figshare help

How your Figshare research repository meets the NIH and OSTP “Desirable Characteristics for Data Repositories”

This page is applicable to those using or considering Figshare as their institutional or organizational repository. If you are using a account, this help page for the NIH or this page for OSTP outline how our researcher accounts align with the desirable characteristics.

Policies around open access and data sharing are expanding for federal funders. Data repositories that make research data and other outputs accessible and citable are a core piece to these policies. Research institutions can play an important role in helping researchers with compliance by offering policy compliant repository infrastructure.

Three sets of guidance/policies in particular are significant because of how many funders, publishers, or researchers are affected.

  1. In May 2022, the National Science and Technology Council (NSTC) published a document, Desirable Characteristics of Data Repositories for Federally Funded Research. The NSTC is part of the Office of Science and Technology Policy (OSTP) and this document describes the features and functionality desired by the OSTP “to reduce the complexity for the research community — including investigators, program officers, data managers, librarians, and others — in complying with Federal data sharing policies.” 
  2. In January 2023 a new NIH Policy for Data Management and Sharing went into effect. It includes supplemental information on Selecting a Data Repository (NOT-OD-21-016), which outlines desirable data repository characteristics that researchers should seek out to share their NIH-funded research data and materials. 
  3. In March 2023, the U.S. Repository Network published its Desirable Characteristics of Digital Publication Repositories with an eye “to increase interoperability across the national and global repository network and establish suitability of a digital publication repository to be an “agency-designated” repository for federally funded research.”

Figshare is a well-established repository platform that research institutions can use to run a full institutional or a data specific repository. Off the shelf, Figshare meets many of the desirable characteristics as outlined for the NIH and OSTP for individual researcher accounts. When the platform is combined with institutional workflows or policies, Figshare can help an institution provide its researchers with a repository that meets all of the desirable characteristics.

The following table lists the desirable characteristics for each policy. The ‘Figshare compliance’ column indicates how Figshare complies with or helps the institution comply with the characteristics and links to more information further down the page.

OSTP NIH U.S. Repository Network Figshare compliance Comments
Free and easy access Free and easy access Free and Easy
Discoverability & Access
Fully met
Clear Use Guidance Clear Use Guidance Clear Use Guidance Fully met
Risk management Confidentiality Fully met with institutional workflows Submission and review workflows
Retention Policy Retention Policy Preservation Fully met Can be fully met in a more robust way through an institution’s policy
Long-term Organizational Sustainability
Long-term Technical Sustainability
Long-term Sustainability Long-term Organizational Sustainability
Long-term Technical Sustainability
Fully met
Unique Persistent Identifiers Unique Persistent Identifiers Unique Persistent Identifiers Fully met
Metadata Metadata Metadata Fully met
Curation and Quality Assurance Curation and Quality Assurance Curation and Quality Assurance Fully met with institutional workflows Submission and review workflows
Broad and measured reuse Broad and measured reuse Broad and measured reuse Fully met
Common Format Common Format Common Format Fully met with institutional workflows Review workflows
Provenance Provenance Provenance Fully met
Authentication - Authentication Fully met Related to NSPM-33
Security & Integrity Security & Integrity Security & Integrity Fully met Enhanced by institution policies

Additional Considerations for Repositories Storing Human Data

Figshare is not designed for sensitive data. However, de-identified data from human participants may be shared in the repository when the data collection process is managed and data files are processed in order to safely allow for this in accordance with all applicable regulations, IRB protocols, participant consent, and the institution’s terms of use.
See additional information from the NIH on sharing human data

Fidelity to Consent Fidelity to Consent - Entirely dependent on institution
Security Privacy - Entirely dependent on institution
Limited Use Compliant Restricted Use Compliant - Fully met with institutional workflows Restricted and Request access
Download Control Download Control - Fully met with institutional workflows Restricted and Request access
Request Review Request Review - Fully met with institutional workflow Can use the Request access feature
Plan for Breach Plan for Breach - Fully met with institutional policies
Accountability Violations - Fully met with institutional workflows

Fully met off the shelf

Free and easy access 

All content hosted on Figshare infrastructure that is published publicly can be downloaded by anyone, with no need to log in. Content can also be mass downloaded or mined using the Figshare API, also openly available to anyone at By default metadata in Figshare is licensed CC0 for broad reusability but an institution can apply its own license. 

