Responsible International Knowledge Cooperation (AIS)

UiB should be an open and global knowledge institution – but also a secure and responsible partner.

The geopolitical situation is changing, and we increasingly face dilemmas related to academic freedom, security, ethics, and human rights in international cooperation. Therefore, the University of Bergen has established its own AIS team to support employees and ensure that UiB's international cooperation is conducted in a way that is both open and safe. AIS stands for “Ansvarlig Internasjonalt Samarbeid” or Responsible International Knowledge Cooperation. All employees can contact the AIS team for advice and consultation.

What does the AIS team do?

The AIS team is UiB's interdisciplinary resource group related to responsible international cooperation. We:

• Provide advice and guidance on individual cases, including cooperation with partners in high-risk countries
• Coordinate and liaise between departments, faculties, and management
• Identify trends and needs, and propose measures that increase security and reduce risk
• Serve as a contact point for all employees who have questions about knowledge cooperation, travel, employment, export control, procurement, data sharing, or other matters that may affect the AIS field

When can you contact us?

Contact us if, for example:

• You are planning research cooperation with partners in countries with different legal practices, high threat assessments, or other challenges
• You are unsure about the risks of technology transfer, data sharing, export control, or the use of UiB equipment on foreign trips/work abroad
• You are wondering how to handle travel, employment, or contracts in a security-sensitive context
• You have questions about research security and sensitive technologies

You don't need to know if something is "right" or "wrong" – often it's enough to be in doubt. We assist with both simple clarifications and more complex assessments.

Who are we? How to contact us?

The AIS team is led by Helge Gismarvik Høvik and consists of representatives from the University Director's office, HR, IT, Research Administration, Financial Services, Student Affairs, and Estate and Facilities Management. 

To get in touch with us – send an email to Helge Gismarvik Høvik helge.hovik@uib.no.

Responsible cooperation involves systematically assessing potential risks in international collaborations, balancing value-related and security challenges with collaboration opportunities. All academic, administrative staff, and leaders involved in international partnerships at UiB are encouraged to remain aware of potential risks in specific situations and to help ensure that cooperation is carried out responsibly. Risk assessments should be conducted before, during, and after collaborations, and are particularly important in larger research and educational projects.

Collaboration with institutions in certain countries entails specific risks. This is especially true for partnerships with institutions in countries that differ significantly from Norway in terms of governance, culture, higher education, and research systems, among other factors. Geopolitical circumstances and tensions may also increase risks associated with collaborating with certain countries. It is important to have a thorough understanding of the collaborating partners, including a clear and mutual understanding of the collaboration’s purpose. Such awareness can help reduce the risk of adverse outcomes.

Examples of potential risks in international cooperation include attempts at political influence and restrictions on institutional autonomy and academic freedom, illegal acquisition of sensitive or strategically important knowledge (including knowledge that could be used for military purposes), and breaches of established ethical principles in education and research.

HK-dir (Norwegian Directorate for Higher Education and Skills) has dedicated web pages with guidelines and tools for responsible international knowledge cooperation.

At the University of Bergen (UiB), responsible international cooperation is a priority. When concerns arise regarding international issues, whether in hiring, inviting guest researchers, or collaborating with foreign partners, both systematic and individual approaches are essential. The primary focus should be on institutional processes to manage risks, though some situations may also require individual measures, such as applying for export control licenses or conducting vulnerability assessments.

Systematic Measures

HK-dir (Norwegian Directorate for Higher Education and Skills) provides clear guidelines for responsible international knowledge cooperation. These emphasize the importance of conducting systematic risk and vulnerability assessments at the institutional level. These assessments focus on overarching processes rather than individuals, aiming to identify and mitigate risks in international partnerships. Measures like access regulation and employee training are vital.

HK-dir recommends including vulnerability assessments in risk evaluations, particularly for export-controlled research areas like dual-use technology. In fall 2024, UiB will conduct a comprehensive value assessment to strengthen risk management and protect critical information assets in compliance with the Security Act.

Individual Measures

While systematic measures are essential, certain situations call for individual approaches:

• Export License Applications: When research projects involve export-controlled technology or knowledge, applying for export licenses is necessary. This requires an individual assessment of the project’s content and parties involved.

• Vulnerability Discussions: These meetings with staff or guest researchers identify vulnerabilities that could be exploited externally. They raise awareness on security issues and allow for tailored guidance, conducted respectfully to avoid unnecessary concern or stigmatization.

