Enhancing the Security, Privacy and Robustness of AI Models and Systems (SecureAI)

The Horizon Europe grant opportunity HORIZON-CL3 is focused on enhancing the security, privacy, and robustness of AI models and systems, referred to as SecureAI. The overall goal is to strengthen AI's resilience against cyber threats while ensuring data privacy and promoting trustworthy AI applications. This initiative, managed by the European Cybersecurity Competence Centre (ECCC), offers a total funding budget of €21.2 million, aimed at funding around five projects, each receiving between €3 million and €4 million. Eligible applicants include research organizations, universities, private enterprises (both SMEs and large companies), public-private partnerships, and affiliated entities, all must be legal entities based in EU Member States or Associated Countries. Notably, entities controlled by non-eligible countries are excluded from participation. The funding type is a lump sum grant under Horizon Europe's Innovation Actions framework, promoting greater financial predictability and streamlined administrative management. A consortium of multiple participants is required for proposals, encouraging collaboration and integration of expertise across diverse sectors related to AI security. The focus areas within this call emphasize the development of AI solutions that resist adversarial attacks, employ privacy-enhancing technologies such as federated learning and secure computation, and utilize methodologies for detecting compromised datasets. Projects must also ensure compliance with regulatory frameworks, notably the AI Act and GDPR. Applications are invited for a single-stage submission, which opened on March 3, 2026, and will close on September 15, 2026. The application process is designed to allow complete proposals to be submitted directly to the evaluation committee, making it less burdensome for applicants while maintaining rigorous assessment criteria. Although specific success rates are not provided, it is implied that competition will be considerable, with success rates typically ranging between 10% and 39%. Additionally, while a co-funding requirement is standard in Horizon Europe initiatives, it is not explicitly outlined in the available documentation for this particular call. Overall, this funding opportunity targets critical advancements in AI security and privacy, positioning Europe as a leader in developing resilient and trustworthy AI technologies suitable for deployment in both public and private sectors. Successful proposals are expected to mature technology from initial development stages to practical applications and validations in real-world settings.

This is a Horizon Europe grant opportunity focused on Enhancing the Security, Privacy and Robustness of AI Models and Systems (SecureAI). The call, managed by the ECCC (European Cybersecurity Competence Centre), falls under the HORIZON-CL3-2026-02-CS-ECCC program. The overarching goal is to bolster the resilience of AI systems against cyber threats, ensure data privacy, and promote trustworthy AI deployments.

The call is structured around three specific topics:

HORIZON-CL3-2026-02-CS-ECCC-01:A HORIZON Research and Innovation Action (RIA) with a budget of €20,000,000. It aims to fund approximately 5 grants, with individual contributions ranging from 3,000,000 to €4,000,000.

HORIZON-CL3:A HORIZON Innovation Action (IA) with a budget of €21,200,000. Similar to the first topic, it intends to fund around 5 grants, each receiving between 3,000,000 and €4,000,000.

HORIZON-CL3-2026-02-CS-ECCC-03:Another HORIZON Research and Innovation Action (RIA) with a budget of €15,000,000. This topic anticipates funding about 4 grants, with contributions in the range of 2,000,000 to €3,000,000 per grant.

All three topics share the same timeline:the planned opening date for submissions is March 3, 2026, and the deadline for submissions is September 15, 2026, at 17:00 Brussels time. All are single-stage submissions.

Expected outcomes for successful proposals include:

Robust AI models and systems capable of resisting different classes of adversarial manipulation.

Innovative defense mechanisms for AI models and systems against new attack families.

Methodologies for detecting and mitigating attacks, such as data poisoning, backdoor exploitation, and misclassification.

AI systems leveraging privacy-enhancing technologies that maintain data confidentiality and regulatory compliance, enabling trusted in-house AI deployments (e.g., for governments and enterprises).

The scope of the call emphasizes strengthening the resilience of AI systems and algorithms against various threats and attacks, such as enhancing their resilience against adversarial attacks, backdoor injections, and data poisoning. Proposals should develop real-time anomaly detection, mitigation techniques to defend against adversarial attacks and robust federated learning techniques, in synergies with leading efforts on AI transparency, and in compliance with the AI Act.

Specific areas of focus include:

Developing robust AI models resistant to adversarial attacks, exploring techniques to harden AI models and systems against adversarial perturbations, such as adversarial training, robust optimisation, and defence mechanisms that enhance the trustworthiness of AI.

Improving detection of manipulated or poisoned training data, advancing methodologies to identify and mitigate compromised datasets, leveraging techniques such as anomaly detection, provenance tracking, and automated data validation mechanisms.

Addressing the concept of Private AI by developing mechanisms that enable AI models to be trained, deployed and operated in privacy-preserving environments, particularly for sensitive use cases, as for example for government and enterprise settings. This includes ensuring AI computations and data remain within trusted execution boundaries (e.g. on-premise or regulated cloud environments), and leveraging existing and emerging privacy-enhancing techniques such as federated learning, secure aggregation, computing on encrypted data, quantum-safe homomorphic encryption and secure inference in deep learning to safeguard the protection of personal and other sensitive data throughout the AI lifecycle.

General conditions for admissibility include adherence to proposal page limits and layout guidelines as described in Annex A and Annex E of the Horizon Europe Work Programme General Annexes and Part B of the Application Form. Eligible countries are detailed in Annex B of the Work Programme General Annexes, with specific provisions for non-EU/non-Associated Countries outlined in the Horizon Europe Programme Guide. Participation is limited to legal entities established in Member States and Associated Countries to safeguard the Union’s strategic assets, interests, autonomy, and security. Entities controlled by non-eligible countries are excluded.

