Design, execution and enablement of cybersecurity studies and cybersecurity market analyses in the EU internal market

The European Union Agency for Cybersecurity (ENISA) has announced a call for tenders (reference ENISA/2025/OP/0010) focused on procuring services for the design, execution, and enablement of cybersecurity studies and market analyses within the EU internal market. The total estimated value of the procurement is €1,590,000, and the tender consists of four distinct lots.

Lot 1 aims to provide support services for large-scale cybersecurity studies in the EU or specified countries, with an estimated value of €810,000. Lot 2 focuses on supporting cybersecurity market analyses and capacity-building efforts, estimated at €420,000. Lot 3 is for tool-based professional services to assist large-scale cybersecurity studies, valued at approximately €120,000. Lastly, Lot 4 focuses on tool-based services for cybersecurity market analysis and monitoring, estimated at €240,000. Each lot has a maximum duration of 36 months and will be awarded based on the best price-quality ratio.

Interested bidders are expected to submit their proposals electronically, with the submission deadline set for December 15, 2025, at 10:00 UTC. An electronic public opening of tenders will occur on the same day at 13:00 UTC. Bidders must obtain a Participant Identification Code (PIC) and are encouraged to consult the full tender documentation, which lists technical specifications and administrative requirements.

The opportunity is open to various qualified service providers, including consulting firms, research organizations, and technology companies. While SMEs can participate, the procurement is not specifically reserved for them. Subcontracting is allowed, facilitating collaboration among bidders. The eligibility primarily encompasses entities from EU member states and potentially other specified regions.

The call adheres to a two-stage evaluation process, with an emphasis on quality (70%) over price (30%). Successful contractors will receive direct monetary compensation for their services, with no co-funding requirements from the bidders, as all funding is derived from EU sources.

In summary, this tender offers specialized opportunities to enhance ENISA's capabilities in addressing cybersecurity challenges within the EU. Interested parties should prepare to participate through electronic means while adhering to the specified submission guidelines and timelines.

The European Union Agency for Cybersecurity (ENISA) has published a call for tenders, ENISA/2025/OP/0010, for the design, execution, and enablement of cybersecurity studies and cybersecurity market analyses within the EU internal market. The estimated total value of this procurement is 1,590,000 EUR. The TED reference for this call is 219/2025 751870-2025. The publication date was 13/11/2025.

This is an open procedure, and submissions must be made electronically. The deadline for receipt of tenders is 15/12/2025 at 10:00 Europe/Athens. A public opening of the tenders will occur on 15/12/2025 at 13:00 Europe/Athens. The contracting authority is not obligated to answer questions submitted after 05/12/2025 at 06:00 Europe/Athens.

The call for tenders is divided into four lots:

Lot 1: Support services for large-scale cybersecurity studies in the EU or specified countries. This lot focuses on providing support services for the design and execution of large-scale studies focused on cybersecurity across the EU internal market or other specified countries. The maximum contract duration is 36 months, and the estimated value is 810,000 EUR. The award method is based on the best price-quality ratio. This lot involves a framework agreement with reopening of competition. The main CPV code is 79310000 Market research services, with additional CPV codes including 72222300 Information technology services, 73000000 Research and development services and related consultancy services, 73200000 Research and development consultancy services, 72200000 Software programming and consultancy services, and 73100000 Research and experimental development services.

Lot 2: Support services for cybersecurity market analyses and relevant capacity and community building. This lot involves providing support services towards the design and execution of market analyses and monitoring of the cybersecurity market. It also includes enhancing ENISA’s internal capacity to carry out market analysis and monitoring, and fostering a related engaged stakeholder community. The maximum contract duration is 36 months, and the estimated value is 420,000 EUR. The award method is based on the best price-quality ratio. This lot involves a framework agreement with reopening of competition. The main CPV code is 79310000 Market research services, with additional CPV codes including 72200000 Software programming and consultancy services, 72222300 Information technology services, 73000000 Research and development services and related consultancy services, 73100000 Research and experimental development services, and 73200000 Research and development consultancy services.

Lot 3: Tool-Based Professional services for large-scale cybersecurity studies. This lot is for suitable tools and associated professional services to support the internal execution of large-scale cybersecurity studies. The maximum contract duration is 36 months, and the estimated value is 120,000 EUR. The award method is based on the best price-quality ratio. This lot involves a framework agreement with reopening of competition. The main CPV code is 79310000 Market research services, with additional CPV codes including 72200000 Software programming and consultancy services, 72222300 Information technology services, 73000000 Research and development services and related consultancy services, 73100000 Research and experimental development services, and 73200000 Research and development consultancy services.

