The bill amends section 302 of the Homeland Security Act of 2002 to require the Under Secretary for the Science and Technology Directorate to develop, with relevant agency officials, a Department-wide policy and process to prevent unauthorized access to or disclosure of sensitive information in DHS research and development acquisitions. It also directs the Government Accountability Office to report within one year on DHS compliance with National Security Presidential Memorandum–33 (NSPM–33) and the National Science and Technology Council’s 2022 guidance, and it requires a congressional briefing within 90 days describing the policy development.
This matters because it converts Presidentially issued research-security guidance into explicit statutory duties for DHS, places the S&T Directorate at the center of intra-Department research-security coordination, and creates near-term oversight checkpoints. The change will shape contracting and grant practices, vetting of collaborators, and how DHS balances openness with national-security protections across its R&D portfolio.
At a Glance
What It Does
The bill adds paragraph (15) to 6 U.S.C. 182, directing the S&T Under Secretary to create a DHS-wide policy and process to safeguard sensitive information in research and development acquisitions. It requires a GAO report within one year assessing DHS compliance with NSPM–33 and NSTC 2022 guidance, and it mandates a departmental briefing to relevant congressional committees within 90 days.
Who It Affects
Primary targets are the S&T Directorate, DHS component program managers, acquisition and grants offices, contractors and academic partners participating in DHS-funded R&D, and DHS personnel responsible for handling sensitive information. It also implicates agencies that set research-security norms (e.g., NSF, OSTP) and the intelligence community when disclosure issues arise.
Why It Matters
The bill moves research-security expectations from guidance into statute for DHS, which can change acquisition clauses, eligibility for awards, and internal reporting lines. For compliance officers and contracting officers, this creates new statutory responsibilities and near-term reporting deadlines that will drive administrative and technical changes in how DHS manages collaborative research.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
At its core the bill makes one clear change inside the Homeland Security Act: it gives the Under Secretary for the Science and Technology Directorate a statutory duty to design a Department-wide policy and operational process that prevents unauthorized access to or disclosure of sensitive information tied to DHS research and development acquisitions. The statute frames the responsibility as a coordination task — the Under Secretary must work with “appropriate agency officials” — which signals the intention to align component offices and make the S&T Directorate the central node for policy and process development.
The bill pairs that new duty with two fast oversight steps. First, it compels the Government Accountability Office to deliver a report within one year that evaluates how DHS has implemented NSPM–33 and the NSTC’s 2022 implementation guidance.
The report must examine disclosure reporting to executive agencies (including channels into the intelligence community), alignment with guidance from NSF, OSTP and others, and the S&T Directorate’s role in shaping a Department-wide framework. Second, the bill requires the Secretary to brief the House and Senate homeland-security committees within 90 days on the policy-development effort, creating an early check on whether DHS is moving from intent to executable procedures.Practically, the statute does not prescribe the content of the policy beyond preventing unauthorized access or disclosure; it leaves substantive design choices — what counts as “sensitive” for different research lines, technical controls, personnel vetting, and contract language — to DHS leadership.
The bill likewise does not appropriate funds or establish penalties for noncompliance. Those absences mean implementation will depend on DHS resource allocation, inter-component cooperation, and subsequent internal directives that translate the statutory duty into specific acquisition clauses, vetting routines, and data-handling standards.
The Five Things You Need to Know
The bill amends 6 U.S.C. 182 by adding paragraph (15), directing the S&T Under Secretary to develop a Department-wide policy and process to safeguard sensitive information in R&D acquisitions.
GAO must deliver a report to House and Senate homeland-security committees within one year assessing DHS’s compliance with NSPM–33 and the National Science and Technology Council’s 2022 implementation guidance.
The GAO report must address (A) how DHS complies with NSPM–33 disclosure requirements and reports violations to executive agencies and the intelligence community, (B) DHS coordination with NSF, NSTC, OSTP and other agencies on federal research-security guidance, and (C) the S&T Directorate’s role in a Department-wide research-security framework.
