Document Comments

Bulletin Board - Review and Comment

Step 1 of 4: Comment on Document

How to make a comment?

1. Use this Comment Icon to open a comment box for your chosen Section, Part, Heading or clause.

2. Type your feedback into the comments box and then click "save comment" button located in the lower-right of the comment box.

3. Do not open more than one comment box at the same time.

4. When you have finished making comments proceed to the next stage by clicking on the "Continue to Step 2" button at the very bottom of this page.

 

Important Information

During the comment process you are connected to a database. Like internet banking, the session that connects you to the database may time-out due to inactivity. If you do not have JavaScript running you will recieve a message to advise you of the length of time before the time-out. If you have JavaScript enabled, the time-out is lengthy and should not cause difficulty, however you should note the following tips to avoid losing your comments or corrupting your entries:

  1. DO NOT jump between web pages/applications while logging comments.

  2. DO NOT log comments for more than one document at a time. Complete and submit all comments for one document before commenting on another.

  3. DO NOT leave your submission half way through. If you need to take a break, submit your current set of comments. The system will email you a copy of your comments so you can identify where you were up to and add to them later.

  4. DO NOT exit from the interface until you have completed all three stages of the submission process.

 

Export Controls Procedure

Section 1 - Purpose

(1) This Procedure outlines the processes and requirements to ensure that export-controlled activities undertaken by the University of Newcastle (the University) are managed in a lawful, safe, and responsible manner, consistent with:

  1. Defence Trade Controls Act 2012;
  2. Customs Act 1901;
  3. Weapons of Mass Destruction (Prevention of Proliferation) Act 1995;
  4. Defence and Strategic Goods List 2024 (DSGL); 
  5. Defence Act 1903 Amendment – Safeguarding Australia’s Military Secrets Act 2024; and
  6. Export Controls Policy.

(2) This procedure supports the implementation of the Export Controls Policy and should be read in conjunction with this document. The procedure details operational instruction for identifying, assessing, and managing export controlled activities.

Top of Page

Section 2 - Scope

(3) This procedure applies to all University staff, Researchers, affiliates, contractors, visitors, honorary appointees, and controlled entities who undertake activities that may involve export-controlled goods, software, or technology.

(4) In the context of this document, activities include, but are not limited to:

  1. research and research training, consultancy and testing;
  2. teaching and supervision;
  3. collaboration with domestic and international partners;
  4. procurement and contracting activities;
  5. travel and fieldwork;
  6. publication and dissemination of research; and
  7. intangible supply including use of digital systems, including email, cloud-based platforms and screen share.
Top of Page

Section 3 - Document Specific Definitions

(5) In the context of this document, the following definitions apply:

  1. “controlled technology” means technical data, designs, software, or know-how that is subject to export control under Federal legislation;
  2. “Defence and Strategic Goods List (DSGL)” is the Australian Federal legislative instrument that identifies goods, software, and technology that are subject export controls;
  3. “dual-use goods” are items, software or technology that have both the potential for civilian and military applications.
  4. “Export” includes any physical or intangible transfer of controlled goods, software, or technology to a person, organisation, or location outside Australia;
  5. “export controls” means laws and regulations governing the transfer, supply, publication, or brokering of controlled goods, software and technology;
  6. “intangible supply” means the non-physical transfer, disclosure, publication, access or brokering of controlled technology to another person outside Australia, or foreign nationals in Australia;
  7. “Technology Control Plan” or “TCP” details the documented measures that will be used by the University to manage access to and handling of controlled technology;
  8. “Researcher” is as defined by the Responsible Conduct of Research Policy.
  9. “Responsible Export Controls Officer (RECO)” means the institution’s nominee who is responsible for export control oversight. At the University of Newcastle this is the Director, Research Ethics & Integrity.
Top of Page

Section 4 - Identifying Export Controlled Activities

(6) Individuals must undertake an initial self-assessment to determine whether their activity(s) may be subject to export controls.