Lot 4: Tool-Based Professional services for cybersecurity market analyses and monitoring. This lot is for suitable tools and associated professional services to support the internal execution of cybersecurity market analysis and monitoring. The maximum contract duration is 36 months, and the estimated value is 240,000 EUR. The award method is based on the best price-quality ratio. This lot involves a framework agreement with reopening of competition. The main CPV code is 79310000 Market research services, with additional CPV codes including 72200000 Software programming and consultancy services, 72222300 Information technology services, 73000000 Research and development services and related consultancy services, 73100000 Research and experimental development services, and 73200000 Research and development consultancy services.

The following documents are available for download:

EN Invitation to tender ENISA2025OP0010 Invitation letter, published on 13/11/2025, applicable to all lots, Version 1, no translations available.
EN Annex I Part 1 Administrative specifications F-RCS-25-T20 Lot 1-2-3-4 Tender specifications adm. part, published on 13/11/2025, applicable to all lots, Version 1, no translations available.
EN Annex I Part 2 Technical Specifications F-RCS-25-T20 Lot 1-2-3-4 Technical specifications, published on 13/11/2025, applicable to all lots, Version 1, no translations available.
EN Annex 02 declaration-of-honour-tenders ENISA2025OP0010 F-RCS-25-T20 Declaration on honour (tender), published on 13/11/2025, applicable to all lots, Version 1, no translations available.
EN Annex 03 Agreement Power of attorney Other invitation to tender document, published on 13/11/2025, applicable to all lots, Version 1, no translations available.
EN Annex 04 List of identified subcontractors and proportion of subcontracting Other invitation to tender document, published on 13/11/2025, applicable to all lots, Version 1, no translations available.
EN Annex 05.1 Commitment letter by an identified subcontractor Other invitation to tender document, published on 13/11/2025, applicable to all lots, Version 1, no translations available.
EN Annex 05.2 Commitment letter by an entity on whose capacities is being relied Other invitation to tender document, published on 13/11/2025, applicable to all lots, Version 1, no translations available.
EN Annex 06 Financial Offer form F-RCS-25-T20 Lot 1 Financial offer form, published on 13/11/2025, applicable to Lot 1, Version 1, no translations available.
EN Annex 06 Financial Offer form F-RCS-25-T20 Lot 2 Financial offer form, published on 13/11/2025, applicable to Lot 2, Version 1, no translations available.

Submissions must be sent exclusively via electronic submission.

Some frequently asked questions (FAQs) and their answers are provided regarding the eSubmission system:

How to proceed if the system is slow or doesn’t work while uploading/downloading documents? Use the latest versions of Google Chrome or Mozilla Firefox. If the issue persists, clear the cache and cookies on the Internet browser.
Which Internet browsers does eSubmission support? Use the latest versions of Google Chrome or Mozilla Firefox. For the most up-to-date technical recommendations, click on the link System Requirements.
Is it possible to view the details of the submission after the deadline? No, the content of the submission is not accessible after submitting the tender as the system encrypts all attachments upon upload.
Where can I find my submissions in Manage My Area, in the Funding & Tenders portal? Submissions can be found in ‘My Submission(s)’: tenders in response to open calls for tenders, requests to participate, etc.
Which size should attachments have? eSubmission accepts files that are less than 50 MB in size.
How should I name attachments in eSubmission? Follow the System Requirements.
Can I submit a video in eSubmission? Which formats are supported? Check the System Requirements of eSubmission.
I received an invitation from the F&T Portal but cannot view the procurement documents. Invited candidates can only see the procurement documents after having selected an organisation.
Do I need to validate my PIC in order to submit a tender in eSubmission? The Personal Identification Code (PIC) is mandatory to participate in a call for tenders.
I have an issue uploading a file in eSubmission and it’s giving me an error. What do I do? Make sure it follows the technical requirements of the system.
How many attachments can I upload per submission? The maximum number of documents is 200 files.
Why do tenderers need a PIC? It is mandatory to register for a PIC if you intend to submit a tender or a request to participate.
How do I register my organisation and get a Participant Identification Code (PIC)? Check if the organisation is already registered using the Search PIC tool under 'How to Participate' > Participant Register.
How many languages does the system support? The system is multilingual and supports all 24 official EU languages.
Which is the character set encoding in the system? The character set encoding is UTF-8.
Does the system use encryption to ensure the integrity and the confidentiality of the information? Yes, the system encrypts all uploaded documents, using an asymmetric key as an encryption mechanism.
Which file types does the system support? The supported file types depend on the type of submission you want to make.
Can I view and edit my draft submission? Until the deadline for the submission has been reached, submissions in the draft status can be edited, viewed and deleted.
In the submission report, under the name of our entity, "Legal form: UNKNOWN" is displayed while in the system, our legal form was correctly displayed. Is this a problem for the submission? No, it is just a display issue. This is not blocking for you: you can submit.
I sent my submission on time and a few days later, I received an automatic email informing me that the deadline for the reception of submissions had been reached. Does this mean that my submission was not correctly sent? No, this is an auto-generated notification sent when the time limit of receipt defined for the call for tenders has been reached.