The Secretary of Homeland Security must brief the House and Senate homeland-security committees within 90 days after enactment on the development of the new policy and processes required by the statute.
The bill sets no dedicated funding, no implementation deadlines for the policy itself, and does not create civil or criminal penalties for violations, leaving execution and enforcement to DHS management and future rulemaking or contracts.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Short title
Formalizes the public name of the statute as the "Research Security and Accountability in DHS Act." This is purely stylistic but establishes how the law will be cited in future DHS and congressional materials.
Creates a statutory research-security duty for S&T
This paragraph inserts a new paragraph (15) into section 302 of the Homeland Security Act, assigning the Under Secretary of S&T the duty to develop a Department-wide policy and process to protect R&D acquisitions from unauthorized access or disclosure. The practical effect is to centralize responsibility for aligning component practices under S&T’s leadership; components will likely need to adopt consistent definitions, clauses, and technical standards once the policy is produced.
Mandates a one-year GAO assessment of NSPM–33 and NSTC guidance compliance
GAO must report to the House and Senate homeland-security committees within one year on DHS adherence to NSPM–33 and the NSTC’s 2022 implementation guidance. The statute specifies three report elements—disclosure reporting mechanics to other executive agencies and the intelligence community, coordination with agencies setting research-security norms (NSF, OSTP, NSTC), and the S&T Directorate’s role—forcing GAO to evaluate both policy alignment and operational channels for reporting security concerns.
Requires a 90‑day briefing on policy development
The Secretary must provide a briefing to key congressional committees within 90 days that explains how DHS is developing the policy and process required by the new paragraph (15). This quick briefing window creates an early oversight point to assess whether DHS is translating the statutory duty into a concrete plan and identifies near-term deliverables or gaps before GAO’s one-year assessment.
This bill is one of many.
Codify tracks hundreds of bills on Science across all five countries.
Explore Science in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- DHS program managers running high-risk R&D (biotech, AI, cyber) — gain a single Departmental policy to guide protective measures and reduce component-by-component variance in security expectations.
- Intelligence and national-security partners — benefit from clearer disclosure and reporting channels required by the GAO’s mandated review of NSPM‑33 compliance, which should improve situational awareness for sensitive disclosures tied to DHS-funded research.
- Contractors and applied-research organizations with mature security programs — get greater predictability if DHS adopts standardized requirements, making compliance investments more reusable across DHS awards.
Who Bears the Cost
- S&T Directorate and DHS component acquisition offices — must allocate staff time and program resources to design, coordinate, and implement the new policy absent dedicated appropriations.
- Contractors, universities, and research partners — may face new compliance obligations (technical controls, personnel vetting, reporting) that increase project overhead, particularly for small firms and academic labs without existing research-security infrastructure.
- DHS grants and contracting officers — will likely need to draft and manage new contract and award clauses, monitor compliance, and possibly re-negotiate ongoing awards to conform to Department-wide standards, increasing administrative burden.
Key Issues
The Core Tension
The central dilemma is protecting national-security-sensitive research while preserving the collaborative, open environment that accelerates scientific progress: imposing Department-wide security standards reduces leakage risk but may slow collaborations, raise costs for small research partners, and chill the open exchange of ideas that underpins innovation.
The bill creates a statutory duty but leaves major design choices to DHS. It does not define key terms such as “sensitive information” for different research domains, prescribe technical controls, or specify how to balance classified-handling procedures with open-science expectations.
That gap hands significant discretion to the Under Secretary, which can speed tailoring to mission needs but also risks inconsistent interpretations across components if coordination falters.
Another implementation tension is resourcing: the statute imposes near-term oversight (a 90‑day briefing and a one-year GAO report) but provides no funding or staffing mandates. DHS will have to absorb the costs of policy development and subsequent operational changes within existing budgets, potentially diverting resources from programs or leaving the policy under-resourced.
Finally, the bill tightens the compliance perimeter without establishing enforcement mechanisms or interagency dispute resolution procedures, raising questions about how DHS will handle conflicts with academic norms, export-control regimes, or competing federal guidance.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.