23.10.2019 | KPMG Law Insights

Dual Use: On the Handling of Security-Relevant Research

Dual Use: On the Handling of Security-Relevant Research

The constitutionally guaranteed freedom of research is an essential basis for social progress and prosperity. Art. 5 par. 3 Basic Law (GG) gives scientists the right to find and work on scientific questions independently. But where does this freedom find its limits? The keyword “dual use” is interesting here. It describes the problem of the double use of research results – for peaceful, but also harmful purposes. In almost all fields of science, research results open up great opportunities, but at the same time also possibilities for abuse. Technological progress as a “two-edged sword”.
For example, the discovery of nuclear fission was followed by the construction of atomic bombs – the destructive potential of this technological advance was demonstrated by the attacks in Hiroshima and Nagasaki. Although this example is probably one of the most memorable, it is far from the only one. For example, results from materials research and nanotechnology could be used to develop offensive weapons, Big Data analyses of social behavior on the Internet could be misused for totalitarian surveillance, or research into protection against computer viruses could give rise to new forms and promote their spread. In 2012, research showed how easily avian flu viruses could be transmitted to mammals via the air through a few genetic modifications. As a result, a debate broke out worldwide about the responsible use of research results.
Today, advances in information technology and artificial intelligence in particular are viewed critically against the backdrop of the dual-use problem. For example, Big Data analytics could on the one hand make the power supply more stable and secure with the help of reports on capacitors or substations that are in danger of failing, but on the other hand this could also be misused by attackers to paralyze the entire power supply. Artificial intelligence can be used to develop self-driving cars, as well as autonomous, armed drones.
The debates on “dual use” primarily address the questions of who bears responsibility for the consequences of new developments and how progress can be shaped ethically.

Recommendations “Freedom of Science and Responsibility for Science
The Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) and the Leopoldina (National Academy of Sciences) have responded to the dual use problem by jointly publishing recommendations on “Scientific Freedom and Scientific Responsibility” in June 2014. The recommendations focus on self-regulation to address the tension between scientific freedom and the risk of misusing results for harmful purposes.
At the same time, the so-called “Joint Committee on Handling Security-Related Research” (GA) was established in March 2015 for a period of three years and extended in March 2018 for an initial period of three more years. The committee consists of twelve scientists, meets at regular intervals and is tasked with implementing the recommendations developed. The GA is supported by the major non-university research institutions (Fraunhofer, Helmholtz, Leibniz, Max Planck) and the DFG.
The goal, he said, is to develop ethical principles as well as mechanisms for the responsible handling of research freedom and research risks. Awareness of the problem of possible misuse should be raised and researchers should be sensitized to the possibilities of counseling. In critical cases, scientists must be able to weigh the possible risks of their research and decide personally whether their research is responsible. In this context, they should not be content with the minor legal regulations, but must assume a special ethical responsibility. The research institutions would have to create suitable framework conditions for ethically responsible research for the scientists.
To implement these recommendations at research institutions and universities, the GA is advancing the establishment of “Committees for Ethics in Security-Related Research” (KEFs). Last year in August, there were already 71 KEFs reported and over 100 contacts for dealing with security-related research at research institutions. The KEFs are to advise researchers in critical cases.
As of March 2018, the DFG has included dual use in its grant application guidelines. In it, applicants are asked to review their project for possible risks and to comment, as well as to involve the KEF that exists at the university, if necessary.

“Dual use” in universities
According to the DFG and Leopoldina, researchers could only make an appropriate assessment of security-relevant research if they understood the problem of dual use and were aware of the potential dangers. To this end, students at universities should already be sensitized to the topic. Depending on the stage of their studies (bachelor’s, master’s, doctoral), basic through overview courses or more in-depth on specific risks of their own subject. The Conference of Biology Departments would like to see graduates who are able to review their research projects for risks based on ethical, economic, and legal evaluation standards and to observe due diligence and organizational obligations such as risk assessment, safety aspects, and protective measures.
In five of the 16 German states, a reference to the importance of security-related research has already been integrated into the university state laws (Bremen, Hesse, Lower Saxony, Schleswig-Holstein, Thuringia), and the topic is also increasingly finding its way into the curricula of universities. For example, the University of Tübingen offers the compulsory module “Ethics” in the Bachelor’s degree program in Biology, the University of Hamburg offers “Biomedical Ethics” in the degree program “Molecular Life Science”, and the TU Hamburg-Harburg offers a wide range of seminars on topics such as “Acting Responsibly in Technology and Science”, “Ethics for Engineers” and “Technology Assessment (TFA) and Technology Genesis Research”.

The civil clause
Other universities and colleges have already reacted to the problem and incorporated so-called civil clauses into their basic regulations. With such a clause, the research institution undertakes to conduct research exclusively for civil – i.e. peaceful – purposes. Universities that have such a clause include, for example, the Technische Universität Berlin, the Westfälische Wilhelms-Universität Münster and the Georg-August-Universität Göttingen. Until the recent reform of the Higher Education Act in NRW, the law also contained a civil clause that was binding throughout the state. However, the reform removed this from the Higher Education Act and left the decision back to the research institutions themselves.
The introduction of civil clauses is frequently debated, and a number of research institutions reject such a clause on the grounds that they only conduct research in the civil sector anyway. Proponents of such a clause, on the other hand, argue that many supposedly peaceful areas of research could also be transferred to military use. However, the civil clause reaches its limits when it comes to evaluating security-related research without a military character. In addition, some research institutions also feared the loss of corporate collaborations if such a clause were introduced.
The University of Marburg, for example, rejects the introduction of a civil clause because it considers security-related research to be particularly well accommodated at universities due to the prevailing pluralism. Indeed, unlike the military or industry, research at universities would not take place in secret. Instead of a civil clause, the university introduced a “Research and Responsibility” commission, which advises researchers on a voluntary basis and makes recommendations instead of bans.

