← Back to Search
Coordinated preparedness testing and other preparedness actions
DIGITAL-ECCC-2025-DEPLOY-CYBER-09-COORDPREPForthcomingCall for Proposal7 hours ago7 hours agoMarch 31st, 2026October 28th, 2025
Overview
The Digital Europe Programme has announced a new funding opportunity titled "Coordinated Preparedness Testing and Other Preparedness Actions" under the call identifier DIGITAL-ECCC-2025-DEPLOY-CYBER-09-COORDPREP. The total budget for this initiative is €10 million, providing individual grants of €1.5 million each for an estimated six projects. The applications will open on October 28, 2025, and close on March 31, 2026.
This grant aims to strengthen cybersecurity preparedness across critical sectors within the European Union, especially aligning with the implementation of the NIS 2 Directive. The initiative supports diverse eligible applicant types including competent authorities, Computer Security Incident Response Teams (CSIRTs), National Cybersecurity Authorities, critical infrastructure operators, industry stakeholders, and SMEs focused on cybersecurity.
The funding type is categorized as DIGITAL JU Simple Grants, specifically geared towards budget-based financial support for relevant project costs. While the application process does not mandate consortium participation, it suggests that collaboration could enhance the effectiveness of proposals, given the scope demands cross-border cooperation in cybersecurity preparedness. Geographic eligibility includes all EU member states and associated nations like Iceland and Norway.
Projects funded under this opportunity will focus on preparedness testing, targeting essential sectors such as energy, transport, healthcare, telecommunications, and public administration. Expected activities include vulnerability assessments, penetration testing, and the deployment of digital tools for testing scenarios, aiming to improve the overall resilience against cyber threats.
The application process follows a single-stage submission model, and while specific success rates are not disclosed, the competitive nature suggests a moderate chance of funding depending on the number of applications received. Co-funding requirements are not explicitly mentioned, indicating that the grant may be fully funded by the EU.
Overall, this opportunity is critical for enhancing cybersecurity resilience in Europe by fostering coordinated actions among stakeholders in key industries to preemptively identify vulnerabilities and bolster defense mechanisms against cyber threats.
This grant aims to strengthen cybersecurity preparedness across critical sectors within the European Union, especially aligning with the implementation of the NIS 2 Directive. The initiative supports diverse eligible applicant types including competent authorities, Computer Security Incident Response Teams (CSIRTs), National Cybersecurity Authorities, critical infrastructure operators, industry stakeholders, and SMEs focused on cybersecurity.
The funding type is categorized as DIGITAL JU Simple Grants, specifically geared towards budget-based financial support for relevant project costs. While the application process does not mandate consortium participation, it suggests that collaboration could enhance the effectiveness of proposals, given the scope demands cross-border cooperation in cybersecurity preparedness. Geographic eligibility includes all EU member states and associated nations like Iceland and Norway.
Projects funded under this opportunity will focus on preparedness testing, targeting essential sectors such as energy, transport, healthcare, telecommunications, and public administration. Expected activities include vulnerability assessments, penetration testing, and the deployment of digital tools for testing scenarios, aiming to improve the overall resilience against cyber threats.
The application process follows a single-stage submission model, and while specific success rates are not disclosed, the competitive nature suggests a moderate chance of funding depending on the number of applications received. Co-funding requirements are not explicitly mentioned, indicating that the grant may be fully funded by the EU.
Overall, this opportunity is critical for enhancing cybersecurity resilience in Europe by fostering coordinated actions among stakeholders in key industries to preemptively identify vulnerabilities and bolster defense mechanisms against cyber threats.
OPEN CALL
Detail
This is a call for proposals under the Digital Europe Programme (DIGITAL) with call identifier DIGITAL-ECCC-2025-DEPLOY-CYBER-09, specifically targeting coordinated preparedness testing and other preparedness actions in the cybersecurity domain. The call falls under the Deploying Strategic Cyber Capabilities Across Europe initiative. It is structured as a DIGITAL JU Simple Grant, utilizing a DIGITAL Action Grant Budget-Based [DIGITAL-AG] model. The call is forthcoming with a single-stage deadline model. The planned opening date is 28 October 2025, and the deadline for submission is 31 March 2026 at 17:00:00 Brussels time.
