper with concrete next steps in the shipment process. If the shipper plans to use UO Mail Services, the form will provide a pre-populated document to print and affix to the package. 

Forms are reviewed within one business day, but additional compliance steps may be required based on shipment contents.

Unauthorized shipment of export-controlled items may lead to significant federal, civil, or criminal penalties, including but not limited to temporary prohibitions on international transactions. Departments are responsible for ensuring they have proper approvals.

Learn more on the Export Controls website

Effective October 1, 2025, ALL principal investigators (PIs) and senior/key personnel, regardless of sponsor, must annually complete Research Security Training.  

The training must be completed prior to submitting a proposal and must be completed annually thereafter. The Research Security Training is available in MyTrack Learning (DuckID required to log in). It takes approximately one hour to complete. More details can be found on the Research Security Training webpage. 

The National Science Foundation (NSF), the National Institutes of Health (NIH), the US Department of Energy (DOE), and the US Department of Agriculture (USDA) will require PIs and senior/key personnel to certify they have completed Research Security Training in the previous 12 months and to re-certify annually for the duration of the award. 

This new certification for NSF and USDA researchers is in addition to the annual certification in research.gov for PIs and co-PIs to indicate they are not party to a malign foreign talent recruitment program.  

PIs should carefully read all certifications. If you have questions or concerns, contact your SPS post-award team. 

The National Science Foundation (NSF), the National Institutes of Health (NIH), the US Department of Energy (DOE) and the US Department of Agriculture (USDA) have all recently updated their research security requirements. 

As a result, effective October 1, 2025 (and effective August 7, 2025, for USDA researchers), ALL principal investigators (PIs) and senior/key personnel, regardless of sponsor, must annually complete Research Security Training. 

The training must be completed prior to submitting a proposal and must be completed annually thereafter. The Research Security Training is available in MyTrack Learning (DuckID required to log in). It takes approximately one hour to complete. More details can be found on the research security training webpage. 

NSF, NIH, DOE, and USDA will require PIs and senior/key personnel to certify they completed research security training in the previous 12 months and to re-certify annually for the duration of the award. 

This new certification for NSF and USDA researchers is in addition to the annual certification in research.gov for PIs and co-PIs to indicate they are not party to a malign foreign talent recruitment program.  

PIs should carefully read all certifications. If you have questions or concerns, contact your SPS post-award team. 

Effective October 10, 2025, National Science Foundation (NSF) principal investigators (PIs), co-PIs, project directors, co-project directors, senior/key personnel, or any other position specified in a funding opportunity announcement must annually complete Research Security Training. 

The training must be completed prior to submitting a proposal and must be completed annually thereafter. The Research Security Training is available in MyTrack Learning. It takes approximately one hour to complete (DuckID required to log in). More details can be found on the research security training webpage. 

Please note that PIs and senior/key personnel who submit proposals to the US Department of Energy have the same Research Security Training requirement. 

Beginning June 7, 2025, the National Science Foundation (NSF) requires all PIs and co-PIs to annually certify in research.gov that they are not party to a malign foreign talent recruitment program (MFTRP). 

NSF is expected to expand the annual certification to all senior/key personnel on NSF-funded projects at a future date. 

PIs should carefully read the certification and ensure that the language in the attestation applies only to MFTRPs. If they have questions or concerns, they should contact their SPS post-award team. 

Those who are party to a MFTRP are ineligible to serve as PI on an NSF-funded project. 

What you need to know about completing the required MFTRP certification in Research.gov: 

There is no organizational certification requirement; the certification requirement is for PIs and co-PIs. Impacted PIs and co-PIs will be prompted to complete the MFTRP certification after signing into Research.gov using the Sign In link at the top of the website.  

PIs and co-PIs with more than one active award made on or after May 20, 2024, are only required to certify once annually. Once completed, PIs and co-PIs can view their MFTRP certification response under the Academic/Professional Information section of their profile. 

NSF is working to expand the MFTRP annual certification requirement for all senior/key personnel roles at a future date. Additionally, NSF is working to provide organizations with access to the annual certifications. 

For more information, please visit OVPRI’s Malign Foreign Talent Recruitment Programs webpage.  

Effective December 22, 2025, drones manufactured by companies located in a foreign country of concern are prohibited from being purchased with or used in federally sponsored research. 

This prohibition includes drones made by DJI or Autel, among others, and the prohibition stems from national security concerns of foreign adversaries gaining access to sensitive data or infrastructure.

If your research team currently has any drones manufactured by a company in a foreign country of concern (such as DJI or Autel) or if your research team is unsure about the manufacturer's country of origin, please contact exportcontrols@uoregon.edu for further guidance. 

Departments shipping materials internationally (excluding immigration, marketing, or admissions materials and published research materials such as journal articles) must submit an International Shipment Form before sending through UO Mail Services or external carriers, such as the US Postal Service, UPS, FedEx, or DHL.   

Once submitted, the International Shipment Form provides the shipper with concrete next steps in the shipment process. If the shipper plans to use UO Mail Services, the form will provide a pre-populated document to print and affix to the package.   

Forms are reviewed within one business day, but additional compliance steps may be required based on shipment contents.     

Unauthorized shipment of export-controlled items may lead to significant federal, civil, or criminal penalties, including but not limited to temporary prohibitions on international transactions. Departments are responsible for ensuring they have proper approvals.    

Learn more on the Export Controls website. 

The UO is required to report incoming contracts with, and gifts received from, foreign persons and entities to the US Department of Education and NSF. 

If your department receives: 

• Contracts for incoming funds that are not routed through SPS or Purchasing and Contracting Services, or
• Gifts from foreign donors that do not come through UO Foundation or Advancement, 

please email foreigngiftreports@uoregon.edu to be added to our biannual reporting requests. 

Most transactions only require basic information for internal reporting. However, full reporting is required if the UO, as a whole, receives $250,000 or more from the same foreign source or $50,000 or more from a source located in a country of concern.  

Your cooperation helps ensure the UO remains compliant with federal requirements.