Services

Export Control, Sanctions and Research Security Policy

The Policy outlines Aalto's stance on export control, sanctions, and research security, and assign tasks to certain members of the Aalto community. The Policy aims to ensure that Aalto University and Aalto community members comply with laws regarding export control and sanctions, and that situations compromising research security are noticed and addressed at Aalto University. The Policy covers all entities forming the Aalto University Group. Such entities are comprised of Aalto University Foundation sr and its directly or indirectly controlled subsidiaries.

Laboratory scene with microscope, periodic table, test tubes and dropper.

Loading table of contents

This Policy has been decided by Aalto University President, D/5542/00.01.06.06/2025.

1 Overview and Purpose

This document is the Policy for Export Control, Sanctions and Research Security (“Policy”) of Aalto University (“Aalto” or “University”).

Aalto University Code of Conduct requires compliance with all laws and regulations. This Policy has been adopted under the Aalto University Code of Conduct. Breach of export control and sanction laws also constitutes a breach of the University's Code of Conduct.

The purpose of this Policy is to ascertain that Aalto, or any member of its community, does not contribute to potentially dangerous or illicit activities by breaching export control and sanction laws. Furthermore, this Policy strives to further strengthen research security at Aalto and to ascertain that the undesired activities compromising research security are duly identified and mitigated. The objective of this Policy is not to censor scientific research or curtail academic freedom as protected by Finnish law. The Policy aims to strengthen responsible internationalisation for the benefit of all members of the Aalto community.

In implementing this Policy, situations may arise where it is necessary to balance considerations related to, on the one hand, export control, sanctions, and research security, and on the other hand, other important considerations such as academic freedom and non-discrimination. At all times, Aalto will act in a fair and justifiable manner that is compliant with the Finnish law.

2 Scope

2.1 People aspect – to which persons this Policy is addressed

This Policy is addressed to all members of the Aalto community. Members of the Aalto community entail any University employee irrespective of employee group or organizational status (including academic staff and service staff), any professor emeritus/emerita (if agreement on a professor emeritus/emerita position is valid), any student enrolled in any program at University (including undergraduate and postgraduate studies) and any academic visitor (whenever such visiting person is affiliated with University on account of the academic visit). Also the employees of the subsidiaries referred to in section 2.2 are considered members of the Aalto community.

2.2 Organizational aspect – to which legal entities this Policy is addressed

This Policy covers all entities forming the Aalto University Group. Such entities are comprised of Aalto University Foundation sr and its directly or indirectly controlled subsidiaries.

In entities where Aalto has a non-controlling interest (associate companies and spinoff entities), Aalto expects that such entities remain compliant with applicable export control and sanction laws.

2.3 Law aspect – which legislation this Policy focuses on

This Policy focuses on compliance with applicable mandatory legislation in force for export control of dual-use items, export control for military items and sanctions (also known as restrictive measures). This Policy also focuses on research security that is governed by the Council recommendation on enhancing research security on the EU level.

3 Explanation of Key Terms

Key term	Explanation
Controlled items	Items that are controlled (a) because they qualify as dual-use items or military items, or (b) because of circumstances in which otherwise non-controlled items become controlled on account of applicable sanctions regime (for example, exporting an item or providing technical assistance to or for use in Russia or Iran in contravention to EU sanction programs imposed against the respective country).
Dual-use items	Tangible (equipment, materials, components) or intangible (computer software or specific information known as technology) items which can be used for both civilian and military purposes.
Due Diligence	Overall concept for obtaining reliable information about Aalto’s collaboration partners and contemplated activities, and systematically utilizing such information in the prudent decision-making on the part of Aalto concerning the possibility to collaborate with a partner, commence an activity or otherwise enter into a contractual relationship with a third-party. Aalto assumes risk-based approach to due diligence. Due diligence processes in force in Aalto from time to time are subject to another set of Aalto guidelines that this Policy refers to. Informal or non-institutional collaboration falls under academic freedom and such collaboration is not typically subject to due diligence by Aalto.
Export Control	Legal measures intended to contribute to international peace and security, and to prevent proliferation of weapons of mass destruction and their delivery systems, strengthening of undesired military capabilities or commissioning of internal repression and other violations of human rights
Military items	Items that are specially designed or modified for military use. Expectation that a military item will be generated or otherwise handled by members of the Aalto community in activities typically taken by Aalto or that members of the Aalto community otherwise become caught by export control rules for military items is typically low but cannot be excluded.
Research security	Anticipating and managing risks related to: (a) the undesirable transfer of critical knowledge and technology that may affect the security of the EU and its member states; (b) malign influence on research where research can be instrumentalised by or from third countries in order to inter alia create disinformation or incite self-censorship among students and researchers infringing academic freedom and research integrity in the EU; (c) ethical or integrity violations, where knowledge and technologies are used to suppress, infringe on or undermine EU values and fundamental rights.
Sanctioned or designated parties	Entities or individuals designated by the authorities on sanctions lists relevant to Aalto. Depending on designation, and other circumstances of the case, there is a range of restrictions having the effect of limiting or altogether excluding collaboration between Aalto and sanctioned parties
Sanctions (restrictive measures)	Legal measures intended to bring about a change in bad or harmful policies or activities by targeting countries, organisations and individuals responsible for such policies or activities. Foremost examples of sanctions are sectoral sanctions imposed against a particular country (e.g. export restrictions against Russia) or personal sanctions designating entities or individuals (for the latter please see above).

