Navaide Logo

SBIR Data Rights Guide

Comprehensive guide to SBIR data rights protection, government obligations, and practical implications for Phase III contracting.

Purpose

This primer explains the scope and application of SBIR data rights protections under the Small Business Innovation Research (SBIR) program. Understanding what is and is not protected by SBIR data rights enables government staff to fulfill their stewardship obligations while maintaining effective use of all deliverables under the contract.

Statutory and Regulatory Framework

15 U.S.C. § 638(g)

Protection of Information - Requires agencies to protect SBIR-developed technical data and computer software from unauthorized disclosure. Statutory basis for SBIR data rights regime.

DFARS 252.227-7018

Rights in Noncommercial Technical Data and Computer Software—SBIR Program. DoD implementation defining government rights during and after protection period. Specifies marking requirements.

SBA SBIR Policy Directive

Section 8(b) - Data Rights Protection. Establishes 20-year protection period measured from contract award. Protection applies regardless of SBIR effort completion status.

Protected vs Not Protected by SBIR Data Rights

What IS Protected

Technical Data

Definition: Recorded information of a technical nature, regardless of form or method of recording.

Protected Elements per DFARS 252.227-7018:

  • Designs, algorithms, and methodologies developed under the SBIR effort
  • System architectures and technical approaches
  • Analysis frameworks and decision models
  • Technical documentation describing the SBIR-developed technology
  • Specifications that define internal system operation
  • Engineering drawings and schematics
  • Test data and technical reports

Computer Software

Definition: Computer programs, source code, and databases developed under the SBIR contract.

Protected Elements:

  • Source code and object code for software developed under the SBIR effort
  • Proprietary algorithms and computational methods
  • Database structures and data models
  • Application programming interfaces (APIs) that expose internal functionality
  • Software documentation describing internal system operation
  • Configuration files and deployment scripts

Protection Duration

20 Years

From date of contract award

  • • Protection begins from date of contract award for the Phase I, II, or III effort
  • • Applies regardless of whether SBIR effort is complete
  • • Per SBA Policy Directive Section 8(b)
  • • Same duration across all three phases

What IS NOT Protected

Non-Technical Data

DFARS 252.227-7018 protects only technical data. Non-technical information remains fully accessible to the government with unlimited rights.

Not Protected (Unlimited Rights):

  • Financial data, including cost and pricing information
  • Management reports and administrative documentation
  • Performance metrics and contract deliverable status
  • Business processes and organizational information
  • Schedule data and milestone tracking
  • Invoice and payment documentation

Form, Fit, and Function Data

DFARS 252.227-7018(a)(15) specifically excludes form, fit, and function data from SBIR protections. This exclusion ensures the government can procure compatible items and services without restriction.

Form, Fit, and Function Data Includes:

  • Form: Technical data that describes the physical characteristics of deliverables
  • Fit: Interface specifications and connection requirements
  • Function: Functional requirements and performance characteristics
  • System inputs, outputs, and external behaviors
  • User interface specifications and operational requirements
  • API specifications that define how external systems interact

Software Example

While internal algorithms, source code, and technical approaches remain protected, the external interfaces and functional specifications that enable system integration do not. API specifications that define how external systems interact with the software receive unlimited rights, even though the underlying code implementing those APIs remains protected.

Data Processed by SBIR Systems

SBIR data rights protect the technology and methods developed under the SBIR contract, not the data that the technology processes or analyzes.

Government Retains Unlimited Rights To:

  • Input data provided by the government
  • Output data and analytical results generated by the system
  • Reports and deliverables containing analysis results
  • Databases populated with government information
  • Insights, recommendations, and decision support products

Contract Application

While the AI-DDSF framework's algorithms and technical implementation remain protected, all analytical outputs, recommendations, and reports generated using the framework are deliverables with unlimited government rights.

Information Already in Public Domain

DFARS 252.227-7018(a)(14) excludes information already publicly available from SBIR protections.

Not Protected:

  • Published research, methodologies, and technical approaches
  • Open-source software components incorporated into deliverables
  • Industry-standard frameworks and methodologies
  • Information disclosed in patents or technical publications

AI-DDSF Component Protection

Protected by SBIR Data Rights

  • AI-DDSF source code, object code, and executable programs
  • Proprietary algorithms for data ingestion, correlation, and analysis
  • Knowledge graph architectures and ontologies
  • Machine learning models and training datasets specific to AI-DDSF
  • System design documentation and technical specifications
  • Internal APIs and integration logic
  • Database schemas and data models

NOT Protected (Unlimited Rights)

  • Work products generated using AI-DDSF (reports, analytics, briefings)
  • Government-provided data processed by AI-DDSF
  • API documentation and integration protocols (form, fit, function)
  • Deliverables that do not reveal AI-DDSF technical architecture
  • General professional services methodologies
  • User manuals and operational documentation
  • Performance reports and metrics

⚠️ Key Distinction

The Government owns all data generated under the contract but has limited rights to the SBIR-developed tools that generate that data.

