Implementation of “Countering Foreign Influence Program” for Scientific Research Funded by DARPA

March 18, 2022
4 minutes

Over the past three years, the U.S. Congress has directed the Defense Advanced Research Projects Agency (“DARPA”), the research and development agency of the U.S. Department of Defense, to secure its funded research from undue influence by foreign governments through the establishment of an initiative and relevant policies.1 In accordance with its congressional mandate, the U.S. Department of Defense initially circulated a memo in March 2019 directing its award managers and other award-related personnel to collect information related to the other funding of Senior/Key Persons of DARPA-funded research in order “to limit undue influence” from “countries that desire to exploit [the] United States’ technology,” including from within the U.S. Department of Defense’s “research, science and technology, and innovation enterprise.”2 More recently, DARPA implemented a “Countering Foreign Influence Program” (“CFIP”), which, by using a risk algorithm, assesses the level of risk posed by a DARPA researcher’s relationship with a foreign institution.3 Despite a perhaps declining prosecutorial appetite to bring undisclosed foreign funding charges against individual scientists,4 DARPA’s risk algorithm serves as a reminder that the disclosure of foreign relationships, commitments, and funding is still a key factor for federal funding agencies in awarding grants and contracts. Accordingly, research institutions should be mindful of having proper policies and procedures in place to ensure that faculty are properly disclosing all foreign (as well as domestic) funding and relationships when applying for federal funding of research activities.

DARPA CFIP Algorithm

DARPA first announced CFIP in a memorandum to its staff and contractors on September 17, 2021, stating that the newly established “undue foreign influence risk assessment” process reviews, weighs, and scores all information disclosed in funding applications, with a specific focus on the Senior/Key Person’s activities from the past four years. In particular, CFIP analyzes the Senior/Key Person’s:

  1. Participation in a foreign talents program;
  2. Relationship with an entity on the U.S. Government’s denied entity or person list, an entity sanctioned by the United States pursuant to the November 12, 2020 Executive Order 13959, or an entity included in similar issuances;
  3. Receipt of funding from “a foreign government or a foreign government-connected entity of a strategic competitor or [a country with a history of targeting U.S. technologies];” and
  4. Relationship with a “high-risk foreign government, or foreign government-connected, institution or entity.”5

Notably, disclosures related to any one of the factors assessed by CFIP alone do not per se disqualify a researcher from DARPA funding.6 However, “depending on the amount, type, and timing of foreign associations or affiliations that could constitute a foreign-influenced Conflict of Interest or Conflict of Commitment,” a funding application will receive one of four scores: (i) Low risk; (ii) Moderate risk; (iii) High risk; or (iv) Very High risk.7 The score awarded to the funding application determines what steps, if any, must be taken in connection with the application to mitigate or eliminate the potential conflict.

An application with a Low risk or Moderate risk8 score presents a minimal foreign influence risk, and therefore does not require any further action by a funding applicant.

An application with a High risk score indicates past or recent relationships with high-risk foreign governments or foreign government-connected institutions or entities, and thus the applicant is regarded as potentially presenting a foreign influence risk. A funding application with a Very High risk score indicates that the Senior/Key Person has an active or ongoing relationship with a high-risk foreign government or foreign government-connected institutions or entities and thus presents a serious foreign influence risk.

If the application is scored as High risk, then DARPA may require the applying research institution to prepare a plan to address and mitigate the potential risk, such as remove the Senior/Key Person from the funding application. If the application is scored as Very High risk, then a risk mitigation plan must be prepared by the applying research institution. After a mitigation plan is shared, CFIP re-evaluates the foreign influence risk of the funding application. If the risk mitigation plan brings the risk down to a Low or Moderate rating, then DARPA may proceed with the award or, if DARPA decides to proceed with the award notwithstanding the High risk or Very High risk designation, then the DARPA Deputy Director must document a risk acceptance decision. Alternatively, DARPA may ultimately decide not to award the grant or contract if, after concluding negotiations with the research institution, DARPA finds that the proposed mitigation affects DARPA’s confidence in the proposer’s capabilities (e.g., the newly proposed Senior/Key person is not sufficiently qualified) or the participation of the Senior/Key Person, despite the mitigation, still poses a High or Very High risk, and that risk is unacceptable to the agency.


