Dedicated action to reinforcing hospitals and healthcare providers

The EU's Digital Europe Programme is announcing a funding opportunity titled "Strengthening the cybersecurity ecosystem (DIGITAL-ECCC-2025-DEPLOY-CYBER-08)." This initiative specifically focuses on enhancing the cybersecurity of hospitals and healthcare providers across the European Union. It aims to create resilience against increasing cyber threats, particularly ransomware, that target the healthcare sector. A total budget of €30 million has been allocated for this call, which opens for proposals on June 12, 2025, and has a submission deadline of October 7, 2025.

Eligible applicants include regional or national clusters of hospitals, healthcare providers, and cybersecurity service providers. The opportunity requires the formation of consortia that bring together these stakeholders. The geographic eligibility focuses on EU Member States, with the stipulation that pilot projects must involve at least two different Member States.

The targeted sectors include health and cybersecurity, with the intent of supporting pilot projects aimed at assessing current cybersecurity preparedness, identifying needs, and developing state-of-the-art cybersecurity solutions tailored for healthcare contexts. Projects will create technical plans that consist of implementation recommendations and will feature demo installations in healthcare settings to showcase effective solutions.

The funding supports not only financial outcomes but also non-monetary resources, such as educational training for healthcare staff on cybersecurity best practices. The ultimate goal of the initiative is to enhance the ability of healthcare institutions to detect, monitor, and respond to cyber threats, ensuring compliance with the NIS 2 Directive.

Additional details include that the application process is single-stage, simplifying the evaluation of submissions. The explicit success rates for applications are not provided, making the competitive landscape unclear. There is no mention of co-funding requirements, but it is common in EU grants.

Expected outcomes from the funded projects include a comprehensive mapping of cybersecurity needs, creation of guidelines for self-assessment in cybersecurity, technical plans tailored to healthcare providers, implementations monitored via specific performance indicators, and a wide dissemination of best practices across the EU. This strategic focus aims to build a robust cybersecurity framework in the healthcare sector, addressing vulnerabilities and enhancing operational continuity during cyber incidents.

Applications must comply with specific procedural and documentation requirements detailed in the call document, which outlines eligibility conditions, proposal page limits, submission processes, and award criteria for funding evaluation.

In parallel, two other topics under the same call—DIGITAL-ECCC-2025-DEPLOY-CYBER-08-NCC with a budget of €10 million and DIGITAL-ECCC-2025-DEPLOY-CYBER-08-PUBLICPQC with a budget of €15 million—are also available for proposals, sharing the same opening and deadline dates. Overall, the initiative aims to significantly strengthen the cybersecurity posture of the healthcare sector across Europe.

The EU's Digital Europe Programme (DIGITAL) is offering a call for proposals titled "Strengthening the cybersecurity ecosystem (DIGITAL-ECCC-2025-DEPLOY-CYBER-08)". This call includes the topic "Dedicated action to reinforcing hospitals and healthcare providers" (DIGITAL-ECCC-2025-DEPLOY-CYBER-08-CYBERHEALTH). The action type is DIGITAL-JU-SIMPLE DIGITAL JU Simple Grants, utilizing a DIGITAL Action Grant Budget-Based [DIGITAL-AG] Model Grant Agreement. The deadline model is single-stage, with a planned opening date of June 12, 2025, and a deadline of October 7, 2025, at 17:00:00 Brussels time.

The primary objective of this action is to bolster the cybersecurity of hospitals and healthcare providers across the European Union. It aims to ensure these critical operators can effectively detect, monitor, and respond to cyber threats, with a particular focus on ransomware, to enhance the overall resilience of the European healthcare system. This initiative directly supports the EU action plan on cybersecurity in hospitals and healthcare, slated for adoption by the Commission in January 2025.

The scope of the action involves supporting pilot projects that bring together various stakeholders, including regional and/or national clusters associations of hospitals and healthcare providers (such as national healthcare systems, hospitals, associations of hospitals, healthcare providers, and professional associations of healthcare practitioners), alongside cybersecurity service providers. These pilot projects will assess the current cybersecurity preparedness of hospital and healthcare provider clusters within the EU to identify their specific needs. Based on this assessment, they will develop an overview of state-of-the-art cybersecurity solutions and resources, encompassing technologies, services, tools, human resources, and training needs. Examples of solutions include Security Operation Centres (SOCs) for real-time monitoring, threat detection, and incident response, as well as advanced cybersecurity tools like Security Information and Event Management (SIEM) platforms, threat intelligence, and automated response capabilities.

