Approaches and tools for security in software and hardware development and assessment

The Horizon Europe call titled "Approaches and tools for security in software and hardware development and assessment" (HORIZON-CL3-2026-02-CS-ECCC) seeks to enhance security in software and hardware ecosystems by addressing vulnerabilities in complex, globalized supply chains. The application process is open with a single-stage submission, scheduled to open on March 3, 2026, and close on September 15, 2026, at 17:00 Brussels time.

The total budget for this initiative is €56,200,000, distributed across three topics. The first two topics, HORIZON-CL3-2026-02-CS-ECCC-01 and HORIZON-CL3-2026-02-CS-ECCC-03, focus on Research and Innovation Actions (RIA), each with a budget of €20,000,000 and €15,000,000 respectively, while HORIZON-CL3-2026-02-CS-ECCC-02 is an Innovation Action (IA) with €21,200,000 allocated. Each grant is expected to range from €3,000,000 to €4,000,000, with an indicative number of grants set at five for the first two topics and four for the third.

Eligible applicants include legal entities established in EU Member States and Associated Countries, and entities controlled by non-eligible countries are excluded. The call's focus areas emphasize innovative security solutions for secured hardware systems over trusted chips and the security of software supply chains.

Proposals must explicitly focus on one of two primary themes: securing hardware systems, which includes developing architectures for tamper-resistant chips, and ensuring software supply chain security, which involves secure code provenance and automated vulnerability detection. Projects are encouraged to report on advanced security frameworks that reinforce the EU’s strategic autonomy and mitigate cyber threats, especially those related to post-quantum capabilities.

Success rates are not specified, but typically, Horizon Europe projects experience success rates of approximately 5% to 15%. A co-funding requirement has not been explicitly detailed, but generally, it is anticipated at an 85% funding rate, meaning applicants typically need to secure at least 15% from non-EU sources.

This call is strategically positioned to bolster Europe's cybersecurity infrastructure by promoting collaborative projects among a diverse set of stakeholders, including research consortia, technology companies, and academic institutions. Emphasizing the interconnectedness of hardware and software in the security landscape, the initiative seeks transformative approaches to ensuring the resilience of digital ecosystems within Europe.

The EU Funding and Tenders Portal presents a call for proposals titled "Approaches and tools for security in software and hardware development and assessment" under the Horizon Europe (HORIZON) program, specifically the Indirectly Managed Action by the ECCC (2026) (HORIZON-CL3-2026-02-CS-ECCC). The call aims to enhance security in software and hardware development ecosystems by addressing vulnerabilities in globalized supply chains. The call is forthcoming with a single-stage deadline model. The planned opening date is 03 March 2026, and the deadline for submission is 15 September 2026, at 17:00:00 Brussels time.

The expected outcomes of the proposals should contribute to one or more of the following: enhanced security frameworks for both hardware and software supply chains, building on root-of-trust architectures and secure lifecycle management; secure and trusted chip architectures for next-generation computing and networking systems; integrated security-by-design approaches in software development, aimed to be aligned with relevant regulatory requirements; security testing methodologies, including formal verification approaches and AI-driven security testing methodologies; and standardized methodologies for hardware security assessment, also contributing to cybersecurity certification.

The scope of the call emphasizes the increasing complexity and globalization of software and hardware supply chains, which introduce new vulnerabilities that cyber adversaries can exploit. It aims to develop innovative tools, methods, and processes to secure the entire ecosystem of software and hardware development. Proposals should explicitly select one main area of focus but can also address both:

a. Secured hardware systems over trusted Chips: This subtopic focuses on developing robust security solutions for trusted hardware platforms, focusing on secured microprocessors, secure boot mechanisms, and cryptographic acceleration. Proposals are also expected to address the risks of hardware-based vulnerabilities and backdoors, ensuring the security of devices from edge to cloud, also taking into account emerging threats, including quantum where relevant. Synergies with existing EU initiatives on trusted hardware (e.g., CHIPS JU, EuroHPC) are encouraged. The topic is expected to: Develop new architectures for tamper-resistant chips and processors, enhance supply chain transparency for chip production and integration, establish security-by-design methodologies for hardware security assessment, develop methods and tools for an effective and efficient non-destructive authentication and physical analysis of integrated circuits and multi-chips modules (chiplets), develop technical means for ensuring hardware supply chain security, and secure PQC implementations, and develop self-healing firmware able to recover from cyber-attacks.

b. Software Supply Chain security: This subtopic focuses on mitigating security risks in software supply chains, including secure code provenance, automated vulnerability detection, and secure software development lifecycle (SDLC) methodologies and tools, including those related to PQC security. Proposals should integrate formal verification approaches or AI-assisted security testing, leveraging upcoming European and International standards for supply chain security. The topic is expected to: Develop innovative tools for real-time software vulnerability detection and automatic patching, enhance secure software frameworks, including protection against the quantum threat, and improve resilience against supply chain cyber threats.