Federal Government and European Union
Due to the debate on the research results on the avian influenza viruses, the German government commissioned the Ethics Council in 2012 to issue a statement on the topic of biosafety and freedom of research. These should primarily pursue the question of whether the existing legal regulations and codes of conduct are sufficient. In its statement, the Ethics Council then recommended the introduction of measures to raise awareness of the problem and the establishment of a central commission to which researchers should turn for advice if they wish to receive funding for their potentially security-relevant research project. The decision on possible funding should then only be made after this commission has issued an opinion. In 2015, Die Grünen subsequently submitted a motion to implement the measures recommended by the Ethics Council. However, this was rejected by the CDU/CSU and SPD. Since then, the work of the GA in particular has been monitored and, on the basis of this, regular checks have been carried out to determine whether additional statutory regulations might be necessary.
The European Union is also no stranger to dealing with the dual use problem. In 2009, the so-called Dual-Use Regulation established common licensing requirements and procedures for all EU member states when exporting dual-use goods, e.g. certain chemicals, machinery, technologies and materials, but also software. The competent authority for issuing export licenses in Germany is the Federal Office of Economics and Export Control (BAFA).
Negotiations are currently underway to amend the ordinance. Among other things, it is planned to also subject non-listed dual-use goods to export controls in the event of suspicion, especially in the case of sales to countries in which human rights and democracy are disregarded. Such goods could be, for example, surveillance technologies that could potentially interfere with the rights of citizens, such as the free work of journalists or of opposition activists. Criticism of the proposed changes is that they could make export bans unpredictable. In addition, this would result in additional bureaucracy for companies. The outflow of know-how from the EU is also a possible consequence.
The amendment of the regulation could also further focus on research regarding dual-use issues.

Despite all efforts, it is questionable whether researchers will ever be able to recognize all conceivable risks in their research. Results of research projects and all conceivable future uses are hardly predictable. However, it is important that researchers and research institutions are made more aware of this issue and that they have institutions to turn to in cases of doubt. Universities should create binding frameworks and processes for this. The authors of this newsletter have already advised the first universities on this.
Even if the majority of KEFs are still in the process of being established and they are far from being established in all research institutions, it is at least a step in the right direction to focus on a responsible approach to research and its results. Equally positive is the increasing integration of the topic in the curricula of universities, so that students are already becoming aware of their responsibility as future scientists.
As sensible as it may be to combine measures for self-regulation with legal regulations, it must not be forgotten not to curtail the fundamental right of freedom of research too much. Because research that is omitted can also pose safety risks and disadvantages for humans. For example, an important vaccine or curative therapy could go undetected because of the potential for misuse. Ultimately, therefore, it is again a matter of weighing up the freedom of research and its opportunities on the one hand and the possible risks for humans, animals and the environment on the other.
One thing can be taken away from the problem without a doubt: It is essential for research institutions to protect their data and research results with appropriate security measures. This goes from employee reviews, to lab security, to cyber security. It should be possible to prevent unauthorized third parties from gaining access. We will be happy to support you in introducing suitable security measures and associated processes.

Explore #more

22.05.2024 | KPMG Law Insights

The AI Act is coming: EU wants to get a grip on AI risks

For many people, artificial intelligence (AI) is the great hope for business, healthcare and science. But there are also plenty of critics who fear the…

17.05.2024 | KPMG Law Insights

Podcast series “KPMG Law on air”: When the family business is to be sold

Around 38,000 family businesses are currently handed over each year. In most cases, the change of ownership takes place within the family. But more and…

03.05.2024 | KPMG Law Insights

Doubts about inability to work? What employers can do

The certificate of incapacity for work (AU certificate) serves as proof of incapacity for work due to illness. However, only if the certificate meets certain…

29.04.2024 | KPMG Law Insights

Agreement on ecodesign regulation: products to become more sustainable

After lengthy negotiations, the Council and Parliament of the European Union reached a provisional agreement on the Ecodesign Regulation on the night of December 5,…

27.03.2024 | KPMG Law Insights

EU Buildings Directive: life cycle greenhouse potential becomes relevant

On March 12, 2024, the EU Parliament approved the amendment to the EU Buildings Directive. The directive obliges member states and, indirectly, building owners and…

19.03.2024 | Business Performance & Resilience, KPMG Law Insights

CSDDD: Provisional agreement on the EU Supply Chain Directive

The EU member states agreed on the CSDDD, the EU Supply Chain Directive, on March 15, 2024. Germany abstained from the vote. Negotiators from the…

21.02.2024 | KPMG Law Insights, KPMG Law Insights

The Digital Services Act – what does it mean for companies?

The Digital Services Act (DSA) is a key component of the EU’s digital strategy and came into force on November 16, 2022. As a regulation,…

15.02.2024 | KPMG Law Insights

Data compliance management: How to implement it in practice

Part 3 of the article series “Professional tips for data compliance management”   The third part of this series of articles deals with data compliance

14.02.2024 | Business Performance & Resilience, PR Publications

Guest article in ZURe: Monitoring the implementation of the LkSG

The current issue of ZURe (p. 20 ff.) contains a guest article by KPMG Law Partner Thomas Uhlig (Head of General Business and Commercial Law),…

09.02.2024 | KPMG Law Insights

Podcast series “KPMG Law on air”: The employment law function

In almost all German companies, the employment law function is located in the HR department and not in the legal department. One of the reasons…

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit

 KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.