The expected outcomes are enhanced cooperation, preparedness, and cybersecurity resilience in the EU, including preparedness support services, threat assessment, and risk assessment services. It also aims to improve risk monitoring services, better compliance, coordinated vulnerability disclosure and monitoring, and improved skills through exercises, training courses, events, workshops, stakeholder consultations, and white papers.
The objective of this call is to address two actions from the Cyber Solidarity Act within the ECCC Work Programme 2025-2027, focusing on the Cybersecurity Emergency Mechanism. These actions are: (1) coordinated preparedness testing of entities operating in sectors of high criticality across the Union, and (2) other preparedness actions for entities operating in sectors of high criticality and other critical sectors. Note that only action (1) is covered in the current call, while action (2) will be addressed in 2026 and 2027 calls. These actions are designed to complement existing efforts at the Member State and Union levels, enhancing protection and resilience against cyber threats, particularly for critical industrial installations and infrastructures. The goal is to assist Member States in improving their preparedness for cyber threats and incidents by providing knowledge and expertise.
Proposals should contribute to at least one of the following objectives: coordinated preparedness testing of entities operating in sectors of high criticality across the Union (including penetration testing and threat assessment) considering ICT as well as Operational Technology/Industrial Control Systems, and other preparedness actions for entities operating in sectors of high criticality and other critical sectors (i.e., vulnerability monitoring, exercises, and training courses).
The scope of the call is divided into two parts:
Part 1: Coordinated Preparedness Testing
This part focuses on providing preparedness support services to entities in sectors of high criticality as identified by the Commission in accordance with the Cyber Solidarity Act, referencing Annex I to Directive (EU) 2022/2555. Activities include:
Support for testing for potential vulnerabilities:
Development of penetration testing scenarios covering Networks, Applications, Virtualisation solutions, Cloud solutions, Industrial Control systems, and IoT.
Conducting testing of essential entities operating critical infrastructure for potential vulnerabilities.
Deployment of digital tools and infrastructures to support testing scenarios and exercises, such as standardized cyber-ranges or other testing facilities mimicking critical sectors (e.g., energy, transport) or others affected by NIS 2, to facilitate cyber-exercises, especially in cross-border scenarios.
Evaluation and/or testing of cybersecurity capabilities of MS entities and MS sectors, including capabilities to prevent, detect, and respond to incidents, and stress testing of entire sectors. This includes evaluation and compliance activities aimed at increasing maturity based on established maturity models and/or relevant evaluation and compliance schemes.
Evaluation and/or testing of cybersecurity capabilities of entities in scope, including for the evaluation and management of risks concerning the supply chain.
Consulting services, providing recommendations on how to improve infrastructure security and capabilities.
Support for threat assessment and risk assessment:
Threat Assessment process implementation and life cycle.
Customised risk scenarios analysis.
The support targets competent authorities in Member States, such as Computer Security Incident Response Teams (CSIRTs) and National Cybersecurity Authorities, which are central to the implementation of the NIS 2 Directive.
Part 2: Other Preparedness Actions
This part includes services listed in Part 1, along with additional preparedness support services for entities operating in highly critical and other critical sectors as defined in Annexes I and II of the NIS 2 Directive.
Support for threat assessment and risk assessment:
Supply chain risk management within the risk assessment services.
Risk monitoring service:
Specific continuous risk monitoring such as attack surface monitoring, risk monitoring of assets and vulnerabilities.
Support coordinated vulnerability disclosure and management:
Promote the adoption of national CVD Policies and the EU Vulnerability Database.
Coordinate the disclosure of vulnerabilities and timely dissemination of security patches.
Standardisation of information sharing between different stakeholders in the vulnerability handling process.
CVD applications that manage multiple sources of vulnerability information using open standards or technologies (e.g., researchers, vendors, CSIRTs).
Raise awareness on the adoption of vulnerability management best practices.
Dedicated exercises and training courses:
Develop comprehensive training programmes and workshops, including international ones, for cybersecurity professionals covering the latest trends in cyber threats, attack methodologies, and best practices for pre-threat management and prevention.
Maturity checks, evaluation of cybersecurity capabilities.
Encourage the development of cybersecurity continuous learning activities to keep up with all cybersecurity requirements driven by EU cybersecurity-related regulations and directives, including the NIS 2 Directive, CSA, CSoA, DORA, EECC, GDPR, CRA.