At the same time, there are some cases when it is appropriate to restrict access to data, which Figshare supports for institutions via restricted access embargo, private link, and linked data options. An embargo can be applied for any period of time on either the files only or the entire item. Institutions can then specify restricted access options including access to logged-in users, groups, or by IP range. Institutions can also enable a “request access” feature.

Figshare has endorsed the TRUST principles for Digital Repositories, the FAIR principles for open data, and is ISO27001 certified. 

Broad and measured reuse

Institutions can customize the license options available to their users and encourage the use of open licenses.

Metrics of reuse are openly tracked for each public item on Figshare including the number of  Views, Downloads, and Citations and the Altmetric score. Views and downloads are COUNTER compliant and citation data is harvested from the full text of preprints and publications based on the dataset’s unique DOI. Figshare has also implemented Make Data Count to meet community standards for metrics.

Unique Persistent Identifiers 

Every item in Figshare receives a persistent identifier and Figshare will use the institution’s chosen persistent identifier service. Figshare can also set up a DataCite account for the institution.

Figshare authors can also add their ORCID, a unique author identifier, to their Figshare Author Profile and can sync Figshare with ORCID and DataCite so that all of their public items from Figshare are pushed to ORCID. Institutions can include ORCID information for repository researcher accounts and authorship through an HR feed.

An institution can include a Research Organization Registry ID (ROR) with items stored in its repository.

The Funding field in Figshare metadata allows authors to add the specific grants and other sources of support for a project either by searching the linked Dimensions grants database or with free text. Researchers can add NIH grants by searching for the grant ID or title and selecting the appropriate grant. 

Long-term Sustainability 

(Divided into Long-term Organizational Sustainability and Long-term Technical Sustainability in the OSTP Desirable Characteristics)

Figshare was founded in 2011 and in 2012 became a part of the Digital Science portfolio of companies that support the research lifecycle. Over this period of time, it has grown into a sustainable company with more than 150 clients including research institutions around the world. Using a subscription model for software as a service, Figshare is able to provide policy-compliant infrastructure for FAIR data sharing to users at institutions.

For institutions, Figshare is a reliable and sustainable software as a service with ISO27001 certification and robust storage and backup. Institutions can enhance this sustainability with internal policies around record management and preservation.


To publish on Figshare, all outputs must include mandatory metadata including: title, author(s), category, item type, keywords, description, and a machine-readable license. Funding sources, author ORCID, title and DOI of an associated peer-reviewed publication, and links to other references may also be included.  

Metadata on Figshare is represented in a number of languages including but not limited to  HTML, Dublin Core (oai_dc), Datacite (oai_datacite), RDF (rdf), CERIF XML (cerif), Qualified Dublin Core (qdc) (hasPart support), Metadata Encoding and Transmission Standard (mets) and UKETD_DC (uketd_dc). The Figshare OAI-PMH v2.0 implementation has the following baseURL:

The link between data and metadata needs to be made explicit by clearly stating the globally unique and persistent identifier in the metadata that relates to the data. Figshare does this in all metadata export languages, including which is used to ensure indexing of Figshare content on Google, Google Scholar, and Google Dataset Search

Metadata and identifiers are also areas Figshare is actively working to enhance in the future — see our product roadmap

Clear Use Guidance 

Every item in Figshare receives a license to explicitly document allowable reuse. On public records, the license links to the license terms. In the metadata entry form, the license dropdown includes a tooltip for each entry giving the researcher more information about the license. The metadata entry form also encourages researchers to include additional documentation regarding any access or reuse requirements as a README file and in the dataset description. 

Institutions can customize what licenses are available in their repositories.

‍Security & Integrity 

Figshare has clear internal policies on security, integrity, and privacy. Institutions can enhance the security and integrity of the items in the repository through an internal privacy policy, terms of use, and moderation and take-down policy. Figshare supports institutions with the following policies:

Digital Science and Figshare are ISO27001 certified and both have a documented Incident Management Procedure.


Figshare tracks all uploaded files and any revisions made to the files or metadata of draft and published items. Once published, Figshare supports version control. DOIs are version controlled and publication dates are openly tracked. Published data in an institution’s repository can only be removed by an administrator. Actions such as changes made by a reviewer or by an administrator impersonating a user are also logged.

Retention Policy

Figshare’s default policy is that all content on Figshare will be retained for the lifetime of the repository. An institution’s retention policy supersedes this policy for items in the institution’s repository. The metadata and files are owned by the institution and can be moved off the Figshare platform and into another platform by the institution at any time.