4 Compliance Statement for Export Control and Sanctions

Aalto recognizes the importance of all export control and sanction laws relevant to its activities and Aalto is committed to complying with such laws. Aalto will not engage in any activities prohibited by such export control and sanction laws or allow that any member of the Aalto community engages or, after Aalto has become informed on the matter, continues its engagement in such prohibited activities. To this end, in a balanced and proportionate manner, Aalto will:

a) have procedures in place for assessing whether export control or sanction considerations apply for University’s respective activities;

b) offer information and training to facilitate that all members of the Aalto community, depending on their tasks, position or other relevant factors such as research discipline, are adequately aware of export control and sanction considerations and how such considerations are applied to their respective work;

c) require that in circumstances where export control or sanction laws impose an obligation to acquire a license for a particular activity no such activity shall be undertaken or continued by any member of the Aalto community in the absence of a valid license or contrary to the conditions of the license received. The ultimate decision to apply, or not to apply, for a license will be taken in each case solely by University’s Management in accordance with this Policy;

d) proactively manage University’s licenses under export control and sanctions laws and the use of general export authorisations, as well as the applications for the licenses; and

e) implement and develop internal compliance program to facilitate compliance with relevant laws, licenses, end-user certificates and the provisions of this Policy.

University expects that each member of the Aalto community supports the above commitment by assuming responsibility for the respective obligations under this Policy commensurate with individual member’s tasks and position or other relevant factors such as research discipline. Therefore, it is the responsibility of each member of the Aalto community to comply with the export control and sanction laws, the provisions of this Policy as well as any written instructions and procedures issued by University from time to time.

5 Guidance on Research Security for All Members of the Aalto Community

Aalto recognizes the importance of research security to the prosperity of the Aalto community and the reputation of Aalto among its stakeholders. All members of the Aalto community are entitled to expect an environment that fosters research security. Aalto takes measures to maintain and enhance research security. Each member of the Aalto community is encouraged to

a) be aware of and recognize the importance of research security as an integral factor for prosperity of the Aalto community; and

b) be in contact with the supervisor, or the Compliance Officer in the event the respective member of the Aalto community becomes aware of, or has reasons to believe that there are, concerns with research security.

Each member of the Aalto community is obliged to comply with any written instructions and procedures issued by University from time to time regarding research security.

6 Risk-based Approach Employed by Aalto

Aalto employs risk-based approach to compliance with export control, sanctions and research security. Also ethical considerations, alignment to Aalto’s values and strategy, and Aalto’s exposure to reputational risks are factors in the risk-based approach employed by Aalto. From time to time, Aalto assesses the risk profile of its various activities and implements balanced and proportionate due diligence measures based on the perceived risk exposure and other relevant factors. Aalto engages in various activities fostering compliance such as keeping relevant information and support from subject-matter experts available to all members of the Aalto community and awareness raising. Furthermore, Aalto also carries out screening of prospective and current contractual counterparties for identification of sanctioned parties and other risks, classification of items to determine whether they are controlled items, and developing other capabilities needed in the prudent management of an internal compliance program for export control, sanctions and research security. Aalto will issue from time to time more detailed instructions and procedures in matters related to this Policy.

Aalto has grouped its activities relevant for this Policy to the areas described in the below table.