The general conditions for this call include:

1. Admissibility Conditions: Proposal page limit and layout described in Annex A and Annex E of the Horizon Europe Work Programme General Annexes. Proposal page limits and layout are described in Part B of the Application Form available in the Submission System.

2. Eligible Countries are described in Annex B of the Work Programme General Annexes. A number of non-EU/non-Associated Countries that are not automatically eligible for funding have made specific provisions for making funding available for their participants in Horizon Europe projects. See the information in the Horizon Europe Programme Guide.

3. Other Eligible Conditions: Participation is limited to legal entities established in Member States and Associated Countries to safeguard the Union’s strategic assets, interests, autonomy, and security. Entities directly or indirectly controlled by a non-eligible country or entity shall not participate.

4. Financial and operational capacity and exclusion are described in Annex C of the Work Programme General Annexes.

5a. Evaluation and award: Award criteria, scoring, and thresholds are described in Annex D of the Work Programme General Annexes. Grants will be awarded to applications to ensure a balanced portfolio covering a broad range of research areas, not only in order of ranking but at least also to the two highest ranked proposal addressing area a) as their main area of focus and the highest ranked proposal addressing area b) as its main area of focus, provided that the applications attain all thresholds.

5b. Evaluation and award: Submission and evaluation processes are described in Annex F of the Work Programme General Annexes and the Online Manual.

5c. Evaluation and award: Indicative timeline for evaluation and grant agreement are described in Annex F of the Work Programme General Annexes.

6. Legal and financial set-up of the grants: Eligible costs will take the form of a lump sum as defined in the Decision of 7 July 2021. This is further described in Annex G of the Work Programme General Annexes.

Specific conditions are described in the specific topic of the Work Programme.

Application and evaluation forms and model grant agreement (MGA) information: Application form templates are available in the Submission System, including a standard application form (HE RIA, IA). Evaluation form templates will be used with the necessary adaptations, including a standard evaluation form (HE RIA, IA). Guidance is available in the HE Programme Guide. Model Grant Agreements (MGA) include a Lump Sum MGA. Call-specific instructions include a detailed budget table (HE LS) and guidance on lump sums. An Ownership Control Declaration and information on Security issues are also available.

Additional documents include: HE Main Work Programme 2026-2027 – 1. General Introduction, HE Main Work Programme 2026-2027 – 6. Civil Security for Society, HE Main Work Programme 2026-2027 – 15. General Annexes, HE Programme Guide, Decision authorising the use of lump sum contributions under the Horizon Europe Programme, Rules for Legal Entity Validation, LEAR Appointment and Financial Capacity Assessment, EU Grants AGA Annotated Model Grant Agreement, Funding & Tenders Portal Online Manual, Funding & Tenders Portal Terms and Conditions, and Funding & Tenders Portal Privacy Statement.

The budget overview for the call includes three topics:

HORIZON-CL3-2026-02-CS-ECCC-01 - HORIZON-RIA HORIZON Research and Innovation Actions: Budget of 20,000,000 EUR, single-stage, opening on 2026-03-03, deadline on 2026-09-15, contributions of 3,000,000 to 4,000,000 EUR, and an indicative number of 5 grants.

HORIZON-CL3-2026-02-CS-ECCC-02 - HORIZON-IA HORIZON Innovation Actions: Budget of 21,200,000 EUR, single-stage, opening on 2026-03-03, deadline on 2026-09-15, contributions of 3,000,000 to 4,000,000 EUR, and an indicative number of 5 grants.

HORIZON-CL3-2026-02-CS-ECCC-03 - HORIZON-RIA HORIZON Research and Innovation Actions: Budget of 15,000,000 EUR, single-stage, opening on 2026-03-03, deadline on 2026-09-15, contributions of 2,000,000 to 3,000,000 EUR, and an indicative number of 4 grants.

There are 5 partner search announcements available.

The submission system is planned to open on the date stated on the topic header.

For guidance and support, applicants are encouraged to contact the National Cybersecurity Coordination Centres (NCC) in their country or the ECCC Applicants Direct Contact Centre. Additional resources include the Online Manual, Horizon Europe Programme Guide, Funding & Tenders Portal FAQ, Research Enquiry Service, National Contact Points (NCPs), Enterprise Europe Network, IT Helpdesk, European IPR Helpdesk, CEN-CENELEC Research Helpdesk, ETSI Research Helpdesk, and Partner Search.