The pilot projects are expected to develop technical plans tailored to the needs of diverse hospitals and healthcare providers, including small and large hospitals, and private healthcare providers. These plans should include best implementation recommendations and cost estimates for effective deployment. A key component is the demo implementation of these technical plans at stakeholder sites, showcasing various use cases across different user groups in small, medium, and large hospitals and healthcare providers, with implementations spanning at least two different Member States.

Furthermore, the pilot projects will serve as demonstration sites and provide cybersecurity education and training to hospital and healthcare provider staff, promoting awareness and best practices in safeguarding sensitive healthcare information. The projects will also collaborate to disseminate best practices widely across the EU, aiming to replicate and scale up the pilots’ activities as broadly as possible. The pilot projects will support healthcare institutions in complying with the NIS 2 Directive.

Expected outcomes include:
1. Mapping of common cybersecurity needs of hospitals and healthcare providers.
2. Guidelines for healthcare providers to assess their current state of cybersecurity protection and relevant needs.
3. Technical cybersecurity plans to enhance preparedness and cyber resilience, including improved detection and response capabilities and dedicated training courses.
4. Pilot cybersecurity demo installations at partner sites, monitored through specific KPIs, to ensure operational continuity during cybersecurity incidents.
5. Wide dissemination campaigns to scale up preparedness across Europe.

The admissibility conditions require adherence to the proposal page limits and layout as described in Section 5 of the Call document "Strengthening the Cybersecurity Ecosystem (DIGITAL-ECCC-2025-DEPLOY-CYBER-08)" and Part B of the Application Form available in the Submission System. Eligible countries are detailed in Section 6 of the call document, along with other eligible conditions. Financial and operational capacity and exclusion criteria are outlined in Section 7 of the call document. The submission and evaluation processes are described in Section 8 of the call document and the Online Manual, while award criteria, scoring, and thresholds are in Section 9. The indicative timeline for evaluation and grant agreement is in Section 4, and the legal and financial setup of the grants is in Section 10.

Key documents include the Call document, Standard application form (DEP), Standard application form (DEP FPA), Ownership control declaration, DEP MGA, DEP Work Programmes, DEP Regulation 2021/964, EU Financial Regulation 2024/2509, Rules for Legal Entity Validation, LEAR Appointment and Financial Capacity Assessment, EU Grants AGA Annotated Model Grant Agreement, Funding & Tenders Portal Online Manual, Funding & Tenders Portal Terms and Conditions, and Funding & Tenders Portal Privacy Statement.

The budget overview indicates a total of 30,000,000 EUR allocated for the DIGITAL-ECCC-2025-DEPLOY-CYBER-08-CYBERHEALTH topic, with a single-stage submission process. The opening date is June 12, 2025, and the deadline is October 7, 2025.

Applicants can search for partners to collaborate on this topic, and LEARs, Account Administrators, and self-registrants can publish partner requests on the Funding & Tenders Portal. The submission system is planned to open on June 12, 2025.

For support, applicants can contact the ECCC Applicants Direct Contact Centre, consult the Funding & Tenders Portal FAQ, or contact the IT Helpdesk for technical issues. The Online Manual provides a step-by-step guide through the Portal processes.

In summary, this EU funding opportunity aims to significantly improve the cybersecurity posture of hospitals and healthcare providers by supporting pilot projects that assess needs, develop technical plans, implement state-of-the-art solutions, provide training, and disseminate best practices across the EU. The focus is on enhancing resilience against cyber threats, particularly ransomware, and ensuring compliance with the NIS 2 Directive. The call encourages collaboration between healthcare organizations and cybersecurity service providers to create and implement effective cybersecurity measures.