The support targets competent authorities in Member States, Computer Security Incident Response Teams (CSIRTs) including sectorial CSIRTs, Security Operation Centres (SOC)/Cyber Hubs, highly critical and other critical sectors, industry stakeholders (including Information Sharing and Analysis Centres- ISACs) and any other actors within the scope of the NIS 2 Directive, DORA, CSA, etc.
Support may be provided for the onboarding to the CEF Cybersecurity Core Service Platforms of public and private organisations working on the implementation of the NIS 2 Directive and potential users of these platforms. The action may also support industry, particularly start-ups and SMEs, to capitalize on industrial and market opportunities created by the Cyber Resilience Act and support the implementation of the NIS 2 Directive.
Conditions for participation include:
Admissibility Conditions: Proposal page limit and layout are described in section 5 of the call document and Part B of the Application Form available in the Submission System.
Eligible Countries: Described in section 6 of the call document.
Other Eligible Conditions: Described in section 6 of the call document.
Financial and operational capacity and exclusion: Described in section 7 of the call document.
Evaluation and award: Submission and evaluation processes are described in section 8 of the call document and the Online Manual.
Evaluation and award: Award criteria, scoring, and thresholds are described in section 9 of the call document.
Evaluation and award: Indicative timeline for evaluation and grant agreement is described in section 4 of the call document.
Legal and financial set-up of the grants: Described in section 10 of the call document.
Key documents include the Digital Europe Cybersecurity Work Programme 2025-2027, Regulation (EU) 2021/887, the call document, application form templates, ownership control declaration, and Model Grant Agreements (MGA). Additional documents include the DEP Regulation 2021/964, EU Financial Regulation 2024/2509, Rules for Legal Entity Validation, LEAR Appointment and Financial Capacity Assessment, EU Grants AGA, Funding & Tenders Portal Online Manual, Funding & Tenders Portal Terms and Conditions, and Funding & Tenders Portal Privacy Statement.
The budget overview for the year 2025 includes several topics:
DIGITAL-ECCC-2025-DEPLOY-CYBER-09-CABLEHUBS: 10,000,000 EUR, indicative grant amount around 3,000,000 EUR, 4 grants
DIGITAL-ECCC-2025-DEPLOY-CYBER-09-COORDPREP: 10,000,000 EUR, indicative grant amount around 1,500,000 EUR, 6 grants
DIGITAL-ECCC-2025-DEPLOY-CYBER-09-CYBERAI: 15,000,000 EUR, indicative grant amount 3,000,000 to 5,000,000 EUR, 4 grants
DIGITAL-ECCC-2025-DEPLOY-CYBER-09-UPTAKE: 15,000,000 EUR, indicative grant amount around 3,000,000 EUR, 5 grants
The call encourages partner search announcements, allowing LEARs, Account Administrators, and users with active public profiles to publish partner requests. The submission system is planned to open on the date stated in the topic header.
For support, applicants are encouraged to contact National Cybersecurity Coordination Centres (NCC) or the ECCC Applicants Direct Contact Centre. Additional resources include the Funding & Tenders Portal FAQ, IT Helpdesk, and Online Manual.
In summary, this call aims to bolster the EU's cybersecurity preparedness and resilience by funding projects that focus on coordinated testing, vulnerability management, and skills development within critical sectors, aligning with the Cyber Solidarity Act and NIS 2 Directive. It targets a range of stakeholders, including Member State authorities, CSIRTs, SOCs, and industry players, particularly SMEs, to enhance their cybersecurity capabilities and compliance.
The expected outcomes are enhanced cooperation, preparedness, and cybersecurity resilience in the EU, including preparedness support services, threat assessment, and risk assessment services. It also aims to improve risk monitoring services, better compliance, coordinated vulnerability disclosure and monitoring, and improved skills through exercises, training courses, events, workshops, stakeholder consultations, and white papers.
The objective of this call is to address two actions from the Cyber Solidarity Act within the ECCC Work Programme 2025-2027, focusing on the Cybersecurity Emergency Mechanism. These actions are: (1) coordinated preparedness testing of entities operating in sectors of high criticality across the Union, and (2) other preparedness actions for entities operating in sectors of high criticality and other critical sectors. Note that only action (1) is covered in the current call, while action (2) will be addressed in 2026 and 2027 calls. These actions are designed to complement existing efforts at the Member State and Union levels, enhancing protection and resilience against cyber threats, particularly for critical industrial installations and infrastructures. The goal is to assist Member States in improving their preparedness for cyber threats and incidents by providing knowledge and expertise.
Proposals should contribute to at least one of the following objectives: coordinated preparedness testing of entities operating in sectors of high criticality across the Union (including penetration testing and threat assessment) considering ICT as well as Operational Technology/Industrial Control Systems, and other preparedness actions for entities operating in sectors of high criticality and other critical sectors (i.e., vulnerability monitoring, exercises, and training courses).
The scope of the call is divided into two parts:
Part 1: Coordinated Preparedness Testing
This part focuses on providing preparedness support services to entities in sectors of high criticality as identified by the Commission in accordance with the Cyber Solidarity Act, referencing Annex I to Directive (EU) 2022/2555. Activities include:
Support for testing for potential vulnerabilities:
Development of penetration testing scenarios covering Networks, Applications, Virtualisation solutions, Cloud solutions, Industrial Control systems, and IoT.
Conducting testing of essential entities operating critical infrastructure for potential vulnerabilities.
Deployment of digital tools and infrastructures to support testing scenarios and exercises, such as standardized cyber-ranges or other testing facilities mimicking critical sectors (e.g., energy, transport) or others affected by NIS 2, to facilitate cyber-exercises, especially in cross-border scenarios.
Evaluation and/or testing of cybersecurity capabilities of MS entities and MS sectors, including capabilities to prevent, detect, and respond to incidents, and stress testing of entire sectors. This includes evaluation and compliance activities aimed at increasing maturity based on established maturity models and/or relevant evaluation and compliance schemes.
Evaluation and/or testing of cybersecurity capabilities of entities in scope, including for the evaluation and management of risks concerning the supply chain.
Consulting services, providing recommendations on how to improve infrastructure security and capabilities.
Support for threat assessment and risk assessment:
Threat Assessment process implementation and life cycle.
Customised risk scenarios analysis.
The support targets competent authorities in Member States, such as Computer Security Incident Response Teams (CSIRTs) and National Cybersecurity Authorities, which are central to the implementation of the NIS 2 Directive.
Part 2: Other Preparedness Actions
This part includes services listed in Part 1, along with additional preparedness support services for entities operating in highly critical and other critical sectors as defined in Annexes I and II of the NIS 2 Directive.
Support for threat assessment and risk assessment:
Supply chain risk management within the risk assessment services.
Risk monitoring service:
Specific continuous risk monitoring such as attack surface monitoring, risk monitoring of assets and vulnerabilities.
Support coordinated vulnerability disclosure and management:
Promote the adoption of national CVD Policies and the EU Vulnerability Database.
Coordinate the disclosure of vulnerabilities and timely dissemination of security patches.
Standardisation of information sharing between different stakeholders in the vulnerability handling process.
CVD applications that manage multiple sources of vulnerability information using open standards or technologies (e.g., researchers, vendors, CSIRTs).
Raise awareness on the adoption of vulnerability management best practices.
Dedicated exercises and training courses:
Develop comprehensive training programmes and workshops, including international ones, for cybersecurity professionals covering the latest trends in cyber threats, attack methodologies, and best practices for pre-threat management and prevention.
Maturity checks, evaluation of cybersecurity capabilities.
Encourage the development of cybersecurity continuous learning activities to keep up with all cybersecurity requirements driven by EU cybersecurity-related regulations and directives, including the NIS 2 Directive, CSA, CSoA, DORA, EECC, GDPR, CRA.
The support targets competent authorities in Member States, Computer Security Incident Response Teams (CSIRTs) including sectorial CSIRTs, Security Operation Centres (SOC)/Cyber Hubs, highly critical and other critical sectors, industry stakeholders (including Information Sharing and Analysis Centres- ISACs) and any other actors within the scope of the NIS 2 Directive, DORA, CSA, etc.
Support may be provided for the onboarding to the CEF Cybersecurity Core Service Platforms of public and private organisations working on the implementation of the NIS 2 Directive and potential users of these platforms. The action may also support industry, particularly start-ups and SMEs, to capitalize on industrial and market opportunities created by the Cyber Resilience Act and support the implementation of the NIS 2 Directive.
Conditions for participation include:
Admissibility Conditions: Proposal page limit and layout are described in section 5 of the call document and Part B of the Application Form available in the Submission System.
Eligible Countries: Described in section 6 of the call document.
Other Eligible Conditions: Described in section 6 of the call document.
Financial and operational capacity and exclusion: Described in section 7 of the call document.
