Cyber Resilience Boost: Supporting capacity building for cyber resilience of products II.

The Cyber Resilience Boost: Supporting Capacity Building for Cyber Resilience of Products II, also known as TEST-CERT-CZ, is a European Union funding opportunity aimed at enhancing cyber resilience in accordance with the requirements of the Cyber Resilience Act (CRA). This targeted initiative is primarily directed at small and medium-sized enterprises (SMEs) and collaborative partnerships, focusing on the development of tools and knowledge necessary for compliance with CRA obligations.

Eligible applicants include SMEs engaged in providing cybersecurity services, testing of digital products, and conformity assessment processes. Organizations focused on cybersecurity training, especially in ICT product certification and testing, are also eligible. Moreover, consortia and partnerships are encouraged to apply, facilitating collaborative efforts among various eligible entities. Individual applicants, large enterprises, public bodies, and research institutes are not specifically targeted.

The funding is structured as a simple grant, providing a co-funding rate of 50% of eligible costs, with a total maximum grant amount of EUR 100,000 per project. The total budget allocated for this call is EUR 214,000, implying that multiple projects could receive funding. Applications must originate from organizations established in EU member states or EEA countries, with the controlling person being a resident of these regions. Third-country applications will not be considered.

The initiative supports projects across the cybersecurity and ICT sectors, with a strong emphasis on compliance with the CRA. Specifically, it aims to enhance capabilities for testing, certification of digital products, and development of training and implementation tools. The objectives include creating documentation templates for self-assessment, providing training for SMEs, and fostering cooperation and best practice sharing across the sector.

Projects must focus on development and capacity building rather than pure research or commercialization. Eligible activities may involve the creation of technical documentation, conducting training workshops, and establishing platforms for cooperation among stakeholders. The expected completion date for all projects is December 31, 2026.

The application process is a single-stage submission, with no formal pre-evaluation steps. Interested parties must submit their proposals by April 2, 2026, at 19:00 CET. The evaluation will assess compliance with formal requirements, substantive criteria, quality, and overall alignment with the program's objectives.

Success rates for the call are unclear, but the competitive nature and limited budget suggest that applicants should be prepared for a challenging process. To qualify, projects must demonstrate the capacity for practical application of results, aligning closely with the requirements of the CRA. Overall, the call is tailored to strengthen the cybersecurity ecosystem, particularly for SMEs, ensuring their preparedness for regulatory standards that come into effect, with the most significant obligations commencing in December 2027.

The Cyber Resilience Boost: Supporting capacity building for cyber resilience of products II call, also known as TEST-CERT-CZ, aims to bolster cyber resilience in accordance with the Cyber Resilience Act (CRA) requirements. The call specifically targets the development of tools and knowledge to enable organizations in the ICT product and service sectors to meet their CRA obligations, whether they are manufacturers, importers, or certification and assessment bodies.

The call focuses on three thematic pillars:

1) Development of support tools and documentation for self-assessment according to CRA-based product requirements: This pillar aims to provide manufacturers, importers, and distributors with practical tools to facilitate CRA compliance. These tools include templates for technical documentation and declarations of conformity, methodological guides, checklists, instructions, consulting services, and support for self-assessment and risk assessment.

2) Increasing the preparedness and awareness of small and medium-sized enterprises (SMEs): This pillar seeks to lower the barriers to entry for SMEs needing to comply with the CRA. Support will be provided for training activities focused on CRA, including practical workshops, e-learning tools, and webinars, pilot implementation of CRA requirements (e.g., conducting internal audits, preparing documentation), and preparation of personnel and internal processes in accordance with CRA.

3) Support for cooperation, standardization, and sharing of best practices: This pillar supports knowledge sharing among actors in conformity assessment, government administration, standardization bodies, and the professional community. Support will be provided for international and interdisciplinary initiatives aimed at harmonizing approaches to CRA, joint projects, working groups, participation in standardization activities, the creation of community platforms, and open databases of good practice.

The call's objective is to strengthen the readiness of the Czech and European markets for CRA implementation and to accelerate the creation of practical support tools and services, while also supporting SMEs in meeting new regulatory requirements without undue burden. Projects must demonstrate compliance with the call's objectives and the potential for practical application of the results.

The opening date for submissions is February 2, 2026, and the deadline for submission is April 2, 2026, at 19:00 (Brussels time). The expected duration of participation is until December 30, 2026. The total funding available is 214,000 EUR. The grant agreement number is 101127940. The topic is DIGITAL-ECCC-2022-CYBER-03-TEST-CERT-CAPABILTIES Testing and Certification Capabilities.

The maximum financial support per project is 100,000 EUR, covering 50% of eligible costs. Funding is based on actual costs incurred during project implementation. The final amount of support depends on the project's quality, the consistency of expected results with the proposed budget, and the structure of individual costs. Beneficiaries must regularly document actual expenditures, with reporting details specified in the grant agreement. Applicants must ensure compliance with conditions preventing unlawful indirect State aid or double funding.

Eligible organizations include:

1) Small and medium-sized enterprises (SMEs) engaged in or interested in providing cybersecurity services, testing products with a digital element, conformity assessment processes, or related certification processes. This includes enterprises focused on cybersecurity education or training, particularly in ICT product certification and testing, and those providing professional training to auditors, testers, and other professionals involved in CRA conformity assessment.