Financial and operational capacity and exclusion criteria are described in Annex C of the Work Programme General Annexes. Evaluation and award processes, including criteria, scoring, thresholds, submission procedures, and indicative timelines, are detailed in Annexes D and F of the Work Programme General Annexes and the Online Manual. Legal and financial aspects of the grants are governed by a lump sum funding model, as defined in the Decision of 7 July 2021, with reference to Annex G of the Work Programme General Annexes.

Application and evaluation forms are available in the Submission System, with standard forms for HE RIA and IA actions. Guidance is provided through the HE Programme Guide, Lump Sum MGA, call-specific instructions, a detailed budget table, and documents related to ownership control and security issues. Additional documents include the HE Main Work Programme 2026-2027 sections on General Introduction, Civil Security for Society, and General Annexes, as well as the Decision authorising lump sum contributions, rules for legal entity validation, and the EU Grants AGA.

Partner search functionalities are available on the Funding & Tenders Portal. Applicants are encouraged to contact National Cybersecurity Coordination Centres (NCCs) for guidance and support. Additional resources include the Online Manual, Horizon Europe Programme Guide, Funding & Tenders Portal FAQ, Research Enquiry Service, National Contact Points (NCPs), Enterprise Europe Network, IT Helpdesk, European IPR Helpdesk, and CEN-CENELEC/ETSI Research Helpdesks.

In summary, this Horizon Europe call aims to fortify AI systems against cyberattacks and privacy breaches, fostering trustworthy AI deployments within the EU. It seeks proposals that develop robust AI models, improve detection of data manipulation, and implement privacy-enhancing technologies. The call is structured around three distinct topics, each with specific funding levels and expected outcomes, all contributing to a more secure and reliable AI ecosystem.

Eligible Applicant Types:The opportunity is open to legal entities established in EU Member States and Associated Countries. However, entities established in an eligible country but directly or indirectly controlled by a non-eligible country or entity are not allowed to participate. The specific types of legal entities eligible (e.g., SMEs, large enterprises, research institutions, universities) are not explicitly mentioned in the provided text, but can be inferred to be broad, encompassing any legal entity capable of performing the research and innovation activities described, as long as they are based in eligible countries and not controlled by ineligible entities.

Funding Type:The primary financial mechanism is a grant, specifically a HORIZON Lump Sum Grant, under the Horizon Europe Programme.

Consortium Requirement:The text does not explicitly state whether a single applicant or a consortium is required. However, the presence of a partner search function suggests that consortia are possible and perhaps encouraged, although single applicants are not necessarily excluded.

Beneficiary Scope (Geographic Eligibility):The geographic eligibility is limited to legal entities established in EU Member States and Associated Countries. Entities controlled by non-eligible countries or entities are excluded, even if established in an otherwise eligible country.

Target Sector:The program targets the cybersecurity sector, with a specific focus on enhancing the security, privacy, and robustness of AI models and systems. It addresses the increasing reliance on AI in critical infrastructure and decision-making processes.

Mentioned Countries:The opportunity explicitly mentions the 27 EU Member States, Iceland, and Norway as countries with National Cybersecurity Coordination Centres (NCCs). It also refers to non-EU/non-Associated Countries and "third-countries" more generally.

Project Stage:The opportunity encompasses both Research and Innovation Actions (RIA) and Innovation Actions (IA). This suggests that the projects can range from research and development to demonstration and validation, but with a clear path towards innovation and practical application.

Funding Amount:The funding amounts vary depending on the specific topic:

HORIZON-CL3-2026-02-CS-ECCC-01 (RIA):€20,000,000 total budget, with contributions of €3,000,000 to €4,000,000 per grant, and an indicative number of 5 grants.

HORIZON-CL3 (IA):€21,200,000 total budget, with contributions of €3,000,000 to €4,000,000 per grant, and an indicative number of 5 grants.

HORIZON-CL3-2026-02-CS-ECCC-03 (RIA):€15,000,000 total budget, with contributions of €2,000,000 to €3,000,000 per grant, and an indicative number of 4 grants.

Application Type:The application type is a single-stage call for proposals.

Nature of Support:The beneficiaries will receive money in the form of a lump sum grant.

Application Stages:There is a single stage for application.

Success Rates:The success rates cannot be determined from the provided text. The indicative number of grants and the total budget are given, but the expected number of applications is not.

Co-funding Requirement:The text does not explicitly mention a co-funding requirement. As the eligible costs will take the form of a lump sum, it is possible that no co-funding is required, but this should be confirmed in the specific call documents.

Summary:This Horizon Europe funding opportunity, managed by the ECCC, aims to enhance the security, privacy, and robustness of AI models and systems. It addresses the growing concerns about adversarial attacks, data poisoning, and vulnerabilities in AI used in cybersecurity and critical infrastructure. The call is structured around three main topics: Research and Innovation Actions with a budget of €20 million, Innovation Actions with a budget of €21.2 million, and Research and Innovation Actions with a budget of €15 million. The program seeks proposals that develop robust AI models, improve detection of manipulated training data, and address the concept of Private AI. Eligible applicants are legal entities from EU Member States and Associated Countries, with specific exclusions for entities controlled by non-eligible countries. The funding is provided as a lump sum grant, and the application process is a single-stage submission. The call encourages collaboration and provides resources for partner searches. The overall goal is to strengthen the European Union's strategic assets, interests, autonomy, and security in the face of increasing AI-related cyber threats, while also complying with the AI Act.