(7) This must occur prior to commencement of the activity (for example, but not limited to prior to grant award, procurement, collaboration, travel or dissemination). The Australian Department of Defence tool “Made AI” can be used to assist.

(8) Indicators within an activity that may suggest export controls apply include, but are not limited to:

  1. working with or procuring goods, software, or technology that are listed on the DSGL;
  2. sharing or granting access to controlled technology with international collaborators or foreign nationals;
  3. providing training, supervision, instruction or technical assistance relating to controlled or DSGL-listed technology;
  4. transferring controlled or DSGL listed technology including email, cloud storage, system access, or screen-sharing electronically (intangible supply);
  5. travelling with controlled equipment, materials, software or technical data;
  6. research or other activities involving dual-use goods with potential military applications.

(9) Where uncertainty exists, individuals must seek advice from exportcontrols@newcastle.edu.au prior to proceeding with the activity(s).

Top of Page

Section 5 - Referral and Assessment

(10) Activities identified as potentially export-controlled must be referred to the Responsible Export Controls Officer (RECO).

(11) The RECO must:

  1. assess whether the activity involves DSGL-listed items;
  2. determine whether a permit, exemption, or further review is required;
  3. identify if AUKUS licence free conditions apply;
  4. assess risk level and advise on required controls; and
  5. maintain appropriate records of assessments.

(12) Activities must not proceed until authorised by the RECO.

Top of Page

Section 6 - Due Diligence

(13) Where export control risk is identified, a due diligence assessment must be undertaken. This will be conducted by the individual, in consultation with the RECO and National Security Compliance Manager.

(14) This assessment may include:

  1. classification of goods or technology against the DSGL;
  2. assessment of end-use and end-user;
  3. sanctions and restricted party screening;
  4. consideration of foreign interference and national security risks; and
  5. identification of applicable international regulatory requirements.
Top of Page

Section 7 - Permits and Approvals

(15) Where required, permits must be obtained from the relevant regulatory authority prior to any export, supply, publication, or brokering activity.

(16) The RECO will submit permit applications and act as the University's liaison with regulators.

(17) No export-controlled activity may proceed without appropriate authorisation from the relevant regulatory authority.

(18) Individuals must comply with all permit conditions.

Top of Page

Section 8 - Technology Control Plans

(19) Where a permit is required, a Tehnology Control Plan (TCP) must be developed.

(20) TCPs must:

  1. define access controls (physical, digital and personnel);
  2. outline data storage and transmission requirements;
  3. specify training and awareness requirements;
  4. including monitoring and recordkeeping arrangements.

(21) TCPs must be developed using the University template by the project lead prior to commencement of the activity, and updated to reflect changes in the activity once implemented.

(22) The TCP must be endorsed by the RECO prior to the commencement of the activity.

Top of Page

Section 9 - Implementation and Compliance

(23) Individuals and project teams must:

  1. ensure only authorised personnel access controlled technology;
  2. comply with all permit and TCP conditions;
  3. implement appropriate safeguards; and
  4. complete required training.
Top of Page

Section 10 - Recordkeeping

(24) Records must be maintained for all export-controlled activities.

(25) Records must include:

  1. the initial export controls self-assessment and any supporting information;
  2. classification and due diligence outcomes;
  3. permit applications, variations and approvals;
  4. TCPs and associated documentation;
  5. details of supply or transfer, including recipients and dates; and
  6. training registers.

(26) Records must be retained for a minimum of five years after the activity in accordance with the Records Governance Policy.

Top of Page

Section 11 - Monitoring and Review

(27) The University will monitor compliance with this procedure through a combination of activity-level and institutional monitoring, including:

  1. audits and periodic reviews, including targeted audits of higher-risk activities;
  2. oversight of permits and Technology Control Plans (TCPs), including review of compliance with access controls, recordkeeping and monitoring arrangements specified in the TCP; and
  3. reporting of suspected or actual non-compliance in accordance with the Compliance Management Framework.

(28) Monitoring activities will be proportionate to the level of export control risk and may include enhanced oversight of high-risk activities.