2) Consortia and partnerships, which are groups of organizations that may include combinations of the above entities working together on joint projects. These consortia should be able to effectively coordinate activities and resources to achieve the objectives of the call.

Applicants must be established in an EU Member State (including overseas countries and territories) or an EEA country (Norway, Iceland, and Liechtenstein). The controlling person of the Applicant, whether a commercial corporation or a natural person, must also be established or resident in one of the eligible countries. Eligibility is subject to meeting the objectives and requirements of the Digital Europe Programme, including financial and operational stability and the ability to manage EU-funded projects. Applicants will be assessed on their professional capacity based on their application and evaluation criteria.

The project proposal must be submitted via the application form with mandatory annexes and any additional annexes demonstrating eligibility, quality, applicability of results, suitability of the proposed mechanism for sustainability, or other project parameters.

The NCC-CZ Council will appoint a member to manage the evaluation process based on the submission and sectoral focus. NCC-CZ administrators will assess formal compliance and the acceptability of the project in terms of substantive requirements. Independent evaluators will assess the quality and compliance with material requirements according to the Terms of Reference of the NCC-CZ and this call.

In summary, this call aims to enhance cyber resilience by supporting projects that develop tools, training, and best practices related to the Cyber Resilience Act. It targets SMEs, consortia, and partnerships involved in cybersecurity, testing, and certification, with a focus on helping them comply with the CRA requirements. The funding covers 50% of eligible costs, up to 100,000 EUR per project, and is open to entities established in EU or EEA countries. The call seeks to strengthen the overall cybersecurity ecosystem and ensure that businesses, especially SMEs, are well-prepared for the new regulatory landscape.

Eligible Applicant Types: The eligible applicant types are small and medium-sized enterprises (SMEs) and consortia/partnerships of organizations. SMEs must be engaged in or interested in providing cybersecurity services, testing of products with a digital element, conformity assessment processes, or related certification processes. They should focus on education or training in cybersecurity, particularly in ICT product certification and testing, or be preparing to implement the CRA (e.g., development of self-assessment services, preparation of declaration of conformity documentation, provision of training, etc.). Consortia and partnerships should be able to effectively coordinate activities and resources to achieve the objectives of the call.

Funding Type: The funding type is a grant.

Consortium Requirement: Both single applicants and consortia are eligible. SMEs can apply individually, or they can form consortia or partnerships.

Beneficiary Scope (Geographic Eligibility): The geographic eligibility includes EU Member States (including overseas countries and territories) and EEA countries (Norway, Iceland, and Liechtenstein). The controlling person of the applicant, whether a commercial corporation or a natural person, must also be established or resident in one of these eligible countries.

Target Sector: The target sector is cybersecurity, specifically focusing on cyber resilience, ICT product certification and testing, and conformity assessment related to the Cyber Resilience Act (CRA). The call targets the development of tools, knowledge, and capacities to enable organizations to fulfill their obligations under the CRA.

Mentioned Countries: Czech Republic, Norway, Iceland, Liechtenstein. The call is also open to EU Member States (including overseas countries and territories) and EEA countries.

Project Stage: The expected project stage includes development, validation, and demonstration. The call aims to support the development of tools and knowledge capacities, increase preparedness and awareness, and support cooperation and standardization. Projects should demonstrate compliance with the objectives of the call and the potential for practical application of the results.

Funding Amount: The maximum amount of financial support is EUR 100,000 per project. The total funding available for the call is EUR 214,000. The projects will be financed at 50% of the eligible costs.

Application Type: The application type is an open call, with a single-stage submission process.

Nature of Support: Beneficiaries will receive money in the form of a grant.

Application Stages: The application process is single-stage.

Success Rates: Success rates are not specified in the provided text.

Co-funding Requirement: Yes, there is a co-funding requirement. The projects will be financed at 50% of the eligible costs, meaning the beneficiary must provide the remaining 50%.

Summary:

This call for proposals, titled "Cyber Resilience Boost: Supporting capacity building for cyber resilience of products II," aims to strengthen cyber resilience in accordance with the Cyber Resilience Act (CRA) requirements. It is funded under the EU Digital Europe Programme and managed by the NCC-CZ (National Coordination Centre Czech Republic). The call targets SMEs and consortia operating in the cybersecurity sector, particularly those involved in providing cybersecurity services, testing digital products, and conformity assessment. The goal is to support the development of tools, knowledge, and capacities that will enable organizations to effectively fulfill their obligations under the CRA.

The call focuses on three main thematic pillars: developing support tools and documentation for self-assessment according to CRA requirements, increasing the preparedness and awareness of SMEs, and supporting cooperation, standardization, and sharing of best practices. Eligible activities include creating templates for technical documentation, providing training activities, and supporting knowledge sharing initiatives.

The maximum grant amount per project is EUR 100,000, covering 50% of the eligible costs. Applicants must be established in an EU Member State or an EEA country. The application process is single-stage, with a deadline of April 2, 2026. The call seeks to enhance the readiness of the Czech and European markets for the implementation of the CRA and to support SMEs in meeting new regulatory requirements. The full name of the EU funded project is Building Testing and Certification Capabilities in the Czech Republic, with grant agreement number 101127940 and topic DIGITAL-ECCC-2022-CYBER-03-TEST-CERT-CAPABILTIES - Testing and Certification Capabilities. The project acronym is TEST-CERT-CZ. The opening date was February 2, 2026, and the expected duration of participation ends on December 30, 2026.