In summary, this Horizon Europe call focuses on bolstering the security of software and hardware supply chains by funding research and innovation actions. It targets the development of advanced tools, methods, and processes to mitigate vulnerabilities and enhance security across the entire lifecycle of digital systems. The call offers funding opportunities for projects focusing on secured hardware systems and software supply chain security, encouraging applicants to address emerging threats and align with relevant regulatory requirements. The application process involves a single-stage submission, with specific guidelines and support resources available to assist applicants. The overall aim is to create more resilient and secure digital ecosystems within the EU member states and associated countries.

Eligible Applicant Types: The eligible applicant types are legal entities established in EU Member States and Associated Countries. Entities established in an eligible country but controlled by a non-eligible country or entity are not eligible.

Funding Type: The funding type is a grant, specifically a HORIZON Lump Sum Grant under the Horizon Europe Programme. There are three types of actions: HORIZON Research and Innovation Actions (HORIZON-RIA) and HORIZON Innovation Actions (HORIZON-IA).

Consortium Requirement: The opportunity does not explicitly state whether a single applicant or a consortium is required. However, given the scope and nature of the projects, a consortium is highly probable. The partner search announcements suggest that collaboration is expected.

Beneficiary Scope (Geographic Eligibility): The geographic eligibility is limited to legal entities established in EU Member States and Associated Countries.

Target Sector: The target sector is cybersecurity, with a focus on software and hardware supply chain security, trusted chip architectures, secure software development, security testing methodologies, and hardware security assessment. Specific areas include secured hardware systems over trusted chips, and software supply chain security.

Mentioned Countries: The opportunity explicitly mentions the 27 EU Member States, Iceland, and Norway as countries with National Cybersecurity Coordination Centres (NCCs). It also refers to non-EU/non-Associated Countries that have made specific provisions for funding participants in Horizon Europe projects.

Project Stage: The project stage varies depending on the type of action. HORIZON-RIA (Research and Innovation Actions) suggests projects in the research, development, and validation stages, while HORIZON-IA (Innovation Actions) suggests projects in the demonstration, and commercialization stages.

Funding Amount: The funding amounts vary by topic:
HORIZON-CL3-2026-02-CS-ECCC-01 (HORIZON-RIA): EUR 20,000,000 total, with contributions of EUR 3,000,000 to EUR 4,000,000 per grant, and an indicative number of 5 grants.
HORIZON-CL3-2026-02-CS-ECCC-02 (HORIZON-IA): EUR 21,200,000 total, with contributions of EUR 3,000,000 to EUR 4,000,000 per grant, and an indicative number of 5 grants.
HORIZON-CL3-2026-02-CS-ECCC-03 (HORIZON-RIA): EUR 15,000,000 total, with contributions of EUR 2,000,000 to EUR 3,000,000 per grant, and an indicative number of 4 grants.

Application Type: The application type is an open call with a single-stage submission process.

Nature of Support: The beneficiaries will receive money in the form of lump sum grants.

Application Stages: The application process is a single-stage process.

Success Rates: The success rates cannot be determined from the provided text. The indicative number of grants and the total budget are given, but the number of applications is not.

Co-funding Requirement: The opportunity does not explicitly mention a co-funding requirement.

Summary:

This Horizon Europe call, managed by the ECCC (European Cybersecurity Competence Centre), focuses on enhancing security in software and hardware development and assessment. The call aims to address vulnerabilities in increasingly complex and globalized software and hardware supply chains. It is structured around two main areas: secured hardware systems over trusted chips, and software supply chain security.

The call is divided into three specific topics, each with a dedicated budget and expected outcomes. HORIZON-CL3-2026-02-CS-ECCC-01 and HORIZON-CL3-2026-02-CS-ECCC-03 are Research and Innovation Actions (RIA), while HORIZON-CL3-2026-02-CS-ECCC-02 is an Innovation Action (IA). The total funding available is EUR 56,200,000, distributed across these topics.

Eligible applicants must be legal entities established in EU Member States and Associated Countries, ensuring that the Union’s strategic assets, interests, autonomy, and security are safeguarded. The funding will be provided as lump sum grants, and the application process involves a single stage.

Projects should contribute to enhanced security frameworks, secure chip architectures, integrated security-by-design approaches, advanced security testing methodologies, and standardized hardware security assessment. Synergies with existing EU initiatives like CHIPS JU and EuroHPC are encouraged.

The call emphasizes the development of innovative tools, methods, and processes to secure the entire ecosystem of software and hardware development, addressing both hardware and software vulnerabilities, and promoting security-by-design principles. It also highlights the importance of supply chain transparency, traceability, and resilience against cyber threats, including those related to post-quantum cryptography.

To ensure a balanced portfolio, grants will be awarded to top-ranked proposals in both the hardware and software security areas, provided they meet all thresholds. This call is relevant for organizations involved in cybersecurity research, hardware and software development, and supply chain security, aiming to foster innovation and enhance the security posture of digital systems within the EU and associated countries.