NIH Data Management and Sharing Policy (2023)

This page is intended to inform the UA community about the new NIH policy, linking to appropriate information and resources whenever possible. It will be updated as new information becomes available so please check back frequently.

What's new about the 2023 NIH Data Management and Sharing Policy?

Previously, the NIH only required grants with $500,000 per year or more in direct costs to provide a brief explanation of how and when data resulting from the grant would be shared.

The 2023 policy is entirely new. Beginning in 2023, ALL grant applications or renewals that generate Scientific Data must now include a robust and detailed plan for how you will manage and share data during the entire funded period. This includes information on data storage, access policies/procedures, preservation, metadata standards, distribution approaches, and more.  You must provide this information in a data management and sharing plan (DMSP). The DMSP is similar to what other funders call a data management plan (DMP).

The DMSP will be assessed by NIH Program Staff (though peer reviewers will be able to comment on the proposed data management budget). The Institute, Center, or Office (ICO)-approved plan becomes a Term and Condition of the Notice of Award.

What do I need to do?

A DMSP must be submitted as part of the funding application for all new and competing proposals/renewals that generate Scientific Data for January 25, 2023, and subsequent receipt dates. The term Scientific Data is defined in the policy as "The recorded factual material commonly accepted in the scientific community as of sufficient quality to validate and replicate research findings, regardless of whether the data are used to support scholarly publications. Scientific data do not include laboratory notebooks, preliminary analyses, completed case report forms, drafts of scientific papers, plans for future research, peer reviews, communications with colleagues, or physical objects, such as laboratory specimens."

High-level first steps

  1. Determine your personal timeline. If you have an active NIH award going up for renewal with receipt date of January 2023, or if you are planning to submit an NIH proposal this year, then developing a DMSP should be a high priority, especially if you are working with external collaborators as it may take time to set up appropriate data procedures/agreements. 
  2. Read through this webpage to familiarize yourself with the changes and with the policy itself (including the supplements)
  3. Familiarize yourself with the FAIR principles (Wilkinson et. al, 2016). The FAIR (findable, accessible, interoperable, reusable) data principles are the guiding principles the NIH has used in creating the new policy. 
  4. Assess your own project and data management practices relative to the policy (see the NIH-provided supplements below), especially around documenting existing practices and developing new ones to address the increased emphasis on data sharing and administrative oversight.
  5. Review campus data services (e.g., computing, storage, consulting) and assess whether they will meet your needs. Also consider costs you may need to budget for such as labor for data cleaning and documentation (see the NIH-provided supplement on allowable costs).

All new proposals must include a DMSP. After your funding is awarded, execute your ICO-approved plan and document that work in your RPPR to comply. 

Step 1: Review data management and sharing best practices prior to creating your plan

Step 2: 

(a) Establish what data needs to be managed and by whom (see the definition of Scientific Data above).

(b) Establish what data needs to be shared under the policy (see the definition of Scientific Data above). The rule of thumb is to make the data "as open as possible, as closed as necessary".

(c) Document the following in your DMSP:

Step 3: Write the DMSP.  See the "What do I need to submit as part of my funding proposal" section below. We suggest using the DMPTool (see below) to create your plan. It includes a template with guidance on what to write in each section of the DMSP.

The NIH will be releasing further guidance on what they expect to see in plans and how to address specific circumstances.

Step 1: If you have a grant already underway, review this webpage and compare your existing data practices to the new requirements as soon as possible.

Step 2: Identify gaps in your existing plans and practices. The new policy requires much more robust data management and sharing plans. Your updated plan must address data sharing, which may not be a component of your existing work plan. Other areas that may need attention are: data use agreements, carving out time for data preparation (eg., de-identification), documentation, and upload into a data repository. 

Step 3: To draft the plan, review the Guidance for New Proposals above.

What do I need to submit as a part of my funding proposal?

If you plan to generate scientific data, you must submit a Data Management and Sharing Plan to the funding NIH ICO as part of the Budget Justification section of your application for extramural awards. 

Your plan should be two pages or fewer and must include:

  • Data Type
  • Related Tools, Software and/or Code
  • Standards
  • Data Preservation, Access, and Associated Timelines
  • Access, Distribution, or Reuse Considerations
  • Oversight of Data Management and Sharing.

See Supplemental Information to the NIH Policy for Data Management and Sharing: Elements of an NIH Data Management and Sharing Plan for a detailed description of these Elements. For additional resources, refer to How to Get Started Writing a DMP.

To draft the plan itself, we recommend the DMPTool (log in with NetID) using the NIH 2023 template. Additional guidance for completing each section of the template will be added to the DMPTool on a rolling basis.

