Cross-Border Cyber Hubs

The Cross-Border Cyber Hubs initiative, identified as DIGITAL-ECCC-2026-DEPLOY-CYBER-10-CBCH, is a funding opportunity under the Digital Europe Programme aimed at establishing and enhancing cybersecurity capabilities across the EU. This initiative seeks to create or strengthen Cross-Border Cyber Hubs that can effectively pool data on cybersecurity threats among EU Member States, specifically designed to address the increasing complexity and scale of cyber threats.

Eligible applicants include multi-country consortia of competent authorities from at least three EU Member States, which will be responsible for hosting and operating these cybersecurity platforms. A grant mechanism will fund both joint procurement of necessary tools and infrastructure, contributing up to 75% of the procurement costs, and operational costs through grants that cover up to 50% of running expenses. The total budget for this call is €2 million, with an additional €2 million available for a related topic, indicating a total budget of €4 million allocated for this purpose.

The primary focus is on the cybersecurity sector, including critical infrastructure protection, cyber threat detection, and the establishment of effective information-sharing frameworks. The targeted sectors involve enhancing situational awareness, leveraging advanced analytics and AI for threat detection, and improving collaboration with national cybersecurity authorities and Computer Security Incident Response Teams (CSIRTs).

The application process will be a single-stage submission, opening on December 9, 2025, with a deadline of May 27, 2026. Applicants must respond to both workstreams simultaneously: one for joint procurement and another for grant funding. The proposal must detail the hub's objectives, interaction with other stakeholders, and necessary services and infrastructure for implementation.

Co-funding by participating Member States is required, with at least 25% of procurement costs to be covered by them. Additionally, the initiative aims to strengthen the EU's collective cybersecurity capabilities by creating operational centers equipped with advanced data analytics tools intended for real-time threat detection and response.

The opportunity promotes not only collaboration among EU Member States but also emphasizes cooperation with external stakeholders, reinforcing the EU's cyber sovereignty and resilience against cyber threats. This strategic approach is ingrained within the framework of the Cyber Solidarity Act, enhancing the EU's cyber defense infrastructure and ensuring timely communication of potential cybersecurity incidents across borders.

The nature of the support provided includes financial backing for infrastructure costs and operational expenses, creating a comprehensive support mechanism for building an interconnected cyber defense network across Europe, particularly aimed at protecting critical infrastructures such as undersea cables.

This is a call for proposals under the Digital Europe Programme (DIGITAL) for CyberHUBs Capacity Building, specifically targeting the deployment of Cross-Border Cyber Hubs. The call identifier is DIGITAL-ECCC-2026-DEPLOY-CYBER-10-CBCH and DIGITAL-ECCC-2026-DEPLOY-CYBER-10-NCH. It is a DIGITAL JU Simple Grant, with a DIGITAL Action Grant Budget-Based [DIGITAL-AG] model grant agreement. The deadline model is single-stage. The planned opening date is 09 December 2025, and the deadline date is 28 May 2026 at 17:00:00 Brussels time.

The expected outcome is the establishment of world-class Cross-Border Cyber Hubs across the Union. These hubs will pool data on cybersecurity threats between several Member States and will be equipped with highly secure infrastructures and advanced data analytics tools. These tools will be used for detecting, gathering, and storing data on cybersecurity threats, analyzing this data, and sharing and reporting Cyber Threat Intelligence (CTI), reviews, and analyses. The hubs are also expected to share Threat Intelligence between National Cyber Hubs and establish information-sharing agreements with competent authorities and networks, including Computer Security Incident Response Teams (CSIRTs).

The objective is to build upon and complement existing Security Operations Centers (SOCs)/Cyber Hubs, Computer Security Incident Response Teams (CSIRTs), Information Sharing and Analysis Centers (ISACs), and other relevant actors. The action primarily targets new Cross-Border Cyber Hubs, but supporting activities for SOCs launched under previous DIGITAL work programs (2021-2022 and 2023-2024) can be included if relevant to collaboration with the Cross-Border Cyber Hubs.