Evaluation and award: Submission and evaluation processes are described in section 8 of the call document and the Online Manual.
Evaluation and award: Award criteria, scoring, and thresholds are described in section 9 of the call document.
Evaluation and award: Indicative timeline for evaluation and grant agreement is described in section 4 of the call document.
Legal and financial set-up of the grants: Described in section 10 of the call document.
Key documents include the Digital Europe Cybersecurity Work Programme 2025-2027, Regulation (EU) 2021/887, the call document, application form templates, ownership control declaration, and Model Grant Agreements (MGA). Additional documents include the DEP Regulation 2021/964, EU Financial Regulation 2024/2509, Rules for Legal Entity Validation, LEAR Appointment and Financial Capacity Assessment, EU Grants AGA, Funding & Tenders Portal Online Manual, Funding & Tenders Portal Terms and Conditions, and Funding & Tenders Portal Privacy Statement.
The budget overview for the year 2025 includes several topics:
DIGITAL-ECCC-2025-DEPLOY-CYBER-09-CABLEHUBS: 10,000,000 EUR, indicative grant amount around 3,000,000 EUR, 4 grants
DIGITAL-ECCC-2025-DEPLOY-CYBER-09-COORDPREP: 10,000,000 EUR, indicative grant amount around 1,500,000 EUR, 6 grants
DIGITAL-ECCC-2025-DEPLOY-CYBER-09-CYBERAI: 15,000,000 EUR, indicative grant amount 3,000,000 to 5,000,000 EUR, 4 grants
DIGITAL-ECCC-2025-DEPLOY-CYBER-09-UPTAKE: 15,000,000 EUR, indicative grant amount around 3,000,000 EUR, 5 grants
The call encourages partner search announcements, allowing LEARs, Account Administrators, and users with active public profiles to publish partner requests. The submission system is planned to open on the date stated in the topic header.
For support, applicants are encouraged to contact National Cybersecurity Coordination Centres (NCC) or the ECCC Applicants Direct Contact Centre. Additional resources include the Funding & Tenders Portal FAQ, IT Helpdesk, and Online Manual.
In summary, this call aims to bolster the EU's cybersecurity preparedness and resilience by funding projects that focus on coordinated testing, vulnerability management, and skills development within critical sectors, aligning with the Cyber Solidarity Act and NIS 2 Directive. It targets a range of stakeholders, including Member State authorities, CSIRTs, SOCs, and industry players, particularly SMEs, to enhance their cybersecurity capabilities and compliance.
Find a Consultant to Support You
Breakdown
Eligible Applicant Types: The call targets competent authorities in the Member States, Computer Security Incident Response Teams (CSIRTs) including sectorial CSIRTs, National Cybersecurity Authorities, Security Operation Centres (SOC)/Cyber Hubs, entities operating in highly critical and other critical sectors, industry stakeholders (including Information Sharing and Analysis Centres ISACs), start-ups, SMEs and any other actors within the scope of the NIS 2 Directive, DORA, CSA, etc.
Funding Type: The funding type is a grant, specifically DIGITAL JU Simple Grants and DIGITAL JU SME Support Actions.
Consortium Requirement: The opportunity does not explicitly state whether a single applicant or a consortium is required. However, given the scope and objectives, a consortium is likely beneficial, if not implicitly required, to cover the breadth of expertise and activities.
Beneficiary Scope (Geographic Eligibility): The geographic eligibility includes the 27 EU Member States plus Iceland and Norway.
Target Sector: The target sector is cybersecurity, with a focus on enhancing cooperation, preparedness, and resilience in the EU. It also targets sectors of high criticality as listed in Annex I to Directive (EU) 2022/2555 and other critical sectors as referred to in Annex I and II of the NIS 2 Directive.
Mentioned Countries: The opportunity explicitly mentions the 27 EU Member States, Iceland, and Norway.
Project Stage: The project stage focuses on deployment and uptake, specifically coordinated preparedness testing, threat assessment, risk assessment, vulnerability monitoring, exercises, and training courses. It aims to support the implementation of existing directives and regulations.