Institutions are able to use a number of Single Sign-On (SSO) or account creation methods including but not limited to Shibboleth, ADFS, HR feeds, and more.

Figshare authors can add their ORCID iD, a unique author identifier to their Figshare Author Profile so their ORCID is linked to published items and can sync Figshare with ORCID and DataCite so that all of their public items from Figshare are pushed to ORCID. 

The ORCID integration is particularly important to meet the 2022 OSTP “Ensuring Free, Immediate, and Equitable Access to Federally Funded Research” Memo and Section 4(b)(v) of NSPM-33 that directs federal funders to have policies around persistent identifiers for researchers. 

Fully met with institutional policies or workflows

Curation and Quality Assurance 

Institutions that use Figshare to power their repository may use the Figshare review module for curation of files and metadata before they are published. Administrators can turn on this review feature and have experts review and edit datasets and metadata in collaboration with authors before they are published.

Risk Management and Confidentiality

An institution’s terms of use can guide researchers on what types of information should not be uploaded to the institution’s Figshare repository. Figshare data is stored securely and carefully monitored to ensure integrity and privacy but these may not meet the requirements for restricted and human identifiable data. An institution’s policies can build on Figshare’s stringent security protocols. 

‍Common Format

‍Figshare accepts all file formats in order to keep the barriers to data sharing low for researchers. This allows researchers to share the data according to the best practices of their research communities as well as allows flexibility for certain methods or disciplines where specific file types that may not be open are required for data access or reuse. An institution using Figshare can provide guidance to its researchers around file formats and can implement policies that require certain file formats. File formats can be checked in the review process before publication.

All files and metadata publicly available on a Figshare repository are available to be freely downloaded, including via the Figshare API at Figshare’s Open API supports OAI-PMH, which provides a simple technical option for data providers to make their metadata available to services, based on the open standards HTTP (Hypertext Transport Protocol) and XML (Extensible Markup Language). For more information please visit:

Note that the following are Additional Considerations for Repositories Storing Human Data.

Figshare is not designed for sensitive data. However, de-identified data from human participants may be shared in the repository when the data collection process is managed and data files are processed in order to safely allow for this in accordance with all applicable regulations, IRB protocols, participant consent, and the institution’s terms of use.

See additional information from the NIH on sharing human data.

Fidelity to Consent

Meeting this characteristic is entirely dependent on an institution’s internal procedures to ensure that the research outputs are suitable for upload to the repository and that access to research outputs is consistent with participant consent and changes to consent. Institutions can use the administrator roles, request access, and restricted access features to control access as needed.

Security/Privacy (as relates to storing human data)

Meeting this characteristic is entirely dependent on an institution’s procedures around human subject data. Figshare can be used as a way to make the existence of data discoverable, collect access requests to data, provide restricted access to de-identified data, and provide access information for more sensitive data stored on different infrastructure.

Limited/Restricted Use Compliant 

An institution supporting a Figshare repository may use Figshare’s restricted access functionality to restrict access to files and metadata. External systems can also be used to provide restricted access to resources. A Figshare item can link to files hosted elsewhere or an item can be metadata only with instructions on how to access files. Private access to files stored in a Figshare repository can be provided by private link or to specific groups (determined by repository group affiliation, authentication, or IP address).

Plan for Breach

Figshare has a security policy and a documented incident management procedure that includes handling breaches. Figshare maintains audit logs that can trace a breach. Note that the Figshare plans are not specific to beaches of sensitive research data such as identifiable human subjects’ data as storing this type of data is not what the Figshare platform is designed for. 

An institution’s security and response plan can fully meet this characteristic by building on the existing Figshare security measures and plans.

Download Control

Institutions can enable the request access feature to restrict access to files and keep track of requests and access to the data files. Views and downloads in Figshare are counted on a per item basis and are logged by IP address but not by user account or any other end user information.  

Request for Review

Figshare’s request access feature enables institutions to collect requests for access to items with restricted access or stored outside of the repository. Data access requests in Figshare can be employed as part of an institution's established process for reviewing and administering these requests. This characteristic can be fully met with an institutional workflow. 


An institution using Figshare has full control over the records stored in the repository and can specify a terms of use policy that prohibits certain uses of the repository including the upload of certain categories of materials. A take down policy can guide administrators on removing content that violates the terms of use.

Share this article: