Call for proposals to national data protection authorities on reaching out to stakeholders in data protection legislation

CERV-2026-DATA is a Citizens, Equality, Rights and Values (CERV) programme call providing lump-sum grants to national Data Protection Authorities to facilitate GDPR compliance outreach to SMEs, small mid-caps and similar organisations. The total call budget is €2,300,000 with individual grants between €75,000 and €250,000 funded at a 90% lump-sum rate for projects of 12–24 months. Only national DPAs may be lead applicants (one application per Member State), co-applicants may be legal entities from eligible countries, and financial support to third parties is not allowed. The call opens 26 February 2026 and the submission deadline is 28 May 2026 at 17:00 Brussels time, with evaluation June–August 2026 and grant signature planned for September–November 2026.

Call overview

What it funds

Purpose

Grants to support national data protection authorities to reach out to stakeholders (notably SMEs, small mid-caps and organisations of similar size) to facilitate GDPR compliance, provide practical guidance, templates or digital tools, and promote codes of conduct and certifications.

Total available budget:€2,300,000 (indicative call budget) ¹

1. 1Who can apply: Lead applicants must be national Data Protection Authorities (one application per Member State).
2. 2Co-applicants: legal entities (public or private) established in eligible countries; international organisations may participate.
3. 3Grant type and rate: CERV lump sum grants, funding rate up to 90% (lump sum fixed in grant agreement).
4. 4Project size: requested grant must be between €75,000 and €250,000.
5. 5Project duration: normally 12 to 24 months.
6. 6Eligible activities: outreach, awareness-raising, guidance/tools for SMEs, support for codes of conduct and certifications; financial support to third parties is not allowed.

Eligibility and selection highlights

Only national Data Protection Authorities can act as coordinators; single-beneficiary (national) or transnational projects are allowed subject to eligibility rules. Proposals are evaluated on Relevance (40), Quality (40) and Impact (20) with an overall pass threshold of 70/100 and a minimum Relevance threshold of 25/40 ¹.

Application and submission:Submit electronically via the EU Funding & Tenders Portal using the CERV lump sum application templates; proposals must respect the Part B page limit (45 pages) and mandatory annexes. Register organisations in the Participant Register (PIC) before submission ¹.

Practical notes

Lump sum amount will be fixed based on the detailed budget table submitted; pre-financing is normally paid after signature (prefinancing guarantees may be required). Projects must integrate gender and non-discrimination considerations and comply with GDPR and EU values.

Footnotes

1. 1Call documentation and templates, including the Call Document and Model Grant Agreement, are available on the topic page: CERV-2026-DATA call documents

CERV-2026-DATA: Call for proposals to national data protection authorities on reaching out to stakeholders in data protection legislation

Programme: Citizens, Equality, Rights and Values (CERV). Topic ID: CERV-2026-DATA. Type of action: CERV-LS (CERV Lump Sum Grants). Model Grant Agreement: CERV Lump Sum Grant [CERV-AG-LS]. Opening date: 26 February 2026. Deadline: 28 May 2026 at 17:00 Brussels time. Single-stage submission and single-step evaluation. Objective: Protect and promote the right to the protection of personal data by facilitating GDPR compliance among SMEs, small mid-caps and organisations with a similar number of employees through outreach by national Data Protection Authorities (DPAs).

Official sources:Topic page and submission: EU Funding & Tenders Portal – CERV-2026-DATA. Call fiche (Call Document): Call fiche PDF. Participating countries (CERV): Eligible countries list (CERV). Standard application form (templates): Application Form (CERV).

Scope, themes and activities funded

This call is restricted to national Data Protection Authorities under Article 51 of Regulation (EU) 2016/679 (GDPR) as lead applicants. It funds DPA-led actions that help SMEs, small mid-caps and similarly sized organisations implement GDPR obligations. Priorities include practical guidance, templates and digital tools suitable for replication across Member States, and awareness raising on the benefits of GDPR codes of conduct and certifications, especially transnational codes and European Data Protection Seals.

• Primary objective: Facilitate GDPR compliance among SMEs, SMCs and similar-sized organisations (indicative threshold under negotiation; currently less than 750 employees referenced in COM(2025) 501).
• Thematic focus: Practical compliance support; templates, checklists, and digital tools; awareness on codes of conduct and certification schemes to ensure consistent GDPR application across the EU/EEA.
• Design requirements: Integrate gender equality and non-discrimination; inclusive language; sex-disaggregated data where possible; ensure accessibility and wide dissemination including to people with disabilities and minorities.
• Project type: National or transnational. Activities must occur in eligible countries.

Key dates and budget

Eligibility and participation

Eligible Applicant Types

Lead applicants: National Data Protection Authorities within the meaning of Article 51 GDPR, with only one application per EU Member State accepted. Co-applicants (optional): Public or private legal entities established in eligible countries. International organisations may participate. Entities without legal personality can participate if their representatives can assume legal obligations and ensure EU financial interests’ protection equivalent to legal persons. Natural persons are not eligible, except self-employed sole traders where the company lacks separate legal personality. EU bodies cannot participate (with the general exception of the European Commission Joint Research Centre under standard EU rules; for this call EU bodies are not eligible as consortium members). Programme Contact Points may apply if strict segregation and cost separation procedures are in place.

Funding Type

Grant. The action uses lump sum grants under the CERV programme, with the funding rate set at 90%. Lump sums are fixed based on a detailed estimated budget that must comply with EU eligibility rules for actual cost grants when establishing the lump sum proxy.

Consortium Requirement

Single beneficiary applications are allowed. Consortia are optional. If a consortium is formed, the national DPA must be the coordinator. Only one application per Member State as lead is accepted.

Beneficiary Scope (Geographic Eligibility)

Eligible: EU Member States (including OCTs) and non-EU countries associated to CERV or with ongoing association negotiations that enter into force before grant signature. As of the latest CERV list, the following candidate/potential candidate countries participate in CERV (all strands except Union Values): Albania, Bosnia and Herzegovina, Kosovo, Moldova, Montenegro, North Macedonia, Serbia, Ukraine. EEA EFTA states Iceland, Norway and Liechtenstein do not participate in CERV. EU restrictive measures and conditionality measures apply: entities subject to EU sanctions or to conditionality measures under Regulation (EU, Euratom) 2020/2092 are not eligible in any funded capacity.

Target Sector

Data protection and privacy compliance; ICT and digital compliance tools; legal and regulatory compliance; security/cybersecurity governance; public administration and regulatory bodies; SME support and business services. The call emphasises practical GDPR compliance support, awareness on codes of conduct and certifications, and development of replicable guidance and digital tools.

Mentioned Countries

EU Member States (region). Albania, Bosnia and Herzegovina, Kosovo, Moldova, Montenegro, North Macedonia, Serbia, Ukraine. Note: Iceland, Norway, Liechtenstein are explicitly noted as not participating in CERV. The call also references EU conditionality measures currently in force concerning public interest trusts established under the Hungarian Act IX of 2021 or any entity they maintain.

Project Stage

Development and implementation. Projects are expected to design, produce and implement practical compliance instruments (guides, templates, checklists, digital tools) and conduct outreach and awareness activities. Validation and demonstration through stakeholder engagement and dissemination are integral.

Funding Amount

Total call budget: €2.3 million. Requested grant per project must be between €75,000 and €250,000. Funding rate: 90% of eligible lump sum. The final awarded amount may be lower than requested based on evaluation and budget scrutiny.

Application Type

Open call via the EU Funding & Tenders Portal. Electronic submission only. Single-stage deadline with single-step evaluation.

Nature of Support

Money. Beneficiaries receive financial support as EU grants disbursed via lump sums. Non-financial support (e.g., guidance, helpdesk) is available through the Portal resources and CERV National Contact Points.

Application Stages

1 stage. Proposals are submitted once and evaluated in a single step. Successful proposals proceed to grant preparation.

Success Rates

Not specified for this call. No historical success probability is provided in the call fiche or topic page.

Co-funding Requirement

Yes. The funding rate is 90%, implying a 10% co-financing share to be covered by applicants and/or other sources. Projects must ensure a balanced budget and sufficient other resources. No-profit and no double funding rules apply.

Activities, requirements and compliance

• Eligible activities: Practical guidance, templates, and digital tools for GDPR compliance; outreach and awareness on codes of conduct and certification schemes; dissemination actions ensuring accessibility and inclusivity; possible national or transnational scope.
• Excluded: Financial support to third parties is not allowed; separate project websites are not eligible as a cost item (use existing institutional web or social media channels).
• Gender equality and inclusion: Apply gender mainstreaming and non-discrimination throughout design and implementation; use inclusive language; collect sex-disaggregated data where possible; ensure accessibility for persons with disabilities and minorities.
• Ethics and EU values: Projects must respect highest ethical standards, EU values (Article 2 TEU), nondiscrimination (Article 21 EU Charter) and applicable EU, international and national law, including GDPR.
• Deliverables: All projects must deliver the Report on the EU Survey on Justice, Rights and Values (collect attendee feedback for events via the provided EU survey link).
• Work planning: Structure work into work packages (e.g., WP1 Management and Coordination; WP2 Outreach Tools; WP3 Awareness and Dissemination). WP1 coordination and management costs should not exceed 10% of total cost.

Evaluation and award criteria

• Relevance (40 points; individual threshold 25/40): Alignment with call objectives and priorities; robust needs assessment; clear target groups with gender perspective; EU strategic and legislative contribution; European/transnational dimension; transferability; synergies; avoidance of duplication.
• Quality (40 points): Clarity and consistency; logical framework; sound methodology with gender perspective; ethical issues and compliance with EU values; feasibility in time and budget; cost-effectiveness; risk management; monitoring and evaluation.
• Impact (20 points): Ambition and long-term effects; dissemination, sustainability; multiplier effects; continuation after funding.
• Overall threshold: 70/100. Ties resolved by higher Relevance, then Quality, then Impact scores.

Legal and financial set-up

• Form of grant: Lump sum. Amount fixed by the granting authority based on the estimated project budget and a 90% funding rate. Detailed budget table (.xlsx) must follow eligibility principles of actual cost grants when establishing the lump sum.
• Pre-financing: Normally 80% after grant signature (subject to financial capacity, guarantees, and grant agreement terms). Balance paid at the end after assessment; recoveries apply if pre-financing exceeds final grant amount.
• Cost rules and specificities: No financial support to third parties; volunteers’ unit costs allowed (no indirect costs on these); communication costs only for use of existing participants’ websites/social media (no separate project websites). Subcontracting must follow best value for money and no conflict of interest; avoid subcontracting coordinator tasks.
• Liability regime: Defined in the Grant Agreement; may be limited joint and several with ceilings, unconditional joint and several, or individual financial responsibility; affiliated entities may bear joint and several liability.
• Intellectual property and communication: Rights of use on results apply; additional communication and dissemination requirements per MGA; ensure EU funding visibility.
• Consortium agreement: Required where applicable.

Administrative, capacity and exclusion checks

• Financial capacity: Assessed for beneficiaries unless exempt (public bodies, international organisations). May trigger guarantees, staged pre-financing, or reduced funding if capacity is insufficient.
• Operational capacity: Assessed with Quality criterion based on experience, staffing, and resources; public bodies and international organisations are exempt.
• Exclusion: Entities in bankruptcy, tax/social breaches, grave professional misconduct, fraud, corruption, money laundering, terrorism-related offenses, child labour or human trafficking, significant contract or grant breaches, irregularities, or other stipulated grounds are excluded. Entities under EU restrictive or conditionality measures are ineligible.

How to apply

Applications must be submitted electronically via the EU Funding & Tenders Portal. Paper submissions are not accepted. Use the submission system linked from the topic page and select the correct action and MGA type. After submission, a confirmation email is sent. Resubmission is possible until deadline. IT issues must be reported immediately with evidence via the IT Helpdesk webform.

Proposal package and formatting

• Part A: Administrative data (online) including participant details and summary budget.
• Part B: Technical description (template downloaded from the system, completed and uploaded as PDF). Page limit: 45 pages for Part B; minimum font Arial 9; A4; margins ≥ 15 mm.
• Part C: KPI tool (online), all sections mandatory.
• Annexes (upload via system): Detailed budget table (CERV LSII) in .xlsx; CVs of core team; list of previous projects of the last 4 years; child protection policy where activities involve minors. Templates are provided in the submission system.

Timeline and process

• Publication: 12 February 2026.
• Opening: 26 February 2026.
• Deadline: 28 May 2026, 17:00 Brussels time.
• Evaluation: June – August 2026.
• Information to applicants: September 2026.
• Grant agreement signature: September – November 2026.

Templates: application structure and guidance

Applicants must follow the official CERV templates and structure. Key elements required in Part B (technical description) and annexes are outlined below to guide preparation.

1. 1Project summary: Concise abstract consistent with Part A.
2. 2Relevance: Background and general objectives; needs analysis with robust, data-backed assessment including gender and non-discrimination considerations; complementarity with other actions and innovation, European added value, transferability, and synergy with previous EU-funded projects; target countries and sites of activities.
3. 3Quality: Concept and methodology; consortium set-up and division of roles (if applicable); project teams, staff and experts (list functions and tasks; provide CVs of key actors); project management and decision-making; quality assurance, monitoring and evaluation strategy with relevant, realistic, measurable indicators and gender-responsive metrics; cost effectiveness and financial management; risk management with impact/likelihood and mitigation, including measures to address participation barriers for diverse groups.
4. 4Impact: Short/medium/long-term effects; concrete benefits to target groups and change from baseline; contribution to gender equality and non-discrimination; communication, dissemination and EU visibility plan with inclusive, accessible materials; sustainability and continuation after funding, including resource needs and potential synergies.
5. 5Workplan: Work packages (minimum WP1 for management and coordination, typically ≤10% of total cost), with objectives, tasks, participants, milestones, deliverables, due months, and descriptions; include event deliverables with agenda, attendance, materials and evaluation; timetable (months 1–24); subcontracting details and justifications (if any); ensure consistency with detailed budget table.
6. 6Other: Ethics and EU values compliance (GDPR, ethical standards, inclusion, child safeguarding if relevant); security section (as applicable).
7. 7Declarations: Double funding confirmation; justification for any financial support to third parties if permitted (note: not permitted in this call).
8. 8Annexes: Detailed budget table/calculator for lump sums; CVs of core staff; annual activity reports if requested (not applicable in this call); list of previous projects (last 4 years); child protection policy if activities involve minors.

Budgeting and lump sum calculation specifics

• Use the Detailed budget table (CERV LSII) to establish a reliable lump sum proxy. Items must comply with eligibility principles for actual cost grants (e.g., best value for money in procurement, no conflict of interest).
• Ineligible or non-compliant items in the budget table may lead to grant reduction during preparation or implementation.
• Communication costs: Use institutional websites and social media; do not budget for standalone project websites.
• Volunteers: Unit costs are allowed (without indirect costs).
• Subcontracting: Limited and justified; coordinator tasks cannot be subcontracted.

Contact and support

General guidance: Funding & Tenders Portal Online Manual and FAQs. Topic-specific Q&A: available on the topic page after opening. For non-IT questions: contact your national CERV Contact Point where available, or email EC-CERV-CALLS@ec.europa.eu with the call and topic reference. IT issues: Funding & Tenders IT Helpdesk via the Portal.

Comprehensive categorisation answers

Eligible Applicant Types:Lead: national Data Protection Authorities (Article 51 GDPR). Co-applicants (optional): legal entities, public or private, including international organisations, established in eligible countries. Entities without legal personality may participate subject to conditions. Natural persons are not eligible except self-employed sole traders without separate legal personality. EU bodies cannot participate as beneficiaries in this call. Programme Contact Points may participate if they can segregate roles and costs with analytical accounting.

Funding Type:Grant, using a lump sum model under the CERV programme, with a 90% funding rate.

Consortium Requirement:Single or consortium. Single-beneficiary applications are allowed. If a consortium applies, the national DPA must coordinate. Only one application per Member State as lead is accepted.

Beneficiary Scope (Geographic Eligibility):EU Member States (including OCTs), plus non-EU countries associated to CERV or with association entering into force before grant signature. As per the latest CERV list: Albania, Bosnia and Herzegovina, Kosovo, Moldova, Montenegro, North Macedonia, Serbia, Ukraine participate (all strands except Union Values). EEA EFTA states Iceland, Norway and Liechtenstein do not participate. Entities under EU restrictive or conditionality measures are not eligible.

Target Sector:Data protection and privacy; legal and regulatory compliance; ICT and digital tools for compliance; security/cybersecurity governance; public administration and regulatory bodies; SME support.

Mentioned Countries:Region: EU. Explicitly named as CERV participants (non-EU): Albania, Bosnia and Herzegovina, Kosovo, Moldova, Montenegro, North Macedonia, Serbia, Ukraine. EEA non-participation noted: Iceland, Norway, Liechtenstein.

Project Stage:Development, implementation and demonstration of practical GDPR compliance support (guidance, templates, tools) and outreach/awareness activities; validation through stakeholder engagement and dissemination.

Funding Amount:Total call budget €2.3 million. Requested grant per project: €75,000 to €250,000. Funding rate 90%.

Application Type:Open call via the EU Funding & Tenders Portal, single-stage submission.

Nature of Support:Money. Financial grants disbursed as lump sums.

Application Stages:1 stage. One-step evaluation by an evaluation committee assisted by independent experts.

Success Rates:Not disclosed for this topic.

Co-funding Requirement:Yes. 10% co-financing implied by the 90% EU funding rate. Balanced project budget and sufficient other resources are required.

Administrative conditions and admissibility

• Admissibility: Proposals must be complete and submitted before the deadline via the Portal. Part B page limit: 45 pages; formatting rules apply; excess pages disregarded.
• Participant registration: All beneficiaries, affiliated entities and associated partners must have a PIC and be registered in the Participant Register before submission; legal entity validation required during grant preparation.
• Declarations: At submission, confirm mandate to act for all applicants, accuracy and completeness, and compliance with eligibility, capacity and exclusion rules.

What this opportunity is about

CERV-2026-DATA mobilises national Data Protection Authorities to deliver practical, scalable GDPR compliance support for SMEs and similarly sized organisations. Building on prior calls and the 2024 GDPR application report, it targets tangible outputs such as replicable guidance, templates, checklists and digital tools, and promotes awareness of codes of conduct and certification schemes to ensure consistent GDPR application across Europe. Projects must incorporate gender equality and non-discrimination, ensure inclusive language and accessible dissemination, and deliver evidence of outreach through the EU Survey on Justice, Rights and Values. The call provides lump sum grants at a 90% funding rate for 12–24 month projects, with requested amounts between €75,000 and €250,000, within a total envelope of €2.3 million. Applications are open to single DPAs or consortia led by a DPA, including co-applicants from eligible countries. Submission is fully electronic through the EU Funding & Tenders Portal with a single-stage deadline on 28 May 2026. Evaluation prioritises relevance to the call’s objectives, methodological quality, EU value added, transferability, impact and sustainability. Successful applicants will formalise projects via the CERV Lump Sum MGA, with clear work packages, milestones and deliverables, ethical and legal compliance, and robust financial and risk management. In brief, this is a focused, implementation-oriented opportunity for national DPAs to equip Europe’s SMEs with concrete tools and guidance to meet GDPR obligations efficiently and consistently, while fostering cross-border coherence through codes of conduct and certifications.

CERV-2026-DATA: Call for Proposals to National Data Protection Authorities on Reaching Out to Stakeholders in Data Protection Legislation

This call under the Citizens, Equality, Rights and Values (CERV) programme supports national data protection authorities in EU Member States to facilitate GDPR compliance among small and medium-sized enterprises (SMEs), small mid-cap enterprises (SMCs), and similar organisations with fewer than 750 employees. The objective is to protect and promote the right to personal data protection by providing practical tools and raising awareness of compliance mechanisms.

Key Dates and Budget

Opening Date:26 February 2026.

Deadline:28 May 2026, 17:00 Brussels time (single-stage submission).

Total Budget:€2,300,000.

Evaluation Timeline:June-August 2026 (evaluation); September 2026 (results notification); September-November 2026 (grant agreements).

Eligibility Criteria

Lead applicants must be national Data Protection Authorities (DPAs) as defined in Article 51 of GDPR (Regulation (EU) 2016/679). Only one application per Member State is accepted as coordinator. Co-applicants, if any, must be legal entities (public or private) established in EU Member States (including OCTs) or associated CERV countries: Albania, Bosnia and Herzegovina, Kosovo, Moldova, Montenegro, North Macedonia, Serbia, Ukraine (subject to association agreements entering force before grant signature). Single-applicant proposals are allowed. Natural persons are ineligible except self-employed sole traders. EU bodies (except JRC) are excluded.

• Projects can be national or transnational.
• Duration: 12-24 months.
• Minimum grant: €75,000; Maximum grant: €250,000.
• Funding rate: 90% lump sum grant.
• No financial support to third parties.

Objectives, Scope and Expected Impact

The call builds on prior initiatives (2017, 2019, 2020, 2021, 2024) and the 2024 GDPR report, focusing on SMEs/SMCs compliance amid the EU Data Strategy and simplification agenda. Activities must incorporate a gender-equality perspective, ensuring inclusivity, sex-disaggregated data, and accessibility for minorities and people with disabilities.

• Support DPAs in providing practical guidance, templates, or digital tools for GDPR compliance, replicable across Member States.
• Raise awareness of codes of conduct and certifications (e.g., transnational codes, European Data Protection Seals) to ensure consistent GDPR application.

Expected impacts: Improved GDPR compliance and awareness among SMEs/SMCs; enhanced exchange of good practices among DPAs. Projects should innovate or build on prior EU-funded efforts without duplication. Link Title

Application Requirements

1. 1Part A: Administrative data and summarised budget (online).
2. 2Part B: Technical description (max 45 pages, template from Submission System).
3. 3Part C: KPI tool (online).
4. 4Mandatory annexes: Detailed budget table (xlsx), CVs of core team, list of previous projects (last 4 years).
5. 5Child protection policy if involving minors.

Proposals must be complete, readable, and submitted electronically via the Funding & Tenders Portal. Use Arial 9pt minimum, A4 pages. Detailed conditions in sections 5-10 of the call document. Link Title

Evaluation and Award Criteria

Overall threshold: 70/100 points. Priority for ex aequo: Relevance > Quality > Impact. Operational capacity assessed via staff profiles, prior projects.

Financial and Legal Set-up

• Lump sum grant at 90% funding rate, fixed based on detailed budget table (must reflect actual cost eligibility).
• Coordination costs (WP1) <=10% of total.
• Payments: 80% prefinancing (30 days post-signature), balance at end.
• Reporting: Progress reports; mandatory EU Survey on Justice, Rights, Values.
• Model Grant Agreement: CERV Lump Sum Grant (CERV-AG-LS).

Financial capacity check for non-public bodies (unless grant <=€60,000). Exclusion for bankruptcy, fraud, etc. Consortium agreement recommended.

Additional Guidance

Contact CERV national points or EC-CERV-CALLS@ec.europa.eu. Review prior projects: EU Funding supporting GDPR implementation. Ensure ethics compliance, gender mainstreaming, no double funding.

Footnotes

1. 1Call fiche: ec.europa.eu. Participating countries: ec.europa.eu.