Funding Amount: The funding amounts vary by topic:
DIGITAL-ECCC-2025-DEPLOY-CYBER-09-CABLEHUBS: around 3,000,000 EUR (total budget 10,000,000 EUR)
DIGITAL-ECCC-2025-DEPLOY-CYBER-09-COORDPREP: around 1,500,000 EUR (total budget 10,000,000 EUR)
DIGITAL-ECCC-2025-DEPLOY-CYBER-09-CYBERAI: 3,000,000 to 5,000,000 EUR (total budget 15,000,000 EUR)
DIGITAL-ECCC-2025-DEPLOY-CYBER-09-UPTAKE: around 3,000,000 EUR (total budget 15,000,000 EUR)
Application Type: The application type is an open call with a single-stage submission process.
Nature of Support: The beneficiaries will receive money in the form of grants to support their projects.
Application Stages: The application process involves a single stage.
Success Rates: The success rates are not explicitly mentioned, but the indicative number of grants for each topic provides some insight into the potential competitiveness.
Co-funding Requirement: The document does not explicitly mention a co-funding requirement.
Summary:
This opportunity is a call for proposals under the Digital Europe Programme (DIGITAL) focusing on deploying strategic cyber capabilities across Europe. It is part of the ECCC Work Programme 2025-2027 and addresses actions from the Cyber Solidarity Act related to the Cybersecurity Emergency Mechanism. The call aims to enhance cooperation, preparedness, and cybersecurity resilience in the EU by providing support for coordinated preparedness testing and other preparedness actions.
The call is structured into two main parts: coordinated preparedness testing of entities operating in sectors of high criticality and other preparedness actions for entities operating in sectors of high criticality and other critical sectors. The first part focuses on activities such as penetration testing, threat assessment, and deployment of digital tools for testing scenarios. The second part includes risk monitoring services, coordinated vulnerability disclosure and management, and dedicated exercises and training courses.
Eligible applicants include competent authorities in Member States, CSIRTs, National Cybersecurity Authorities, SOCs/Cyber Hubs, entities in critical sectors, industry stakeholders, start-ups, and SMEs. The geographic eligibility covers the 27 EU Member States, Iceland, and Norway.
The funding is provided through DIGITAL JU Simple Grants and DIGITAL JU SME Support Actions, with varying budget allocations for different topics. The application process is a single-stage submission, with the submission system planned to open on October 28, 2025, and a deadline of March 31, 2026.
The overall objective is to improve the preparedness of critical infrastructure and sectors against cyber threats and incidents, aligning with the NIS 2 Directive, Cyber Resilience Act, and other relevant EU regulations and directives. The call seeks to complement existing efforts at the Member State and Union levels, providing knowledge and expertise to enhance cybersecurity resilience.
Funding Type: The funding type is a grant, specifically DIGITAL JU Simple Grants and DIGITAL JU SME Support Actions.
Consortium Requirement: The opportunity does not explicitly state whether a single applicant or a consortium is required. However, given the scope and objectives, a consortium is likely beneficial, if not implicitly required, to cover the breadth of expertise and activities.
Beneficiary Scope (Geographic Eligibility): The geographic eligibility includes the 27 EU Member States plus Iceland and Norway.
Target Sector: The target sector is cybersecurity, with a focus on enhancing cooperation, preparedness, and resilience in the EU. It also targets sectors of high criticality as listed in Annex I to Directive (EU) 2022/2555 and other critical sectors as referred to in Annex I and II of the NIS 2 Directive.
Mentioned Countries: The opportunity explicitly mentions the 27 EU Member States, Iceland, and Norway.
Project Stage: The project stage focuses on deployment and uptake, specifically coordinated preparedness testing, threat assessment, risk assessment, vulnerability monitoring, exercises, and training courses. It aims to support the implementation of existing directives and regulations.
Funding Amount: The funding amounts vary by topic:
DIGITAL-ECCC-2025-DEPLOY-CYBER-09-CABLEHUBS: around 3,000,000 EUR (total budget 10,000,000 EUR)
DIGITAL-ECCC-2025-DEPLOY-CYBER-09-COORDPREP: around 1,500,000 EUR (total budget 10,000,000 EUR)
DIGITAL-ECCC-2025-DEPLOY-CYBER-09-CYBERAI: 3,000,000 to 5,000,000 EUR (total budget 15,000,000 EUR)
DIGITAL-ECCC-2025-DEPLOY-CYBER-09-UPTAKE: around 3,000,000 EUR (total budget 15,000,000 EUR)
Application Type: The application type is an open call with a single-stage submission process.
Nature of Support: The beneficiaries will receive money in the form of grants to support their projects.