(29) Where monitoring identifies gaps, non-compliance or changes in risk, corrective actions may be required including updates to TCPs, additional controls, training, or escalation to be reviewed under the Research Breach Investigation Procedure.

Top of Page

Section 12 - Import of Controlled Items

(30) Procurement of items that may be subject to export or import controls must be referred by the project lead to the RECO for assessment prior to execution of contracts, importation, or signing of documentation including:

  1. end-user certificates;
  2. end-use statements or undertakings;
  3. import or export licence documentation;
  4. supplier export control declarations; or 
  5. contractual export control certifications.

(31) Following assessment, any approvals required for the import of controlled items and associated documentation must occur in accordance with the University's Procurement Policy, Delegation of Authority Framework, and associated procurement procedures, with advice from the RECO where export control obligations are identified.

Top of Page

Section 13 - Publication and Dissemination

(32) Prior to publication, presentation or other dissemination, individuals must consider whether the content includes controlled technology, including technical data, software, designs or know-how subject to export control legislation.

(33) Publication of DSGL Part 1 (military) technology requires a permit.

(34) Pre-publication of sharing of controlled technology, including sharing with collaborators, peer reviewers, publishers, or conference organisers, may constitute a regulated supply and must be referred to the RECO for assessment prior to sharing.

Top of Page

Section 14 - Training and Awareness

(35) The University will provide training and guidance to support compliance. This includes:

  1. an export controls module available through Discover;
  2. training resources provided by the Australian Department of Defence.

(36) Individuals are required to complete export control training when their activities involve handling any DSGL listed technology.

Top of Page

Section 15 - Breaches and Non-Compliance

(37) Suspected or actual breaches must be reported immediately to the Research Ethics and Integrity Unit and managed in accordance with the Compliance Management Framework, including recording in the University's Breach Register where required.

(38) Breaches will be managed in accordance with the:

  1. Research Breach Investigation Procedure; and/or
  2. Staff Code of Conduct and Compliance Management Framework.

(39) Activities must cease where a potential breach is identified, until assessed.

(40) Matters involving the safeguarding of Australia’s military secrets (SAMS) and any actual or suspected foreign interference must be escalated without delay to the National Security Compliance Manager.

Top of Page

Section 16 - Roles and Responsibilities

(41) Roles and responsibilities are defined in the Export Controls Policy.

(42) Individuals are responsible for ensuring compliance with this Procedure.

Top of Page

Section 17 - Integration with other obligations

(43) Export control compliance must be implemented in coordination with other University regulatory and governance obligations. Activities captured under this Procedure may also trigger requirements under related frameworks and University policy, including:

  1. sanctions and restricted party screening, including obligations administered by the Australian Sanctions Office (see International Sanctions Compliance Policy);
  2. digital security requirements, such as data classification, secure storage, cloud residency controls, and encryption (see Digital Security Policy);
  3. foreign engagement and foreign interference obligations including mandatory disclosures and approval process (see Foreign Interference Policy);
  4. research integrity and human/animal ethics requirements relevant to the conduct, approval and oversight of research activities (see Responsible Conduct of Research Policy);
  5. contracts and intellectual property requirements including publication rights, background intellectual property, confidentiality and contractual restrictions on dissemination or use (see Intellectual Property Policy);
  6. procurement and contracting obligations including compliance with the Procurement Policy, tendering requirements, and approval and delegation frameworks (see Delegation of Authority Framework);
  7. privacy and data protection obligations, where activities involve the collection, use or disclosure of personal information, including cross-border data transfers (see Privacy Management Plan and Data Governance Policy).

(44) Individuals must ensure that export-controlled activities are compliant with all relevant obligations and seek advice where intersections occur.

(45) This Procedure should be read in conjunction with:

  1. Export Controls Policy;
  2. Responsibile Conduct of Research Policy;
  3. Research Breach Investigation Procedure;
  4. Digital Security Policy;
  5. Procurement Policy;
  6. Records Governance Policy; and
  7. applicable Commonwealth legislation and regulatory guidance.