| Research

Higher Education Research Commercialisation IP Framework – IRU Response

 The Innovative Research Universities (IRU) support the Australian Government’s intention to incentivise and increase partnerships between businesses and universities through research commercialisation. By better facilitating commercialisation and translation, we can further strengthen our national capacity to invest in research and realise its benefits, creating a positive loop in Australia’s world leading R&D sectors. A framework of standardised agreements, templates, guidance and terminology for the treatment of intellectual property (IP) in commercialisation has the potential to overcome some of the constraints that inhibit the transfer of publicly funded research into commercial outcomes benefiting universities, business and society. 

Despite supporting the positive intentions of the proposed IP Framework, the IRU is concerned that the key details of the Framework’s scope and parameters are underdeveloped. Some of the underlying principles and assumptions may be misguided upon further consultation. Mandatory standardisation is expected to increase commercialisation revenue, but this approach departs from the successful practices in the UK and Ireland that the IP Framework is seeking to emulate. No evidence or rationale is provided from universities or industry that standardisation is desirable. 

Direct commercial outcomes are also only one part of a broad suite of ways in which research is used for economic and social benefit. In the announcement of the University Research Commercialisation consultation paper, Minister Tudge was clear that research commercialisation is the initial focus, but the Government concurrently wants “to continue our thinking on how universities can make a greater impact on our largest social challenges which don’t necessarily have a commercial outcome.” It is important that the IP Framework does not undermine industry and community engagement that provide “pathways to market” or social impact, including through contract research, consultancy and engagement in research training. Commercialisation is the final stage of the “innovation pipeline” and depends on early-stage research and translation. 

Overall, it is difficult to assess the proposed IP Framework for its efficacy or consequences. Too many key details are unclear, presumably to be developed after this round of consultation. Instead of committing to implementing the IP Framework in advance of determining its detail, the IRU proposes that the Government continues to work with the higher education and industry sectors to develop a voluntary Framework that is fit for purpose, prior to piloting and committing to its implementation. 

Recommendations 

The IRU submission supports Universities Australia’s position on the IP Framework, including the following key recommendations that the Government: 

1. Delay introduction of the IP Framework; 

2. Establish a steering committee and undertake a fuller stakeholder consultation; 

3. Pilot, test and refine the IP Framework, then consider full implementation with voluntary uptake. 

The remainder of the IRU submission further outlines initiatives for the Government to consider. 

Supporting research commercialisation through an IP Framework 

1. A voluntary IP Framework with devolved decision making 

The IP Framework needs to be flexible and support a breadth of activities and partnerships. The aim is to make research-driven innovation part of business as usual across most enterprises by overcoming IP barriers that may arise when partnering with universities. This is best achieved through devolved decision making. Devolved decision making around IP ensures that the partners with greatest knowledge about the research process have autonomy to make decisions. The IP Framework consultation paper acknowledges that these negotiations may initially be difficult: “Businesses think universities overvalue their technology, research and IP, and universities think businesses undervalue the technology and the university’s pre-existing IP”. However, a mandatory and rigid IP Framework is not likely to solve this problem. It may lead to greater standardisation across agreements, but at the cost of fewer agreements and collaborations. IRU members have indicated that this is also a concern of their industry partners. Therefore, it is important that the IP Framework is voluntary and guide decision marking, rather than dictate it. 

2. Support commercialisation across the innovation pipeline, including PhD training 

Commercialisation of research can produce great social and economic benefits, but as the Government’s University Research Commercialisation consultation paper recognised, commercialisation is the final stage of a complex “innovation pipeline”. Commercialisation cannot occur without high quality early-stage research and translation activities. Quality research and translation will not always lead to commercial returns, but collaboration with industry at each stage increases the frequency and likelihood of commercial success. Given the range of Australian Government initiatives supporting industry collaboration on PhD training, it is essential that the IP Framework does not prevent growth in this area, or any PhD candidate from having their thesis assessed or examined as a consequence of these arrangements. 

3. Establish a governance structure to guide the IP Framework 

The IP Framework lacks a clear and formal governance structure to guide stakeholder consultation, piloting, refinement and implementation. The Defence Trade Control Act’s Implementation Steering Group offers a suitable model that the IP Framework could replicate. Representation could be extended to other parts of the innovation system that are specifically designed to support university-industry collaboration, such as CRCs and RRDCs. Universities and industry are already significantly invested in those bodies, yet there is limited evidence that their expertise has been utilised in the development of the IP Framework. 