Application Stages: The application process involves a single stage.
Success Rates: The success rates are not explicitly mentioned, but the indicative number of grants for each topic provides some insight into the potential competitiveness.
Co-funding Requirement: The document does not explicitly mention a co-funding requirement.
Summary:
This opportunity is a call for proposals under the Digital Europe Programme (DIGITAL) focusing on deploying strategic cyber capabilities across Europe. It is part of the ECCC Work Programme 2025-2027 and addresses actions from the Cyber Solidarity Act related to the Cybersecurity Emergency Mechanism. The call aims to enhance cooperation, preparedness, and cybersecurity resilience in the EU by providing support for coordinated preparedness testing and other preparedness actions.
The call is structured into two main parts: coordinated preparedness testing of entities operating in sectors of high criticality and other preparedness actions for entities operating in sectors of high criticality and other critical sectors. The first part focuses on activities such as penetration testing, threat assessment, and deployment of digital tools for testing scenarios. The second part includes risk monitoring services, coordinated vulnerability disclosure and management, and dedicated exercises and training courses.
Eligible applicants include competent authorities in Member States, CSIRTs, National Cybersecurity Authorities, SOCs/Cyber Hubs, entities in critical sectors, industry stakeholders, start-ups, and SMEs. The geographic eligibility covers the 27 EU Member States, Iceland, and Norway.
The funding is provided through DIGITAL JU Simple Grants and DIGITAL JU SME Support Actions, with varying budget allocations for different topics. The application process is a single-stage submission, with the submission system planned to open on October 28, 2025, and a deadline of March 31, 2026.
The overall objective is to improve the preparedness of critical infrastructure and sectors against cyber threats and incidents, aligning with the NIS 2 Directive, Cyber Resilience Act, and other relevant EU regulations and directives. The call seeks to complement existing efforts at the Member State and Union levels, providing knowledge and expertise to enhance cybersecurity resilience.
Short Summary
- Impact
- This funding aims to enhance cybersecurity preparedness and resilience across critical sectors in the EU by supporting coordinated testing, threat assessments, and capacity-building activities.
- Impact
- This funding aims to enhance cybersecurity preparedness and resilience across critical sectors in the EU by supporting coordinated testing, threat assessments, and capacity-building activities.
- Applicant
- Applicants should possess expertise in cybersecurity, particularly in areas related to incident response, vulnerability assessment, and risk management, along with experience in working with critical infrastructure.
- Applicant
- Applicants should possess expertise in cybersecurity, particularly in areas related to incident response, vulnerability assessment, and risk management, along with experience in working with critical infrastructure.
- Developments
- The funding will support projects focused on coordinated preparedness testing, threat assessment, risk monitoring, and training activities within sectors of high criticality as defined by the NIS 2 Directive.
- Developments
- The funding will support projects focused on coordinated preparedness testing, threat assessment, risk monitoring, and training activities within sectors of high criticality as defined by the NIS 2 Directive.
- Applicant Type
- This funding is designed for government agencies, Computer Security Incident Response Teams (CSIRTs), National Cybersecurity Authorities, critical infrastructure operators, start-ups, and SMEs in the cybersecurity sector.
- Applicant Type
- This funding is designed for government agencies, Computer Security Incident Response Teams (CSIRTs), National Cybersecurity Authorities, critical infrastructure operators, start-ups, and SMEs in the cybersecurity sector.
- Consortium
- The funding opportunity does not explicitly require consortium participation, allowing for single applicants, although collaboration may be beneficial.
- Consortium
- The funding opportunity does not explicitly require consortium participation, allowing for single applicants, although collaboration may be beneficial.
- Funding Amount
- Each project can receive up to €1.5 million, with a total budget of €10 million allocated for approximately 6 expected grants.
- Funding Amount
- Each project can receive up to €1.5 million, with a total budget of €10 million allocated for approximately 6 expected grants.
- Countries
- The funding is relevant for all EU Member States, as well as Iceland and Norway, due to their involvement in the European cybersecurity framework.
- Countries
- The funding is relevant for all EU Member States, as well as Iceland and Norway, due to their involvement in the European cybersecurity framework.
- Industry
- The funding is part of the Digital Europe Programme, specifically targeting cybersecurity initiatives.
- Industry
- The funding is part of the Digital Europe Programme, specifically targeting cybersecurity initiatives.
Update Log
No updates recorded yet.