Overview
In its May 12, 2026 update, the National Institutes of Health (NIH) announced expanded measures to protect federally funded research from undue foreign interference. These updates reinforce NIH’s long-standing priorities of transparency, research integrity, and accountability, while continuing to support international collaboration.
For research institutions and compliance leaders, the message is clear: stronger disclosures, mandatory training, and proactive risk management are now essential.
Key NIH Updates for 2026
Enhanced Disclosure Requirements for Researchers
NIH now requires more comprehensive reporting of:
- All sources of research support
- Foreign components and affiliations
- Active and pending commitments
The adoption of updated Biographical Sketch and Current and Pending (Other) Support (CPOS) Common Forms (effective January 25, 2026) improves NIH’s ability to identify overlap, conflicts, and compliance risks.
Institutions must also ensure that senior/key personnel are trained on disclosure obligations, reducing the likelihood of incomplete or inaccurate reporting.
New Foreign Interference Assessment Framework
NIH introduced a Foreign Interference Assessment Tool available on their Foreign Interference web page, a decision matrix that clarifies how risks are evaluated. This helps institutions better understand:
- When NIH may request additional information.
- When mitigation strategies are required.
- How disclosures influence funding decisions.
This increased transparency allows organizations to strengthen internal compliance processes before submission.
Mandatory Research Security Training Requirement (Now Required)
Beginning May 25, 2026, NIH requires that all senior/key personnel certify completion of research security training within 12 months of application submission. Organizations can meet this requirement with CITI Program courses aligned to federal research security frameworks.
| NSF SECURE Center Courses | |||
|---|---|---|---|
| Course Title | Duration | Content Highlights | Best For |
| Research Security Training (Combined) | 1 hr (1 module) | Condensed version of NSF training Note: Contains the current SECURE Center Consolidated Training Module (CTM). Recognized by federal agencies as compliant with their respective Research Security Training requirements. |
NSF, NIH, DOE, DOD, and USDA all recognize completion of condensed module as compliant with their respective RST requirements. |
| Research Security Training | 4 hrs (4 modules) | Covers disclosure, collaboration, risk mitigation | Original 4 module research security training funded by the NSF |
| RCR Research Security Training | 10-30 min | High-level overview | An option to add to RCR training |
| CITI Program Courses | |||
|---|---|---|---|
| Course Title | Duration | Content Highlights | Best For |
| Research Security: A Basic Course | 20-30 min | High-level overview | An option to add to RCR training |
| Research Security: A Basic Course (Refresher) | 15-20 minutes | Refresher version of Research Security: A Basic Course | An option to add to RCR refresher training |
| Research Security Advanced Refresher | 20–30 minutes per module (8 modules) | In-depth modules on all core topics | Annual refreshers, in-depth modules |
Together, these options provide institutions with a way to meet NIH requirements while tailoring training content and depth to personnel’s roles, risk profiles, and compliance needs.
Visit CITI Program for more information.
Expanded Foreign Risk Oversight for SBIR/STTR Programs
New updates to Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) programs:
- Define specific categories of foreign risk.
- Clarify conditions that may lead to funding denial.
- Provide applicants with clearer feedback on risk determinations.
This adds a new layer of scrutiny for organizations engaged in federally funded innovation programs.
Continued Support for International Collaboration
NIH reaffirmed that international research partnerships remain essential, but must be conducted with full transparency. Proper disclosure ensures:
- Fair and merit-based funding decisions
- Protection of intellectual property
- Public trust in the research enterprise
Why This Matters: Increased Compliance Expectations
These updates signal a shift from policy awareness to active compliance. Institutions must now:
- Strengthen disclosure review processes.
- Ensure consistent researcher education.
- Integrate research security into broader compliance programs.
Failure to adapt increases the risk of funding delays, denials, or reputational harm.
Additional Training Strategies to Support NIH Compliance
A comprehensive compliance program extends beyond research security training alone. Additional training areas available through the CITI Program platform help reinforce NIH expectations and reduce institutional risk:
Conflicts of Interest and Commitement Training
Ensures researchers can properly identify, disclose, and manage financial and non-financial interests, supporting NIH’s emphasis on transparency and unbiased research.
Responsible Conduct of Research (RCR) Training
Provides foundational guidance on:
- Research integrity
- Accountability
- Ethical collaboration
RCR training reinforces the principles that underpin NIH’s disclosure and compliance requirements.
Equips researchers with an understanding of regulations governing:
- International data sharing
- Controlled technologies
- Cross-border collaborations
This training is increasingly important in the context of global research partnerships and research security concerns.
Final Takeaway
NIH’s 2026 update underscores a growing federal focus on research security, transparency, and institutional accountability. With mandatory training requirements and enhanced disclosure expectations now in place, organizations must take a proactive approach to compliance.
Investing in comprehensive, role-based training programs will not only help meet NIH requirements but also strengthen the integrity and competitiveness of your research enterprise.