The scope includes setting up processes, tools, and services for prevention, detection, and analysis of emerging cyberattacks. It also covers the acquisition and/or adoption of common automation tools, processes, and shared data infrastructures for managing and sharing contextualized and actionable cybersecurity operational information across the EU. The call encourages the use of well-established open standards for CTI sharing, such as the MISP Standard, automation of advisory information using CSAF (Common Security Advisory Framework), and cybersecurity-related messages using IntelMQ. The Cross-Border Cyber Hubs may also monitor undersea infrastructure, such as submarine cables.

The Cross-Border Cyber Hub platforms will enhance and consolidate collective situational awareness and capabilities in detection and CTI. They will support the development of better-performing data analytics, detection, and response tools by pooling large amounts of data, including new data generated internally by the consortia members. These platforms should act as central points for broader pooling of relevant data and CTI, enabling the dissemination of threat information on a large scale among a diverse set of actors, including CERTs/CSIRTs, ISACs, and operators of critical infrastructures.

The Cyber Solidarity Act mandates close cooperation between the Cross-Border Cyber Hubs and the CSIRTs Network, particularly for information sharing. They must agree on procedural arrangements for cooperation, sharing relevant information, and the types of information to be shared.

Furthermore, Cross-Border Cyber Hubs can deploy solutions for the surveillance and protection of critical undersea infrastructure, such as submarine cables, and detect malicious activities around them. This improves the resilience and security of this infrastructure, which is critical for global communications. The response to hybrid threats could also include situational awareness performed through the collection and analysis of in-situ, sea-based sensor data, as well as relevant satellite imagery. Operational synergies with the EU Copernicus Space Programme, particularly its Security Service, are required for this activity.

When Cross-Border Cyber Hubs obtain information about a potential or ongoing large-scale cybersecurity incident, they must ensure that relevant information and early warnings are provided to the authorities in the Member States and to the Commission through the EU-CyCLONe and the CSIRTs network without undue delay. A call for expression of interest will be launched to select entities in Member States that can host and operate Cross-Border Cyber Hubs for pooling data on cybersecurity threats between several Member States.

Applicants must describe the aims and objectives of the Cross-Border Cyber Hub, its role in relation to other cybersecurity actors, and its potential cooperation with public or private cybersecurity stakeholders. They should provide a detailed plan of the activities and tasks of the Cross-Border Cyber Hub, the services it will offer, how they will operate, and the main milestones and deliverables. Applicants should also specify the equipment, tools, and services needed to build up the Cross-Border Cyber Hub, its services, and its infrastructure.

Two workstreams of activities are foreseen:

1.  A Joint Procurement Action with the Member State participating in the Cross-Border Cyber Hub: This covers the procurement of the infrastructure, tools, and services needed to build up the Cross-Border Cyber Hub.

2.  Building up and running the Cross-Border Cyber Hub: A grant will be available to cover preparatory activities for setting up the Cross-Border Cyber Hub, its interaction and cooperation with other stakeholders, and the running/operating costs involved, enabling the effective operation of the Cross-Border Cyber Hub, e.g., using the infrastructure, tools, and services purchased through the joint procurement, personnel. These will also indicate milestones and deliverables to monitor progress.

Applications must be made to both workstreams and will be subject to an evaluation procedure. Grants will only be awarded to applicants that succeed in the evaluation of the joint procurement action.

These actions aim to create or strengthen Cross-Border Cyber Hubs, which play a central role in ensuring the cybersecurity of national authorities, providers of critical infrastructures, and essential services. Cyber Hubs will have a crucial operative role in ensuring cybersecurity in the Union and will handle sensitive information.

According to Article 12(5a) of the Cyber Solidarity Act, Article 12(5) of Regulation (EU) 2021/694 will not apply if the conditions in Article 12(5a) are cumulatively met. The assessment of these conditions should consider the results of the mapping of the availability of tools, infrastructure, and services for the Cross-Border Cyber Hubs, which will be carried out by the ECCC under Article 9(4) of the Cyber Solidarity Act.

The first mapping exercise is ongoing. Until the mapping is completed, participation in the calls funded under this topic will be subject to the restrictions of Article 12(5), as specified in Appendix 3 of the Work Programme, in line with the relevant provisions of the Cyber Solidarity Act. These security conditions may be amended based on the final mapping of services carried out by the ECCC under Article 9(4) of the Cyber Solidarity Act.

