MICCAI 2026 Challenge Requirements related to U.S. Security Directives

Note: The information presented on this page, including the FAQ below, has been prepared to assist Challenge organizers and is provided for informational purposes only. It does not constitute advice or an official interpretation of the EO 14117, the 28 CFR Part 202, and the Guide Notice NOT-OD-25-083. The MICCAI Society and the MICCAI 2026 Organizing Committee assume no liability for the information provided.

The MICCAI Society appreciates the effort required for the successful organization and execution of MICCAI Challenges, as they provide a fair, transparent, and robust environment for evaluating computational solutions to common problems in our field. They have become a cornerstone of the annual MICCAI conference, bringing together diverse teams worldwide to work on shared benchmarks and exchange ideas, accelerating state-of-the-art progress and enabling efficient dissemination of new results.

Background

We came to know that in support of recent security directives in the USA, NIH has implemented a technical update to enhance security measures focused on protecting data provided by NIH Controlled-Access Data Repositories (CADRs). More specifically, as of April 4, 2025, NIH is prohibiting access to and ending any remaining ongoing projects involving NIH CADRs and associated data by researchers and institutions located in countries of concern. These countries include China (including Hong Kong and Macau), Russia, Iran, North Korea, Cuba, and Venezuela, consistent with EO 14117 and 28 CFR Part 202 “Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons.”

Please see Guide Notice NOT-OD-25-083 for more details.

Requirements

To enable and accept the organization and execution of Challenges, as part of the MICCAI 2026 conference, all Challenge organizers are required to communicate with the MICCAI 2026 Satellite Events committee to confirm whether they use data related to the U.S..

If yes, Challenge organizers must confirm in writing that they comply with the EO 14117, the 28 CFR Part 202, and the Guide Notice NOT-OD-25-083.

If not, Challenge organizers are required to confirm this information to the MICCAI 2026 Satellite Events committee.

Frequently Asked Questions

What restrictions apply to the data provided by the Challenge organizers?

The data provided by the Challenge organizers to its participants must not:

1. include any precise geolocation data, whether real-time or historical, collected about or maintained on more than 1,000 U.S. devices. Geolocation data defines data that identify the physical location of an individual or a device with a precision of within 1,000 meters.
2. include any human -omic data from more than 1,000 U.S. persons, or, in the case of human genomic data, more than 100 U.S. persons.
3. exceed images (or other health information) of more than 10,000 U.S. persons.

Should these data be provided to participants exactly as obtained from the source?

All data should be computationally processed (e.g., skull-stripped or defaced) to obliterate any facial and/or measurable physical characteristics that can otherwise be used to reconstruct the face and result in the recognition of the identify of an individual.

Are there any restrictions of the usage of these data?

The data must not be used for data brokerage purposes, a vendor agreement or other similar arrangement, an employment agreement or other similar arrangement, or an investment agreement or other similar arrangement.

Are there any requirements for the Challenge participants?

The Challenge organizers must also ensure that anyone receiving the data agree in writing that they will comply with the EO 14117, the 28 CFR Part 202, and the Guide Notice NOT-OD-25-083. For example, these confirmations could be in the form of a data-use/challenge-participation agreement.