These individual measures complement systematic ones, offering a holistic approach to security while upholding high academic standards.

Recommendations

Systematic Measures:

• Train and raise awareness among all employees about security practices and risks.
• Implement differentiated access to sensitive information based on risk assessments.
• Establish processes for risk management, adherence to laws and regulations, and annual review of value assessments and export license applications.

Individual Measures:

• Conduct vulnerability discussions with staff as needed.
• Obtain necessary export licenses for relevant projects and technologies.
• Provide individual guidance and support to staff handling sensitive information or technology.

This holistic approach ensures effective risk management aligned with HK-dir guidelines, safeguarding privacy and avoiding undue focus on individuals.

This section provides information on export control, how to adhere to regulations, and where to seek guidance. Export control restricts the export of specific goods, technology, services, and knowledge from Norway without a license issued by the Direktorat for eksportkontroll og sanksjoner (DEKSA). In the higher education sector, export control primarily involves managing knowledge transfer and research collaboration, including tracking license-required equipment, technology, and awareness around student exchanges, hiring, and guest researchers.

What is Export Control?

Export control requires prior authorization (license) for sharing knowledge about specific technologies and equipment that can serve both civilian and military purposes. The regulations aim to prevent the spread of weapons, military equipment, and dual-use items (products with both civilian and military applications). Norwegian export control is governed by a combination of national laws, regulations, and international agreements.

This section also explains why and how UiB ensures that such technology, equipment, and knowledge are safeguarded and not misused in violation of Norway's export control regulations. Additionally, it provides guidance on how to apply for an export license when necessary.

While internationalization and open research are emphasized, export control regulations may restrict researchers’ ability to share knowledge with individuals in or from other countries. Sharing knowledge about specific technology may, in extreme cases, be illegal and punishable.

The most sensitive academic fields for our sector include:

• Biology, including biotechnology
• Biochemistry
• Chemistry, including chemical process technology
• Physics, including nuclear physics
• Aviation and aerospace technology
• Mechanical engineering
• Material technology
• Cybernetics
• Medicine/veterinary science
• Mathematics

UiB employees should also be aware that export control regulations may apply to research collaboration and the sharing of information and research results with foreign institutions, as well as the broader dissemination of such information and the participation or hosting of courses and conferences

Institutional Guidelines for Export Control at UiB

UiB has implemented guidelines providing a general framework for managing export control.

Procedure for Export License Applications in Hiring Processes
A critical aspect of export control is ensuring necessary licenses are secured before hiring individuals working with export-controlled technology or information. Therefore, UiB has established a procedure outlining the application process, adaptable to local circumstances, including delegated responsibilities and roles.

Difference between UD/DEKSA and UDI

The Norwegian Directorate of Immigration (UDI) handles applications for foreigners who wish to visit or live in Norway. Work and residence permits issued by UDI are governed by separate legislation and fall outside the scope of export control regulations.

The Ministry of Foreign Affairs (UD) holds the overall responsibility for the export control regulations, while the Directorate for Export Control and Sanctions (DEKSA) is responsible for their operational implementation. Consequently, a foreign individual may receive a work permit via UiB but still be denied the e-license or prior approval required by DEKSA for specific work activities.

When to Consider Export Control

Licensing needs should be assessed in cases of:

• Hiring employees
• Student admissions
• Hosting guest researchers
• Changes or updates to projects, staff, students, or visitors already subject to export control

Currently, licensing is not required outside these areas. To determine if export control licensing applies, department heads must maintain an updated list of sensitive research areas, collaborations, interdisciplinary activities, and labs or equipment where export control may be relevant.

Special Considerations for Student Admissions

Export control also applies to certain master’s level admissions (not bachelor’s), impacting the assessment of applications to UiB. DEKSA can provide guidance on export control for students whose studies may intersect with these regulations. UiB may need to seek an export license for specific students in some cases.

Relevant Study Programs

Export control primarily affects master’s programs in the Faculty of Science and Technology and the Faculty of Medicine. UiB will aim to assign master’s thesis topics that comply with export control laws, redirecting students to other programs if needed.

Are There Countries to Pay Special Attention To?