4. Commercialisation, contracts and collaboration are different (but all are growing) 

The IP Framework consultation paper’s concerns about “unsatisfactory performance in commercialisation and collaboration” conflates distinctly different issues. As outlined in the IRU’s submission to the University Research Commercialisation consultation paper, Australia’s performance on university-industry collaboration has improved steadily over the past decade. As shown in Figure 1 below, university-industry co-authored publications in the Scopus database have more than doubled over the past decade (224% compared to 2009 levels). For IRU members, the total number of university-industry co-authored publications has more than quadruped (406% compared to 2009 levels). Industry funded research has increased at an even greater rate (Category 3 research income, 226% compared to 2009). Consultancy and contracts have also comfortably grown at a greater rate than public funding sources. Growth in royalties, trademarks and licencing revenue has not kept pace with government grants or government funded research and rightly should be the focus of attention, but the reasons for its lower growth rate may have little to do with efforts on collaboration. 

Graph showing Growth in university-industry co-publications and income by source, 2009 to 2019

5. Ensure that the commercialisation IP Framework does not hinder other collaboration and pathways 

In 2019, Australian universities generated $136 million in revenue directly from direct commercialisation through royalties, trademarks and licenses. This comprised 0.4% of total revenue for the sector. Successful commercialisation is lucrative but rare, which means most universities generate far less than 0.4%. Only four universities in 2019 generated more than 1% of their revenue from direct commercialisation. Although it is possible that standardised approaches towards IP agreements will increase commercialisation, there are risks that an IP Framework intended to target royalties, trademarks and licenses may undermine indirect commercialisation and collaboration with industry and community organisations on pathway activities. 

Many universities have productive relationships with government, hospitals, schools and communities, driving strong outcomes and economic benefit. Taking a broader definition of commercialisation to include advice and consultancy to private enterprise, government, not for profit organisations, and other third parties, universities generated $1.6 billion in revenue in 2019, 4.3% of total revenue. Consultancy and contracts include non-research services, but university staff utilise their research expertise in their services to business and the community. 

Retaining more of the financial benefits within the higher education sector is the main focus of the IP Framework discussion paper. However, the commercialisation of university R&D can also create economic benefits purely for the industry partner. Universities may not be acknowledged or directly benefit from this, yet it does support the broader R&D intensity of industry, their productivity, profitability (and taxation revenue to government), and capacity to employ university graduates in knowledge-intensive roles. 

The total value of university consultancy and contract research also underestimates the full suite of benefits from this growing external engagement. As publicly spirited institutions, universities and academics engage in knowledge transfer activities and support local communities and industries even when short-term financial returns are uncertain or minor. This also helps ensure the university education mission aligns with community needs and expectations, such as through industry-informed curriculum development and work-integrated learning activities that build upon existing research partnerships. Such partnerships may or may not have commercialisation potential, but could get held up by constraints within the IP Framework. 

Whereas direct commercialisation is skewed towards a small number of larger metropolitan universities, indirect commercialisation through contract and consultancy is widespread across the sector. Most universities generate between 4% to 6% of their revenue from these activities. For IRU as a whole, 5.2% of revenue is generated from indirect commercialisation compared to 0.2% from royalties, trademarks and licences. Therefore, it is important that the whole of the higher education system has opportunities to engage fully with the IP Framework development and its effects on pathway activities. In 2019, the institutions that generated the greatest share of revenue from consultancies were the Batchelor Institute (15% of total revenue) and La Trobe University (9%), both of which have deep engagement with their local communities, including Indigenous communities. The complexity of how to consider Indigenous Knowledge in the IP Framework is particularly relevant and should be considered further prior to implementation. 

Graph of University revenue from Royalties, Trademarks & Licenses and Consultancy and Contracts, 2019 by university (total and % of total revenue)

| University Operations

Strengthening Australia’s cyber security regulations and incentives: IRU response

The Innovative Research Universities supports the suite of initiatives in Strengthening Australia’s cyber security regulations and incentives. 

The IRU acknowledges that a core aim of the proposed regulatory reforms is to counter the social and economic impacts of widespread but lower sophistication threats, and notes that the Government is taking separate action to respond to sophisticated and persistent threats, including through updated critical infrastructure legislation and the University Foreign Interference Taskforce (UFIT) guidelines. 

IRU considers the current, multi layered regulatory reforms approach are not easily transparent or harmonious. The discussion paper highlights universities’ mixed views of the critical infrastructure Positive Security Obligations (PSO) requirements that extend to them, which are beyond the requirements applied to many other organisations. 

The IRU further endorses an approach entailing broad based, fit for purpose cyber reform with applicable standards which will help clarify and strengthen universities’ adherence to them. The specific requirements and actions for sectors considered of national significance under revised critical infrastructure reform should be further moderated and applied in a fit for purpose manner, subsequent to adoption of the seven new proposals under this reform. 