There are also two other topics under the same call:
DIGITAL-ECCC-2025-DEPLOY-CYBER-08-NCC - DIGITAL-JU-SIMPLE DIGITAL JU Simple Grants with a budget of 10,000,000 EUR.
DIGITAL-ECCC-2025-DEPLOY-CYBER-08-PUBLICPQC - DIGITAL-JU-SIMPLE DIGITAL JU Simple Grants with a budget of 15,000,000 EUR.
Both topics share the same opening and deadline dates as the CYBERHEALTH topic.

Eligible Applicant Types: The eligible applicant types include regional and/or national clusters associations of hospitals and healthcare providers (such as national healthcare systems, hospitals or associations of hospitals, healthcare providers and/or professional associations of healthcare practitioners), as well as cybersecurity service providers. A 'Cluster association' refers to any legally established group of hospitals and healthcare providers, such as regions and professional associations established in one or more Member States.

Funding Type: The funding type is a grant, specifically a DIGITAL JU Simple Grant, which is a DIGITAL Action Grant Budget-Based [DIGITAL-AG].

Consortium Requirement: The opportunity requires a consortium of multiple applicants, bringing together stakeholders such as clusters of hospitals and healthcare providers and cybersecurity service providers.

Beneficiary Scope (Geographic Eligibility): The geographic eligibility is focused on the European Union, as the pilot projects will define the state of preparedness of clusters of hospitals and healthcare providers in the European Union. The pilot projects will conduct demo implementations in at least two different Member States.

Target Sector: The target sectors are health and security/cybersecurity. Specifically, the program targets the cybersecurity of hospitals and healthcare providers.

Mentioned Countries: The opportunity mentions Member States of the European Union, with pilot projects required to be implemented in at least two different Member States.

Project Stage: The expected maturity of the project is at the demonstration stage, as the action supports pilot projects that will conduct demo implementations of technical plans.

Funding Amount: The budget for the DIGITAL-ECCC-2025-DEPLOY-CYBER-08-CYBERHEALTH topic is EUR 30,000,000. The budget for the DIGITAL-ECCC-2025-DEPLOY-CYBER-08-NCC topic is EUR 10,000,000. The budget for the DIGITAL-ECCC-2025-DEPLOY-CYBER-08-PUBLICPQC topic is EUR 15,000,000.

Application Type: The application type is an open call, with a single-stage submission process.

Nature of Support: Beneficiaries will receive money in the form of a grant to support their pilot projects. The support also includes non-monetary services such as cybersecurity education and training.

Application Stages: The application process consists of a single stage.

Success Rates: The success rates are not explicitly mentioned in the provided text.

Co-funding Requirement: The co-funding requirement is not explicitly mentioned in the provided text.

Summary:

This EU funding opportunity, under the Digital Europe Programme (DIGITAL), aims to bolster the cybersecurity defenses of hospitals and healthcare providers across the European Union. The call, titled "Strengthening the cybersecurity ecosystem (DIGITAL-ECCC-2025-DEPLOY-CYBER-08)," seeks to address the increasing cyber threats, particularly ransomware, that target the healthcare sector. The initiative will fund pilot projects that bring together regional or national clusters of hospitals and healthcare providers, along with cybersecurity service providers. These projects will assess the cybersecurity preparedness of healthcare institutions, identify their needs, and develop state-of-the-art cybersecurity solutions. The projects will create technical plans tailored to different types of hospitals and healthcare providers, including implementation recommendations and cost estimates. A key component involves demo implementations of these plans at stakeholder sites in at least two EU Member States, showcasing various use cases. The pilot projects will also provide cybersecurity education and training to healthcare staff, disseminate best practices, and support compliance with the NIS 2 Directive. The total budget allocated to the DIGITAL-ECCC-2025-DEPLOY-CYBER-08-CYBERHEALTH topic is EUR 30,000,000, while the DIGITAL-ECCC-2025-DEPLOY-CYBER-08-NCC topic has a budget of EUR 10,000,000 and the DIGITAL-ECCC-2025-DEPLOY-CYBER-08-PUBLICPQC topic has a budget of EUR 15,000,000. The application process is a single-stage submission, with a planned opening date of June 12, 2025, and a deadline of October 7, 2025. This opportunity is designed to enhance the resilience of the European healthcare system by improving its ability to detect, monitor, and respond to cyber threats.