There is no official list of countries requiring special attention, and regulations assume that any foreign national may need a license from DEKSA. However, Norway has sanctions against certain countries, and others are deemed risky by national security authorities, though not officially sanctioned. The list of relevant countries can shift with the geopolitical climate. Examples of sanctioned countries include Russia, Iran, and North Korea, while other high-risk countries might include China and Pakistan. Updated threat assessments are provided by the Norwegian Police Security Service (PST).

Control Lists

The control lists, List I, List II and List III play a crucial role in determining the applicability of export control regulations and in any potential licensing process. These lists detail various types of goods and technologies, including advanced electronics, software, telecommunications equipment, biotechnological materials, chemicals, and military or dual-use items (those usable for both civilian and military purposes). Integrated into national and international export control regimes, these lists form the basis for legislation and policy, ensuring that exports of sensitive items comply with legal standards and international agreements.

Difference Between Export Control and International Sanctions

Sanctions target specific countries to influence their actions, typically covering broader areas than export control regulations. For universities, sanctions against Russia and Iran are particularly relevant and, like export control, include control lists.

What is E-License?

The E-License is DEKSA's online export control portal for submitting applications, reports, and export control-related inquiries. An approved license authorizes exports of goods, services, technology, and knowledge from Norway to countries under sanctions or with specific security concerns.

The University of Bergen facilitates international cooperation, including with partners in countries with different values or political systems than our own. At the same time, we are committed to ensuring that such cooperation is conducted responsibly. This can apply to delegation visits, academic guest stays, institutional visits, professional interactions on campus, or international research visits more generally. Such foreign delegations and guests are a very important part of UiB's international cooperation, but they can also increase risks associated with:

• Access to technology or research data that should be protected or is subject to export/sanctions control
• Knowledge transfer to actors linked to foreign states' military or intelligence programs
• Breaches of information security requirements

Therefore, we have some advice and recommended procedures that you can read about here.

When Might a Visit Require a Risk Assessment?

Most short and professionally limited visits that take place in ordinary meeting- and teaching rooms, and that occur within the framework of established and anchored cooperation, do not require special measures. However, you should consider further if:

• The visit involves access to laboratories, data centers, or other research infrastructure
• There is a planned discussion of technology, research data, or material that may be sensitive
• Visitors come from, or have strong ties to, countries where export control and sanctions regulations may be particularly relevant
• Visitors come from countries that are regularly mentioned in open threat assessments
• You are unsure whether the visit may pose a risk

The goal of recommending an additional assessment is not to limit international cooperation but to ensure that it occurs in a conscious and informed manner. We should continue to be open and accessible to professional partners – even from countries with different systems and interests than our own. At the same time, we must be vigilant and assess risks where relevant, so that academic freedom and trust are not undermined.

Checklist/Practical Advice

Involve the department or faculty leadership when planning visits with potential risks. Document, among other things:

• Is this part of an established project or a new initiative?
• Who invited them, and what is the professional program?
• Who has hosting responsibility at UiB – and who has the professional ownership?

Document who is coming, the purpose of the visit, and which premises or activities are involved:

• Will they enter laboratories, data centers, ICT rooms, or other places with physical or digital access?
• Is there a plan to discuss technology, research results, or share data/material?
• Will they give presentations? Is it relevant to provide them with information in advance?

Be clear about what access is granted – and what is not shared:

• What will they have access to physically or digitally?
• Is any of this sensitive?
• Is there national or institutional risk associated with the country of origin or the institution the guest comes from?

Consider the need for escort, limited ICT access, or enhanced access control:

• Limit access to certain buildings or networks (Remember to update access on loan cards before handing them out to new guests)
• Do not grant access to research infrastructure or data without prior agreement
• Escort visitors to and from meeting rooms

See information about equipment and premises on sikresiden.no

What Should You Do If You Are in Doubt?

Contact the AIS team (Responsible International Cooperation) as early as possible in the planning process. We assist with the assessment of ethical, professional, and security aspects of international cooperation, including planned visits. We emphasize dialogue and support, not control, as well as proportional measures tailored to risk and purpose.

We base our assessments on the following:

• HK-dir's guidelines for responsible international cooperation
• Sikresiden.no - Crisis information online
• Export Control Regulations and associated guides
• National threat assessments (PST, E-service, and NSM)
• Policy for information security and privacy in higher education and research
• UiB's management systems for information security, privacy, and security under the Security Act
• UiB's privacy portal
• Experiences from other Norwegian universities