In summary, this is a call for tenders by ENISA seeking services related to cybersecurity studies and market analysis within the EU. The tender is divided into four lots, each focusing on different aspects such as large-scale studies, market analysis, capacity building, and tool-based professional services. The total estimated value is 1,590,000 EUR. Interested parties must submit their tenders electronically by 15/12/2025, following the guidelines and requirements outlined in the tender documents. The opportunity aims to enhance ENISA's capabilities in understanding and addressing the evolving cybersecurity landscape within the European Union.

Eligible Applicant Types: The opportunity details do not explicitly state the eligible applicant types. However, given the nature of the tender, it is likely that eligible applicants include companies, research institutions, and other organizations with expertise in cybersecurity, market analysis, and related fields. This could include SMEs, large enterprises, universities, research institutes, and consultancies.

Funding Type: The primary financial mechanism is procurement through a call for tenders. This means the selected applicants will be awarded service contracts.

Consortium Requirement: The opportunity details do not explicitly state whether a consortium is required or if single applicants are allowed. However, the inclusion of "Annex 04 List of identified subcontractors and proportion of subcontracting" and "Annex 05.1 Commitment letter by an identified subcontractor" suggests that consortia are permitted and potentially encouraged.

Beneficiary Scope (Geographic Eligibility): The opportunity is focused on the EU internal market, and Lot 1 mentions "EU or specified countries," suggesting that the geographic eligibility includes the EU and potentially extends to other countries as specified in the tender documents. Therefore, the geographic eligibility is EU and potentially EU third countries.

Target Sector: The primary target sector is cybersecurity. It also includes market research, information technology, research and development, software programming, and consultancy services.

Mentioned Countries: The opportunity mentions the EU and refers to "specified countries" in the context of Lot 1. Therefore, the mentioned region is the EU.

Project Stage: The expected maturity of the project is likely at the service delivery stage, requiring design, execution, and enablement of cybersecurity studies and market analyses. This suggests a need for established methodologies and expertise rather than early-stage research or idea development.

Funding Amount: The estimated total value of the tender is 1,590,000 EUR. The estimated values for the individual lots are: Lot 1: 810,000 EUR, Lot 2: 420,000 EUR, Lot 3: 120,000 EUR, and Lot 4: 240,000 EUR. Therefore, the funding range is variable, depending on the lot, but generally under 1 million EUR per lot.

Application Type: The application type is an open call for tenders, with electronic submission.

Nature of Support: Beneficiaries will receive money in exchange for providing services related to cybersecurity studies and market analyses. Therefore, the nature of support is monetary for services rendered.

Application Stages: The opportunity details do not explicitly state the number of application stages. However, based on the documentation provided (invitation letter, administrative specifications, technical specifications, declaration of honor, agreement, financial offer form), it can be inferred that there are multiple stages, including submission of the tender, evaluation, and contract award. Therefore, there are likely 3 or more stages.

Success Rates: The opportunity details do not provide information on success rates.

Co-funding Requirement: The opportunity details do not explicitly state whether co-funding is required.

Summary:

This is an invitation to tender (ENISA/2025/OP/0010) issued by the European Union Agency for Cybersecurity (ENISA). The purpose of this tender is to procure services for the design, execution, and enablement of cybersecurity studies and cybersecurity market analyses within the EU internal market. The total estimated value of the tender is 1,590,000 EUR.

The tender is divided into four lots:

Lot 1: Support services for large-scale cybersecurity studies in the EU or specified countries (estimated value: 810,000 EUR). This lot focuses on providing support for the design and execution of large-scale studies related to cybersecurity across the EU internal market or other specified countries.

Lot 2: Support services for cybersecurity market analyses and relevant capacity and community building (estimated value: 420,000 EUR). This lot involves providing support for the design and execution of market analyses and monitoring of the cybersecurity market. It also includes enhancing ENISA’s internal capacity for market analysis and fostering a stakeholder community.

Lot 3: Tool-Based Professional services for large-scale cybersecurity studies (estimated value: 120,000 EUR). This lot is focused on providing suitable tools and associated professional services to support the internal execution of large-scale cybersecurity studies.

Lot 4: Tool-Based Professional services for cybersecurity market analyses and monitoring (estimated value: 240,000 EUR). This lot involves providing suitable tools and associated professional services to support the internal execution of cybersecurity market analysis and monitoring.

The contract duration for each lot is a maximum of 36 months. The award method is based on the best price-quality ratio. The procedure type is an open procedure, and submissions must be made electronically. The deadline for receipt of tenders is December 15, 2025, at 10:00 Europe/Athens. Potential tenderers must submit their tenders electronically through the designated eSubmission platform, ensuring that all required documents, including the declaration of honor, agreement, and financial offer form, are completed and submitted in accordance with the tender specifications. A Participant Identification Code (PIC) is mandatory for participation. The system supports 24 official EU languages and uses UTF-8 character set encoding. The system encrypts all uploaded documents to ensure integrity and confidentiality.