Most of your compliance will be determined by your local organisation and national rules and legislation. Items to keep in mind:

• export controls and dual-use restrictions
• processing of sensitive personal data
• knowledge safety
• medical and ethical requirements and mandatory reviews on human and animal research
• restrictions on GMOs and stem-cell research
• sanctions against individuals, organisations, and countries that are in effect in your jurisdiction

Please consult your local regulatory experts and legal council when in doubt.

How does compliance fit into an AARC BPA infrastructure?

Many of these controls can be at least partially implemented by access controls in the AARC platform, based on on attributes, roles, and group membership, and on the attributes released by the home organisations (authentication sources). Depending on the scope of the compliance rules, different layers may be the most appropriate place to enforce controls. E.g. a site-level or national infrastructure proxy is appropriate for national-level controls, whereas dual-use research might be more appropriately restricted at the community layer. Data on individuals, such as nationality, may only come from external government identity sources, potentially conveyed via another authentication source.