AREA	EXPLANATION
Research	Institutional and non-institutional collaboration as well as all forms of jointly or externally funded research undertaken at Aalto by members of the Aalto community. Research may also entail educational activities as typically doctoral programs are mixture of educational and research activities. In this Policy, institutional collaboration refers to types of formal collaboration between Aalto and other institutions characterized by an agreement, whether legally binding or non-binding, being made between the participating institutions, and non-institutional collaboration refers to types of informal exchanges that take place mostly at the level of individual researchers and are not based on an agreement between the institutions to which the researchers are affiliated. Under academic freedom, non-institutional collaboration between members of the Aalto community and persons affiliated with other institutions may be carried out without any agreements being made between Aalto and the other institutions, and without Aalto being informed of such collaboration. However, all members of the Aalto community engaging in non-institutional collaboration remain under the obligation to comply with the export control and sanctions laws, as well as other applicable statutes and regulations. With academic freedom comes academic responsibility, and all members of the Aalto community engaging in non-institutional collaboration are encouraged to seek advice, when needed, on the subject matter of this Policy from persons referred to in section ‘Contacts’ below. Research funders may set their own requirements for compliance with export control, sanctions and research security. Such requirements are additional to the requirements imposed by Aalto under this Policy, and they shall be complied by Aalto and respective members of the Aalto community unless, in an exceptional situation, compliance with a research funder’s requirements would cause the breach of Finnish law or Aalto’s Code of Conduct.
Education	Activities related to student admission, and studies at bachelor and master level, and in Life Wide Learning (LWL).
Academic Partnerships and Corporate Collaboration	Aalto’s institutional cooperation with universities, research institutions, other higher education institutions and companies for furtherance of research, artistic activities or education either under two-party agreements or under multiparty agreements. For the sake of clarity, research project consortium agreements, agreements for contract research and other agreements made in connection with individual research projects are not considered to fall under this area.
Sale of Assets	Sale or another disposal of Aalto’s assets to third parties whether tangible or intangible, or whether movable or fixed. For the sake of clarity, transfer of Aalto’s IP assets to spinoff entities or licensees, or sale of Aalto’s shares in spinoff entities are not considered to fall under this area
Commercialization	Activities typically aimed at the creation of startup companies (spin-off entities) that will be spun out from Aalto for the purposes of commercializing Aalto-developed intellectual property. Oftentimes, these activities are funded by R2B research to business funding instrument. Also licensing out or sale of Aalto-developed intellectual property to third parties for the purposes of generating income to University will fall under commercialization. For the sake of clarity, commercialization includes also spinoff asset management.
Procurement	Purchase of goods and services by Aalto.
Access to Research Infrastructure and Premises	Granting access to third parties (natural persons who are not members of the Aalto community) and various legal persons to Aalto’s research infrastructure such as laboratories and scientific computing resources, or to Aalto’s premises.
HR	Activities related to the current employees or job applicants of Aalto and inbound academic visitors.
General support	Carrying out due diligence measures and provision of other support measures by dedicated personnel.

7 Responsibilities

Each PMT member, Group Company Managing Director and Head of Department are required to ensure that Aalto’s due diligence procedures applicable from time to time have been complied with and, when applicable, export control and sanction issues have been duly resolved in any commitments that they approve as authorized representatives of Aalto.

This chapter also sets forth the other high-level responsibilities for activities needed for the implementation and further development of Aalto’s internal compliance program regarding this Policy in the below table.