In essence, strong, effective cyber security across all aspects of Australia is the best means to reduce the need for highly interventionist requirements under the Security of Critical Infrastructure Act 2018 and to ensure a broad-based uplift in cyber resilience and maturity. 

On this basis, the IRU is pleased to see the seven new proposals from the consultation process to strengthen general requirements and protections. 

1. Governance standards for large businesses. 

Proposes sector-based governance standards, either co-designed as voluntary standards else implemented as mandated standards. 

It is important to ensure harmony with disparate regulatory reform and legislative amendments, and therefore the IRU welcomes Option 1: Voluntary Governance Standards in a co-designed approach as a way of broadly uplifting cyber security across the sector and minimising the disruptive impact from other reforms. This option would also be broadly complementary with the UFIT guidelines, which provide universities with key recommendations for protection. 

This and related processes are the best means to ensure effective action across the whole university system. 

2. Minimum standards for protection of personal information. 

Proposes that a minimum code be established under the Privacy Act to increase cyber resilience through core protection-based technologies known to mitigate common vectors associated with information protection. 

It is highly likely that universities already meet any such standards. The IRU endorses Option 1: Minimum standards for personal information. Universities currently apply significant efforts towards the protection standards that are mentioned in the consultation paper and to the extent there are gaps, IRU members will be keen to fill them. 

The IRU also agrees that mandating ASD Essential Eight is not realistic and therefore avoiding conflict with a future code and existing best practice guidance is important. An option to achieve this is to ensure that the proposed minimum code is descriptive rather than prescriptive with the application of core technologies. 

3. Standards for security of smart devices 

Proposes introducing a new standard (adoption of ETSI EN 303 645) through legislation which would require manufacturers to implement baseline cyber security requirements for smart devices. 

University students, staff and visitors are prolific users of smart devices with the internet of things use also increasing in both operations and in our research activity. It is crucial that the devices used are secure. The more secure such items are at manufacture the better for universities as major consumers, and with reduced national risk from any intrusion into university systems. 

The IRU supports Option 1: Mandatory standard for smart devices and notes that while ransomware currently targets data, it is reasonable to expect that future ransomware targets are likely to include IoT, which would render physical areas inoperable and be of significant consequence for universities. 

4. Labelling for smart devices to indicate levels of security and potentially expiry date for security support. 

Proposes introducing either a Star rating-based label else a lower cost expiry label reflecting an End of Life (EoL) support timeframe for patching. 

The IRU endorses Option 1: Voluntary star label. This kind of general initiative helps raise security awareness, particularly among staff and students who access university systems, as well as assists in ensuring standards for the procurement of smart devices by the sector are supported in choosing fit for purpose products. 

5. Responsible disclosure of weaknesses found in software. 

Proposes encouraging and reinforcing the current responsible disclosure of vulnerabilities as guided by the Information Security Manual and ACSC (either voluntarily, or mandatorily, through procedure). 

Universities often use hundreds, and even thousands, of software systems. Responding to vulnerability reports is an essential and ongoing activity where timely response is critical. IRU members strongly support being informed in a timely fashion of any weaknesses to allow them to act in response in concert with software developers. 

The IRU supports Option 1: Voluntary approaches to increasing responsible disclosure and notes that the University sector currently shares Cyber Threat Intelligence (CTI) information within a trusted community, including to an extent, information on vulnerabilities. 

It is expected encouragement through procedure will increase adoption across all sectors the university engages with. 

6. Health checks for small business. 

Proposes a cyber security health check program to provide greater support to small business. 

IRU members work with a large array of businesses. Action to encourage and assist smaller enterprises spot cyber weaknesses and address them reduces the risk that they provide an entry point into universities they work with. 

Increasingly, supply chain is used for spreading of malicious code, leading to service disruption and data breaches. The IRU supports Option 1: Cyber health checks for small business. 

7. Clear legal remedies for consumers affected by cyber incidents. 

Proposes amendments to Australian Consumer Law to seek remedies or compensation for cyber security incidents. A direct right of action for privacy breaches is currently being explored as part of the Privacy Act Review. 

It is important for IRU members to understand fully the implications of changes to support consumers with a focus on what repercussions for incidents that originate due to attacks on university systems. The IRU members observe that cybercrime is perpetrated by criminals, and often criminals with extraordinary capability, significant resources and global reach. In efforts to support consumers, laws should not be enacted that punish the organisations that are themselves the victims of global cyber criminals. 

Through effective development and implementation of the proposed suite of actions, cyber protection across Australia will be notably stronger with universities and their staff and students better protected. 

These general, Australia-wide initiatives are the better way to reduce cyber incidents. They allow the Government to be highly selective and adopt a nuanced approach concerning the sectors it applies the Security of Critical Infrastructure Act 2018 to, and the sections of that Act which it applies.