The admissibility conditions include proposal page limits and layout, which are described in section 5 of the call document and Part B of the Application Form available in the Submission System. Eligible countries and other eligible conditions are described in section 6 of the call document. Financial and operational capacity and exclusion are described in section 7 of the call document. Submission and evaluation processes are described in section 8 of the call document and the Online Manual. Award criteria, scoring, and thresholds are described in section 9 of the call document. The indicative timeline for evaluation and grant agreement is described in section 4 of the call document. The legal and financial setup of the grants is described in section 10 of the call document.

Relevant documents include the Digital Europe Cybersecurity Work Programme 2025-2027, Regulation (EU) 2021/887, the call document, application form templates (including the standard application form (DEP) available in the Submission System), an ownership control declaration, the appointment decision from the Member State designating the entity to act as National CyberHUB, Model Grant Agreements (MGA) including the DEP MGA, and additional documents such as the ECCC Digital Europe Cybersecurity Work Programme 2025-2027 - Consolidated Amendment 2, October 2025, DEP Regulation 2021/964, EU Financial Regulation 2024/2509, Rules for Legal Entity Validation, LEAR Appointment and Financial Capacity Assessment, the EU Grants AGA Annotated Model Grant Agreement, the Funding & Tenders Portal Online Manual, Funding & Tenders Portal Terms and Conditions, and the Funding & Tenders Portal Privacy Statement.

The budget overview indicates that for the topic DIGITAL-ECCC-2026-DEPLOY-CYBER-10-CBCH - DIGITAL-JU-SIMPLE, there is a DIGITAL JU Simple Grant of 2,000,000 EUR. The stage is single-stage, with an opening date of 2025-12-09 and a deadline of 2026-05-28. The indicative number of grants is 1. The same details apply to the topic DIGITAL-ECCC-2026-DEPLOY-CYBER-10-NCH - DIGITAL-JU-SIMPLE.

LEARs, Account Administrators, or self-registrants can publish partner requests for open and forthcoming topics on the Funding & Tenders Portal. The submission system is planned to open on the date stated on the topic header.

For guidance and support, applicants are encouraged to contact the National Cybersecurity Coordination Centres (NCC) in their country or the ECCC Applicants Direct Contact Centre at applicants@eccc.europa.eu. Additional resources include the Funding & Tenders Portal FAQ, the IT Helpdesk, and the Online Manual.

In summary, this opportunity aims to establish and strengthen Cross-Border Cyber Hubs across the EU to enhance cybersecurity. It involves a joint procurement action for infrastructure and a grant for operational costs. Applicants must address two workstreams and demonstrate how their hub will contribute to the EU's cybersecurity landscape by pooling data, sharing threat intelligence, and cooperating with relevant stakeholders. The call emphasizes the use of established standards and requires adherence to the Cyber Solidarity Act. The total budget available is 4,000,000 EUR, split between two topics, with an indicative one grant per topic.

Eligible Applicant Types: The call for expression of interest will be launched to select entities in Member States that provide the necessary facilities to host and operate Cross-Border Cyber Hubs for pooling data on cybersecurity threats between several Member States. Applicants should describe the aims and objectives of the Cross-Border Cyber Hub, describe its role and how such role relates to other cybersecurity actors, and its potential cooperation with other public or private cybersecurity stakeholders. Applicants should also provide the detailed planning of the activities and tasks of the Cross-Border Cyber Hub, the services it will offer, the way they will operate and be operationalised, as well as the main milestones and deliverables. They should also specify what equipment, tools and services need to be procured and integrated to build up the Cross-Border Cyber Hub, its services and its infrastructure. National authorities, providers of critical infrastructures and essential services are mentioned as entities that the Cyber Hubs will ensure the cybersecurity of.

Funding Type: DIGITAL JU Simple Grants. A grant will also be available to cover, among others, the preparatory activities for setting up the Cross-Border Cyber Hub, its interaction and cooperation with other stakeholders, as well as the running/operating costs involved, enabling the effective operation of the Cross-Border Cyber Hub, e.g. using the infrastructure, tools and services purchased through the joint procurement, personnel. These will also indicate milestones and deliverables to monitor progress. There is also a Joint Procurement Action with the Member State participating in the Cross-Border Cyber Hub: this will cover the procurement of the infrastructure, tools and services needed to build up the Cross-Border Cyber Hub.