While the DARPA CFIP risk-based algorithm is limited to DARPA-funded research, it provides insight and transparency into how federal funding agencies may view and weigh a researcher’s past and present foreign relationships, and we expect to see similar types of guidance from other funding agencies as the agencies begin to implement National Security Presidential Memorandum 33 (NSPM-33) with respect to government-supported research.9 In the interim, research institutions may consider using the DAPRA CFIP risk-based algorithm (i) as an internal guide to assist with developing their own conflict of interest and other disclosure-related research policies and procedures; and (ii) as a tool to weigh the foreign influence risk of affiliations, interests and potential conflicts disclosed by an institution’s researchers. Please consult your usual Ropes & Gray attorney for further guidance on evaluating potential foreign influence concerns.

  1. William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, Pub. L. 116-283, §§ 223, 1062, 1299C, 1286, 1260H, 134 Stat. 3388 (2021); National Defense Authorization Act for Fiscal Year 2020, Pub. L. 116-92, § 1281, 133 Stat. 1198 (2019); John S. McCain National Defense Authorization Act for Fiscal Year 2019, Pub. L. No. 115-232, § 1286, 132 Stat. 1636 (2018).
  2. U.S. Dept. of Def., Memorandum for Actions for the Protection of Intellectual Property, Controlled Information, Key Personnel and Critical Technologies (March 20, 2019), available at
  3. DARPA, Risk-Based Measures to Assess Potential Undue Foreign Influence Conflicts of Interest or Conflicts of Commitment (Dec. 1, 2021), available at
  4. U.S. Dep’t of Justice, Assistant Attorney General Matthew Olsen Delivers Remarks on Countering Nation-State Threats (Feb. 23, 2022),
  5. DARPA, Risk-Based Measures to Assess Potential Undue Foreign Influence Conflicts of Interest or Conflicts of Commitment (Dec. 1, 2021), available at
  6. DARPA, Countering Foreign Influence Program (CFIP) (Jan. 19, 2022), available at
    ; DARPA, Countering Foreign Influence Program (CFIP) Frequently Asked Questions (FAQ) Questions 10 & 11 (Dec. 1, 2021), (noting that co-authorships with foreign institutions are not included in the factors).
  7. Def. Advanced Rsch. Projects Agency, Memorandum for DARPA Staff and Contractors on the DARPA Countering Foreign Influence Program (Sept. 17, 2021), available at
  8. The September 17, 2021 DARPA Memorandum includes a combined risk category of “Low or Moderate”; however, the latest version, which was last updated on December 1, 2021, includes separate risk categories of “Low” and “Moderate.” Id.; DARPA, Risk-Based Measures to Assess Potential Undue Foreign Influence Conflicts of Interest or Conflicts of Commitment (Dec. 1, 2021), available at DARPA stated that, after the agency published the September 2021 rubric, the agency hosted a series of engagements and updated the rubric based on feedback it received. DARPA, Countering Foreign Influence Program (CFIP) Frequently Asked Questions (FAQ) Question 4 (Dec. 1, 2021),
  9. Nat’l Sci. & Tech. Council, Guidance for Implementing National Security Memorandum 33 (NSPM-33) on National Security Strategy for United States Government Supported Research and Development: A Report by the Subcommittee on the Research Environment 1 (Jan. 2022), available at (“Agencies should incorporate measures that are risk-based, in the sense that they provide meaningful contributions to addressing identified risks to research security and integrity and offer tangible benefit that justifies any accompanying cost or burden.”); see also Recommended Practices for Strengthening the Security and Integrity of America’s Science and Technology Research (Jan. 2021),; Presidential Memorandum on United States Government-Supported Research and Development National Security Policy (Jan. 14, 2021), available at