Here are the top three legal challenges facing the higher education sector in the next 12 months from a governance and commercial perspective - aside from the obvious challenges of rising costs and a stagnant funding regime which pervades all aspects of university operations.
A university's business, and its regulation is complex. Diversification of income generation is a key and necessary part of the strategies of higher education institutions. It can offer both potential risk and reward and often involves partnership working. New activities, and the frameworks in which they are undertaken, need to comply with applicable law and regulation, mitigate risk for the university and deliver the benefits expected to be achieved. Navigating and keeping up to date with the myriad of laws and regulation applicable to an increasing range of activities and the frameworks in which they are undertaken, is an increasing challenge.
For example, in international ventures, understanding the local laws and cultures is vital for securing success, so having local knowledge and a reliable local partner is key. Taxation rules may impact repatriation of income generated abroad and UK laws could constrain the transfer of university data or intellectual assets into the jurisdiction, so these all need to be well understood.
Research and innovation initiatives, which often involve international partners and licensing arrangements, need to ensure the requirements of the National Securities and Investments Act are met. Whilst now a relatively well established piece of legislation, its breadth of application poses a challenge for the HE research sector. Ever-expanding sanctions lists need to be regularly checked and export controls heeded. Where large datasets comprising personal data are involved, data protection compliance is essential for credibility and success.
Research grants for applied research are increasingly focussing on outcomes and public impact and there is rising pressure on research groups to translate their knowledge and commercialise valuable IP and know-how. Again, NSIA and export controls are increasingly relevant and with the involvement of industrial partners, the UK subsidy control regime and procurement rules often come into play.
For riskier ventures or non-core activities, charity law requires trustees to consider using subsidiary companies which poses additional challenges for governing and resourcing the entity in a legally compliant way, whilst protecting the HEI's interests and reputation. Even for your core business, legal regulation and Office for Students' guidance are regularly changing.
For example, this year you will have to get to grips with the new Procurement Act 2023 coming into force and its application. The new Act promises to speed up the procurement process and improve transparency, as well as consolidating and simplifying the existing EU based procurement regime. If an institution considers itself to be public authority and therefore within the scope of these new rules, it needs to prepare for the implementation of the new rules.
How can you address this?
Artificial Intelligence poses many challenges and opportunities for HEIs and you will no doubt be exploring the benefits AI has to offer across your operations. Currently, the use of generative AI is relatively unregulated but this is a fast moving area and any systems/applications using AI need to be able to adapt in the event of future regulation.
Whilst there are many moral and ethical debates around the use of AI, particularly in education, a real and immediate challenge for universities is how its use is impacted by the institution's data protection responsibilities and obligations.
Data protection law does not stand in the way of this innovation but requires you to carefully consider how to be compliant before processing personal data using AI. There are risks that AI can lead to discriminatory outcomes, eg when AI is trained on information that is unbalanced or biased. This has implications for data protection compliance if it leads to unjust discrimination and a violation of the UK GDPR fairness principle. The National Cyber Security Centre has highlighted the cyber risks created by generative AI which also need to be guarded against.
Another area of consideration when using AI is intellectual property, in particular in relation to potential infringement claims against the university for unauthorised use of a third party's IP, but also use of any university owned IP by the AI tool. Any information that the university inputs into the AI tool can then be used by the AI tool which in turn may give rise to infringement. We are starting to see an increasing number of IP infringement claims in relation to the use of AI tools.
It goes without saying that the use of AI by university staff and students needs careful consideration. The potential application of AI within universities is vast given the breadth and complexity of university operations and with AI tools becoming increasingly sophisticated, universities will need to keep up to ensure that those AI tools are used appropriately.
How can you address this?
Particularly where a strategic focus is given to diversification and supporting financial sustainability through income generation and cost efficiencies, higher education institutions must avoid taking their 'eye off the ball' regarding the quality and sustainability of their core business - their academic offering and research activities.
With a regulator focused on quality, financial sustainability and value for money for students, universities need to be able to demonstrate robust and effective internal systems for governance, control and accountability across all its activities and operations. These are essential for ensuring ongoing compliance with OfS conditions of registration, reporting obligations and obligations as a charity to advance education and research for the public benefit.
University trustees need assurance that the institution is making robust, well informed and reasoned decisions which stand up to regulatory scrutiny and appropriately safeguard charitable assets, in line with trustees' fiduciary duties.
How can you address this?