Consortium Requirement: The action is aimed mainly at new Cross-Border Cyber Hubs. The Cross-Border Cyber Hubs platforms will contribute to enhancing and consolidating collective situational awareness and capabilities in detection and CTI, supporting the development of better performing data analytics, detection, and response tools, through the pooling of large amounts of data, including new data generated internally by the consortia members.

Beneficiary Scope (Geographic Eligibility): The Network of NCCs includes one national centre from each of the 27 EU Member States plus Iceland and Norway. The call for expression of interest will be launched to select entities in Member States that provide the necessary facilities to host and operate Cross-Border Cyber Hubs for pooling data on cybersecurity threats between several Member States.

Target Sector: Cybersecurity. This call targets the creation or strengthening of Cross-Border Cyber Hubs, which occupy a central role in ensuring the cybersecurity of national authorities, providers of critical infrastructures and essential services. The scope covers the acquisition and/or adoption of common (automation) tools, processes and shared data infrastructures for the management and sharing of contextualised and actionable cybersecurity operational information across the EU. Well-established open standards for CTI sharing (e.g. MISP Standard) or automation of advisory information (e.g. CSAF) and cybersecurity related messages (e.g. by IntelMQ) should be considered. Cross-Border Cyber Hubs could also foresee the possibility to monitor undersea infrastructure, such as submarine cables.

Mentioned Countries: Iceland, Norway, and the 27 EU Member States.

Project Stage: Deployment. The call aims to deploy world-class Cross-Border Cyber Hubs across the Union. It also includes building up and running the Cross-Border Cyber Hub.

Funding Amount: €2,000,000 is the budget for DIGITAL-ECCC-2026-DEPLOY-CYBER-10-CBCH and €2,000,000 is the budget for DIGITAL-ECCC-2026-DEPLOY-CYBER-10-NCH.

Application Type: Open call. A call for expression of interest will be launched to select entities in Member States that provide the necessary facilities to host and operate Cross-Border Cyber Hubs for pooling data on cybersecurity threats between several Member States.

Nature of Support: Money and non-monetary services. A grant will be available to cover preparatory activities, interaction and cooperation with stakeholders, and running/operating costs. There is also a joint procurement action for infrastructure, tools, and services.

Application Stages: Applications shall be made to both workstreams. The applications will be subject to an evaluation procedure. Grants will only be awarded to applicants that have succeeded in the evaluation of the joint procurement action. Therefore, there are at least two stages: application and evaluation of the joint procurement action.

Success Rates: The indicative number of grants for DIGITAL-ECCC-2026-DEPLOY-CYBER-10-CBCH is 1 and the indicative number of grants for DIGITAL-ECCC-2026-DEPLOY-CYBER-10-NCH is 1.

Co-funding Requirement: Not explicitly stated, but the Joint Procurement Action with the Member State participating in the Cross-Border Cyber Hub suggests a co-funding element.

Summary: This opportunity is a call for proposals under the Digital Europe Programme (DIGITAL) aimed at establishing and strengthening Cross-Border Cyber Hubs across the European Union. The goal is to enhance the EU's cybersecurity capabilities by creating world-class hubs that can pool data on cybersecurity threats, detect and analyze these threats, and share threat intelligence. The program is structured around two main workstreams: a joint procurement action for infrastructure, tools, and services, and a grant to cover operational costs and preparatory activities. Applicants must apply to both workstreams and will be evaluated based on their success in the joint procurement action. The call is open to entities in EU Member States, Iceland, and Norway, particularly those with the facilities to host and operate Cyber Hubs. The hubs are intended to serve national authorities, critical infrastructure providers, and essential services. The initiative also emphasizes cooperation and information sharing between the Cyber Hubs, CSIRTs Network, and other relevant cybersecurity actors. Synergies with the EU Copernicus Space Programme are also encouraged, especially for surveillance and protection of undersea infrastructure. The total budget allocated is 4 million EUR, with 2 million EUR earmarked for each of the two specific topics: DIGITAL-ECCC-2026-DEPLOY-CYBER-10-CBCH and DIGITAL-ECCC-2026-DEPLOY-CYBER-10-NCH. The application deadline is May 28, 2026.