SBIR Foreign Risk Screening: How to Prepare Your Documentation
March 4, 2026 · 5 min read
Claire Cummings
Somewhere in a federal agency building, a review panel will soon pull up your company's SBIR application and run it through a checklist that did not exist six months ago. They will look at who owns your equity, who holds your patents, who works in your lab, and who wired money into your bank account. If anything connects to a foreign country of concern, your proposal enters a secondary review that could add weeks to the timeline — or end it entirely. The SBIR/STTR reauthorization made this screening mandatory on every single application, not just the ones that raise suspicion.
The companies that will move through this process fastest are the ones that document everything before they submit. Here is what gets checked, what triggers a flag, and how to prepare.
The Four Dimensions of Screening
Every SBIR and STTR application will be evaluated across four categories of foreign risk, checked against enumerated federal watchlists maintained by the Departments of Commerce, Treasury, State, and Defense.
Cybersecurity practices. Agencies will review whether your data infrastructure — cloud hosting, network architecture, endpoint security — meets baseline standards for protecting federally funded research. Companies storing data on servers operated by entities in countries of concern will face immediate scrutiny.
Patent portfolios. Reviewers will examine whether any of your patents have been assigned, licensed, or co-developed with foreign entities. A patent jointly held with a university lab in a country of concern is a flag. A patent previously assigned to a foreign company and later reacquired domestically is still a flag — the assignment history is public record.
Employee backgrounds. The screening covers foreign government affiliations, military or intelligence connections, and institutional ties for all key personnel on the proposal — PI, co-PIs, senior researchers, and anyone with access to the project's technical data.
Financial ties. Equity investments, convertible notes, loans, licensing revenue, and any other financial relationship connecting your company to countries of concern. This is the broadest category and the one most likely to catch companies by surprise.
What Triggers a Flag — and What Does Not
The screening distinguishes between connections that raise genuine security concerns and connections that are incidental to doing business globally.
Flags that trigger secondary review:
- A foreign government entity or sovereign wealth fund holds equity in your company, directly or through intermediary vehicles
- Key personnel with current or recent affiliations to a foreign military, intelligence service, or government-directed talent recruitment program
- Patents assigned to entities in countries of concern
- Subcontracts flowing to organizations in countries of concern
- Undisclosed foreign funding sources identified through cross-referencing federal databases
Connections that do not disqualify you:
- A co-founder or PI who earned a graduate degree at a foreign university — academic training alone is not a disqualifying tie
- Investment from European, Japanese, South Korean, Australian, or other allied-nation investors, unless they have their own ties to countries of concern
- Revenue from international customers purchasing your commercial products
- Employees who hold dual citizenship with allied nations
The burden of demonstrating that a connection is benign falls on you, not the agency.
The Denial Process and What Comes After
When an agency determines that a foreign risk concern warrants denial, the reauthorization requires written notice explaining the specific basis for the decision. This is a meaningful procedural protection — prior to the reauthorization, agencies could reject applications with minimal explanation, and applicants had little visibility into why.
A denial based on foreign risk screening is not a permanent bar. Companies can reapply in future solicitations, and if the underlying issue has been resolved — a foreign investor bought out, a problematic subcontract terminated, a patent assignment transferred — the prior denial does not follow you into the next competition.
That said, the practical reality is that a denial costs you one full solicitation cycle, which in most agencies means six to twelve months. The smarter move is to resolve potential issues before submission rather than litigating them in a post-denial review.
How to Prepare Your Documentation
The companies that will move through screening fastest are the ones that arrive with clean, pre-organized documentation. Here is the audit checklist, in order of priority.
Cap table review. Pull your complete capitalization table and trace every investor back to its ultimate beneficial owner. For institutional investors, request confirmation that no limited partners are foreign government-linked entities. For convertible notes and SAFEs, confirm the identity and nationality of holders. Compile everything in a single memo you can attach to your proposal.
Patent portfolio audit. Search your patent assignments in the USPTO database. If any patent has ever been assigned to or co-owned by a foreign entity, prepare a narrative explaining the history and current status. For pending applications with foreign co-inventors, document the collaboration and IP ownership structure.
Personnel disclosure preparation. For every key person on the proposal, compile a disclosure covering citizenship, current and prior institutional affiliations (going back at least ten years), any foreign government funding received, and any participation in talent recruitment programs. The SBIR reauthorization guide details which talent programs are enumerated.
Subcontractor and vendor review. If any work will flow to a subcontractor, consultant, or vendor outside the United States, document the entity's location, ownership, and the nature of the work. Having this ready prevents delays even if the subcontractor is in an allied nation.
Timeline Impact and Submission Strategy
Screening will add processing time to every review cycle, even for companies with spotless records. Early solicitations after the restart will likely see the longest delays as agencies build out their screening infrastructure.
Companies that submit complete foreign risk documentation upfront — rather than waiting for the agency to request it — will move through the pipeline faster. Consider preparing a standalone "Foreign Risk Disclosure" attachment for every proposal, even if the solicitation does not explicitly require one. Proactive transparency signals that you understand the new landscape.
The screening requirement also changes how you evaluate team composition. Before adding a foreign-national researcher or signing a subcontract with an overseas vendor, weigh whether that addition creates a screening flag that outweighs its technical contribution. Make that calculation deliberately, not when your proposal stalls in review.
Related SBIR reading:
For applicants preparing their first post-reauthorization submissions, Granted can help you match your technical capabilities to open solicitations and build a proposal package that clears both the merit review and the new security screening without delays.