Responsibility assigned to	Description of Responsibility
President and PMT	Adopts this Policy and any changes thereto (unless the power to make changes to this Policy or part thereof is delegated to another person). Reviews periodically the risks related to this Policy arising from University’s operations and activities. Determines the issues of principal character for the University regarding this Policy. Issues written instructions and procedures regarding this Policy.
Provost and Aalto University Ethics and Values Advisory Group	Acts as an expert body and provides statements and recommendations for ethical questions, on request by the President or the members of PMT, that may arise in connection with any of the following: implementation of this Policy, fundraising, procurement and other financial activities, or domestic and international academic partnerships or corporate collaborations.
President and Partner Screening Group (PSG)	Evaluates upon request Aalto’s partners and, when needed, gives recommendation should Aalto enter into contract with a partner not evaluated green, and defines partner categories exempted from due diligence measures in accordance with Aalto’s due diligence guidelines in force from time to time. Resolves on other matters that are brought to PSG for review and decision. Evaluation of a partner by PSG, when required under Aalto’s due diligence guidelines, are considered additional requirements to those set out elsewhere in Aalto’s internal regulations and guidelines including without limitation Aalto University Group Limits of Approval Policy and Approval and signatory authority for documents related to Aalto University Research, Education and Innovation Activities that must be met before Aalto may enter into a contract with the respective partner.
Provost	Oversees that academic functions reporting to Provost comply with this Policy. Oversees that Aalto University Ethics and Values Advisory Group duly discharges its tasks. Oversees that Visiting guidelines - Inbound academic visits to Aalto is duly implemented
VP Research	Oversees that measures considered adequate for Research as well as Access to Research Infrastructure and Premises under this Policy from time to time are duly carried out. Oversees that the internal compliance program regarding research security is duly developed and implemented at Aalto. Reports to the President and PMT on the internal compliance program regarding research security (in collaboration with Director; Legal Services). Decides on acceptance or rejection for submittance of University's all license applications under export control or sanction laws to any relevant authorities. Decides on cancellation or suspension of University's or the Aalto community member's performance of a particular activity or participation therein in any of the following circumstances: catch-all situation applies, export or contemplated export of cyber-surveillance items without authorisation takes place, or there are substantiated concerns that any other breach of relevant export control or sanction laws has occurred or is about to occur. Oversees in collaboration with Director, Legal Services that proper actions are taken at University level in design and implementation of risk appraisal and other internal risk management procedures.
VP Innovation	Oversees that measures considered adequate for Commercialization (excluding spinoff asset management) under this Policy from time to time are duly carried out. Oversees that measures considered adequate for Academic Partnerships and Corporate Collaboration (regarding corporate collaboration) under this Policy from time to time are duly carried out
VP Education	Oversees that measures considered adequate for Education under this Policy from time to time are duly carried out. Oversees that measures considered adequate for Academic Partnerships and Corporate Collaboration (regarding academic partnerships) under this Policy from time to time are duly carried out.
Chief Financial Officer	Oversees that measures considered adequate for Procurement, Commercialization (spinoff asset management) and Aalto’s subsidiaries under this Policy from time to time are duly carried out. Ensures in collaboration with Director, Legal Services that General Support is adequately staffed and that persons having responsibilities for General Support duly discharge their responsibilities under this Policy.
Director, Legal Services	Oversees that the internal compliance program regarding export control, sanctions and research policy is duly developed and implemented at Aalto. Reports to the President and PMT on the internal compliance program regarding export control, sanctions and research security. Ensures in collaboration with Chief Financial Officer that General Support is adequately staffed and that persons having responsibilities for General Support duly discharge their responsibilities under this Policy. Oversees in collaboration with VP Research that proper actions are taken at University level in design and implementation of risk appraisal and other internal risk management procedures
Chief Human Resources Officer	Oversees that measures considered adequate for HR under this Policy from time to time are duly carried out.
Dean	Responsibility for academic leadership on export control, sanctions and research security matters in respective School, including responsibility to ensure appropriate levels of awareness among researchers and other staff. Ensures at the School level that sufficient support resources are allocated for the implementation of this Policy. Oversees that proper actions are taken at the School level in the design and implementation of risk appraisal and other internal risk management procedures.
Head of Department	Responsibility for academic leadership on export control, sanctions and research security matters in the respective Department, including responsibility to ensure appropriate levels of awareness among researchers and other staff. Oversees that proper actions are taken at the Department level in the design and implementation of risk appraisal and other internal risk management procedures.

Other roles and responsibilities related to this Policy are set forth in Appendix 1. Compliance Officer is authorized to provide further guidance on the matters related to Appendix 1.

8 Contacts

Contact person for this Policy is Compliance Officer. Please see Support organization for export control, sanctions and research security matters at Aalto for information on persons to contact in various matters related to this Policy.

9 Performance Reviews, Audits, Reporting and Corrective Actions

Measures taken at Aalto for the implementation of this Policy may be subject to a review by the University’s Management from time to time. The University’s Management may also order internal or external audits on case-by-case basis with regard to this Policy.

All members of the Aalto community are expected to report suspected violations of export control and sanctions laws to their respective supervisor, Compliance Officer or via Aalto's Ethical channel.

Aalto will investigate all suspected violations of export control and sanctions laws arising from its activities or the activites of members of the Aalto community when brought to the attention of Aalto and, if needed, contact proper authorities in connection with such investigations. Following the investigation, if it is determined that a violation has occurred, corrective and disciplinary actions may be taken against persons who were involved in the violation. Said actions will be taken according to the nature, severity, and scope of the violation. Compliance Officer and representative of HR shall co-manage the conduct of investigations at Aalto.

10 Compliance Officer’s Access to Information and Documents of Aalto

With the sole exception of information or documents subject to security classification Compliance Officer is not legally entitled to receive,

(i) all information and documents of Aalto required by Compliance Officer for performance of his duties under this Policy shall be promptly disclosed, upon request, by the respective member of the Aalto community having access to such information or documents to Compliance Officer; and

(ii) Compliance Officer shall be granted adequate access rights to all relevant digital information systems of Aalto where the information and documents of Aalto required by Compliance Officer for the above-said purposes are processed.

Relevant services of Aalto such as HRS and ITS shall be obliged to assist Compliance Officer in the exercise of rights vested on Compliance Officer in this Policy.

11 Record Keeping and Documentation

Documents generated by the members of Aalto community in connection with activities under statutory record-keeping obligations in accordance with the applicable export control and sanction laws shall be kept electronically pursuant to Aalto University Records Management Plan and the instructions given separately by Compliance Officer.

12 Policy Review and Update

This Policy is subject to the periodic review and update by University’s Management.

13 Further Information

Further information on the subject matter of this Policy is made available at Responsible Internationalisation - export control and sanctions.

Updated: 10.3.2026
Published: 13.11.2025