If you are including institutional services and tools in the DMSP, be sure to budget for any associated costs. See the following section for what kinds of services and tools are available. 

Any costs related to complying with the policy must be paid for up-front during the performance period. For example, costs for long-term data preservation must be budgeted for in the proposal and paid before the end of the grant.

What institutional tools and services are available to me for compliance during my grant?

General purpose storage
Refer to Storage, Backups, and Security

Specialized storage

  • HPC High Performance Storage (for HPC use only)
  • UA Libraries Data Repository (archival storage for data publication -- meets NIH requirements for data sharing)

Data collection

  • Qualtrics
  • RedCAP (HIPAA compliant)

Data Sharing

Unlike NIH's prior policies, the new policy requires a plan for maximizing the sharing of Scientific Data while acknowledging factors (legal, ethical, or technical) that may affect the extent to which it can be shared. See the definition of Scientific Data above for what is in scope for sharing.

If you are conducting research with human subjects, you must incorporate consent during the data management and sharing process, even if data will be de-identified. If you are conducting research with American Indian, Alaska Native, or Indigenous populations, you must secure appropriate agreements with tribal authorities before using and sharing that information.

NIH recommends sharing datasets through established data repositories to improve the FAIRness (Findable, Accessible, Interoperable, and Re-usable) of the data.

While NIH supports many data repositories, your data may or may not be appropriate for an NIH repository. You should also consider data repositories supported by other organizations, both public and private.  

For more information, see Supplemental Information to the NIH Policy for Data Management and Sharing: Selecting a Repository for Data Resulting from NIH-Supported Research and the University of Arizona Libraries guide to Data Repositories. The UA's ReDATA repository is a compliant repository for de-identified data.

You will need to share your data when you publish your work or before your performance period ends, whichever comes first.

In general, you should make your data accessible as soon as possible. You can also use relevant requirements and expectations such as data repository policies, award record retention requirements, or journal policies, to decide when to share your data sets.

The policy does not state specific requirements for how you share your data.  When you share your data, you should address the NIH’s goal of making data as accessible as possible.  The NIH expects all shareable data to be made available, whether it is associated with a publication or not

All data used or generated as part of a grant must be managed, but not all data should be shared. You should not share data if doing so would violate privacy protections or applicable laws

You may share data related to human subjects, but your plan should address how data sharing will be communicated in the informed consent process (e.g., consent forms, waivers of consent). See the University of Arizona Research Data Repository (ReDATA) policies ("De-identified Data Associated With Human Subjects Research", p. 5) for sample consent language that allows for data sharing. For additional guidance on consent, see item 8 in the NIH FAQ.

Before submitting your data to your chosen repository, you will need to:

  • Bundle your data together in logical "chunks" for citation and reuse. Appropriate bundling makes it easy to assign a persistent identifier(s) (e.g., DOI) to the dataset.  NIH strongly encourages the use of persistent identifiers for datasets. These identifiers, usually assigned by data repositories, make it easier for others to cite your data and for the NIH to track compliance.
  • De-identify your data, if appropriate
  • Convert your data to an open, machine-readable file format such as .csv when possible
  • Document the dataset thoroughly in a separate readme.txt file, and/or create metadata according to the format required by your chosen repository or discipline

Refer to Data Management Best Practices for help in fleshing out these steps. 

How will compliance be monitored?

You must comply with the ICO-approved plan and document that compliance in reports such as the annual Research Performance Progress Report (RPPR). Non-compliance may result in enforcement action from the NIH such as

  • Addition of special terms and conditions to the award
  • Termination of the award

Non-compliance may also affect future funding decisions. To avoid possible issues when reporting progress, ensure that your submitted plan contains enough detail for the program officer to be able to evaluate compliance.

If you make changes to your submitted plan, your new plan must be re-approved. We will provide guidance from the NIH on the process for making changes soon.

Where can I get help?

Contact For Questions About
Research Data Management Services
  • Help understanding details of the requirements
  • Writing the data management and sharing plan
  • Depositing de-identified data in ReDATA
  • General DMP writing workshops
  • Referrals
Human Subjects Protection Program
  • IRB applications
  • Consent form reviews
  • Guidance on storage
Ryan Duitman - UITS
  • Controlled and regulated storage and compute
Scott Pryor - Research Compliance Services
  • Online NIH-specific training for UA researchers (coming soon)
  • Responsible conduct of research
Mariette Marsh - Regulatory Affairs & Safety
  • Compliance
Your departmental grants administrators
  • Budgeting and costs
Jerry Perry - UA Health Sciences Library
  • Communication, outreach materials for faculty, staff and administrators regarding the new NIH policy

More Information:

For more information from the UA Libraries, see Data Management Resources

Latest Communications