Government Rights and Responsibilities

Rights Granted to Government

For SBIR-protected technical data and computer software, DFARS 252.227-7018 grants the government restricted rights, which include:

Government MAY:

  • Use: Use protected data and software internally without limitation. No restrictions on government mission operations.
  • Reproduction: Make copies for internal use, backup, archive, and disaster recovery.
  • Limited Disclosure: Disclose to other government agencies and contractors supporting government purposes (with protections).
  • Emergency Exception: Release to qualified emergency responders for emergency repair and overhaul only.

Government MAY NOT (During 20-Year Period):

  • External Release: Cannot release outside government without contractor permission
  • Competitive Use: Cannot use for competitive procurements or authorize third-party commercial use
  • Manufacturing: Cannot use SBIR data for manufacturing purposes without authorization

Government's Obligation to Protect

With restricted rights comes the government's responsibility to protect SBIR data appropriately. DFARS 252.227-7018 requires:

Marking Requirements

  • • Contractor must mark all SBIR-protected data with restricted rights legend (DFARS 252.227-7018(f))
  • • Government personnel must verify proper marking
  • • Unmarked deliverables risk being treated as unlimited rights

Limited Disclosure

  • • Protected materials disclosed only to parties with legitimate government purpose
  • • Appropriate protections must be in place
  • • Non-disclosure agreements executed

Protection Requirements

  • • Recipients must maintain appropriate safeguards
  • • Prevent unauthorized disclosure
  • • Track and control access
  • • Report suspected compromises

FOIA Exemption

  • • SBIR-protected data is exempt from disclosure under FOIA
  • • Per 5 U.S.C. § 552(b)(4)
  • • Exemption applies for 20 years

Government Personnel Responsibilities

  • • Verify contractor marks deliverables properly
  • • Ensure marked materials receive appropriate handling
  • • Train staff on SBIR data rights obligations
  • • Prevent inadvertent disclosure
  • • Report any potential compromises

Practical Implications for Phase III Transition

Sole-Source Justification Support

SBIR data rights protections support sole-source Phase III awards by ensuring that only the SBIR awardee possesses the protected technical data and software necessary for performance.

  • • Protected IP creates technical barrier to entry
  • • Alternative contractors cannot access SBIR technology
  • • Government cannot compel technology transfer
  • • Statutory framework supports sole-source

Contract Administration

Clear delineation between protected and non-protected data enables:

  • • Effective oversight while respecting contractor IP
  • • Appropriate handling of marked materials
  • • Understanding of what government fully owns
  • • Clarity on deliverable expectations

Government Flexibility

Despite SBIR protections, government retains substantial flexibility:

  • Form, fit, and function data - Unlimited rights for integration
  • Analytical outputs - Full ownership of work products
  • Operational use - No restrictions on internal use
  • Support contractors - Can disclose with protections

Long-Term Protection & Planning

During 20-Year Period:

  • • Sole-source follow-on awards supportable
  • • Technology commercialization protected
  • • Government use rights preserved

After 20-Year Period:

  • • Rights expand to Government Purpose Rights
  • • Greater flexibility for competitions
  • • Sustainment and follow-on support enabled

Summary

SBIR data rights create a balanced framework that protects the contractor's intellectual property while ensuring the government retains necessary rights to utilize deliverables effectively.

Key Principles

Protected (20 years):

  • • Technical data and computer software developed under SBIR
  • • Source code, algorithms, architectures
  • • Proprietary methods and designs

Not Protected (Unlimited Rights):

  • • Non-technical data (financial, management)
  • • Form, fit, and function data
  • • Data processed by SBIR systems
  • • Publicly available information

Responsibilities

Government Rights:

  • • May use, reproduce, disclose for government purposes
  • • Appropriate safeguards required
  • • FOIA exempt during protection period

Government Responsibility:

  • • Verify proper marking of deliverables
  • • Ensure protected materials receive appropriate handling
  • • Train personnel on obligations
  • • Prevent unauthorized disclosure

Phase III Implications

  • • Data rights protections support sole-source justification
  • • Government access preserved for mission operations
  • • Contractor commercialization protected
  • • Legal foundation for Phase III authority maintained

Related Resources

Questions or Support

Navaide

solutions@navaide.com619-415-0038

UEI: HZCDXJV7M8Z9 | CAGE: 7M3J9