Impact of malicious use of Open-Source Intelligence on critical infrastructure business continuity

The Horizon Europe grant opportunity identified as HORIZON-CL3-2027-01-INFRA-02 focuses on understanding the impact of the malicious use of Open-Source Intelligence (OSINT) on critical infrastructure business continuity. This funding initiative, part of the Civil Security for Society program, opens on May 5, 2027, and has a submission deadline of November 4, 2027, with a total budget of €7.67 million to fund approximately two projects at €3.835 million each. This is a single-stage application process requiring proposals to include at least three practitioners from EU Member States or Associated Countries, ensuring engagement with critical infrastructure operators, resilience authorities, or law enforcement agencies.

The projects aim to enhance awareness of how OSINT can be weaponized against critical infrastructure, ultimately creating tools and frameworks that improve incident response and business continuity. Proposals should address various dimensions of OSINT, including its role in planning hostile operations, insider threats, and threats posed by AI data processing. Applicants must analyze accessible publicly available information and its usefulness in strategic planning for malicious activities.

The funding mechanism employs a Lump Sum Grant approach, simplifying financial procedures for beneficiaries by providing fixed amounts rather than reimbursement for actual costs incurred. While co-funding is not a requirement, the engagement of critical infrastructure operators typically implies valuable in-kind contributions.

The competitive landscape is notable, given the limitation of funding to only two projects and the high number of proposals expected. The expected success rate for applicants ranges between 10% to 39%, reflecting the challenge posed by the consortium requirements and the critical nature of the security topics addressed.

Eligible applicants include a wide range of organizations from research institutions to private companies, excluding any that are directly or indirectly controlled by entities in China. The grant aims to foster multi-stakeholder collaborations that bridge academia and practice to effectively address security threats through a structured innovation action process, engaging relevant stakeholders and institutions such as the Europol Innovation Lab throughout the project's lifecycle.

This is a Horizon Europe (HORIZON) call under the Civil Security for Society 2027 program (HORIZON-CL3-2027-01). The call is for HORIZON Innovation Actions (HORIZON-IA) using a HORIZON Lump Sum Grant [HORIZON-AG-LS] Model Grant Agreement (MGA). It is a forthcoming call with a single-stage deadline model. The planned opening date is 05 May 2027, and the deadline is 04 November 2027 at 17:00:00 Brussels time.

The topic is "Impact of malicious use of Open-Source Intelligence on critical infrastructure business continuity" (HORIZON-CL3-2027-01-INFRA-02).

The expected outcomes of the projects are:
1. Improved awareness of Open-Source Intelligence (OSINT) and its potential impact on the security of operations among critical infrastructure operators and authorities.
2. Development and availability of a toolbox for OSINT mapping, including enhanced analysis and risk flagging, for relevant stakeholders.
3. Improved incident response, emergency plans, and business continuity models for critical infrastructure operators and authorities.
4. Removal of potentially harmful OSINT from the public domain to counter/prevent preparations and attempted attacks against critical entities, including lone wolf and hybrid scenarios.
5. Development of awareness campaigns and training curricula for critical entities’ employees.

The scope of the projects should address the malicious use of OSINT by offenders to retrieve information about entities and their employees for illegal actions or social engineering attacks. This is especially concerning for critical infrastructure operators as it can be used to aggregate sensitive information, identify protection gaps, and discover security measures. OSINT can also be used to impede critical infrastructure operations indirectly by gathering information and affecting their supply chains.

Proposals should analyse the type, amount, and accessibility of publicly available information and its usefulness in planning hostile operations against critical entities and their services. They should also parse the role of OSINT for identification and recruitment of insiders, identity theft, impersonation, or launching psychological operations such as foreign information manipulation and interference or disinformation. The implications of AI data processing to misuse OSINT potential should be addressed. Any potential OSINT sources should be covered including, but not limited to social media, online fora, cloud resources, public records and databases, lawfully accessible deep web and dark web data, geospatial information, as well as paper archives in the public domain with blueprints, emergency response plans or similar. Proposals should especially consider scenarios including hybrid threats and lone wolves and develop tools and awareness campaigns to mitigate such threats.

Proposals should build upon outcomes and tools of other relevant projects, adapting, optimising and integrating them when necessary to achieve the highest possible technology readiness level of the project results. The proposals funded under this topic are expected to engage with the Europol Innovation Lab during the lifetime of the project, including validating the outcomes, with the aim of facilitating future uptake of innovations for the law enforcement community. The integration of the gender dimension (sex and gender analysis) in research and innovation content should be addressed only if relevant in relation to the objectives of the research effort.

The general conditions include:
1. Admissibility Conditions: Proposal page limit and layout described in Annex A and Annex E of the Horizon Europe Work Programme General Annexes and Part B of the Application Form.
2. Eligible Countries described in Annex B of the Work Programme General Annexes. Some non-EU/non-Associated Countries have specific provisions for funding.
3. Other Eligible Conditions: Entities controlled by China are not eligible. Restrictions apply for the protection of European communication networks. The topic requires involvement as beneficiaries of at least 3 relevant practitioners from EU Member States or Associated Countries, representing critical infrastructure operators, authorities responsible for critical infrastructure resilience, law enforcement, or private companies providing security for critical infrastructure. Applicants must fill in the table “Information about security practitioners” in the application form. Projects using satellite data must use Copernicus and/or Galileo/EGNOS.
4. Financial and operational capacity and exclusion described in Annex C of the Work Programme General Annexes.
5a. Evaluation and award: Award criteria, scoring and thresholds are described in Annex D of the Work Programme General Annexes.
5b. Evaluation and award: Submission and evaluation processes are described in Annex F of the Work Programme General Annexes and the Online Manual.
5c. Evaluation and award: Indicative timeline for evaluation and grant agreement described in Annex F of the Work Programme General Annexes.
6. Legal and financial set-up of the grants: The granting authority may object to a transfer of ownership or exclusive licensing of results for up to 4 years after the end of the action. Eligible costs will take the form of a lump sum as defined in the Decision of 7 July 2021.

Specific conditions are described in the specific topic of the Work Programme.

Application and evaluation forms and model grant agreement (MGA): Application form templates are available in the Submission System, including standard application forms for HE RIA, IA, CSA, RI, PCP, PPI, COFUND, FPA, MSCA PF, MSCA DN, MSCA SE, MSCA COFUND, MSCA COFUND CE, ERC STG, ERC COG, ERC ADG, ERC POC, ERC SYG, EIC PATHFINDER CHALLENGES, EIC PATHFINDER OPEN, EIC TRANSITION, EIC STEP, and EIC Accelerator. Evaluation form templates will be used with the necessary adaptations, including standard evaluation forms for HE RIA/IA, CSA, PCP/PPI, COFUND, FPA, MSCA, and EIC PATHFINDER/TRANSITION/Accelerator. Guidance documents include the HE Programme Guide, Model Grant Agreements (HE MGA, HE Unit MGA, Lump Sum MGA, Operating Grants MGA, Framework Partnership Agreement FPA), call-specific instructions, detailed budget table (HE LS), information on financial support to third parties (HE), information on clinical studies (HE), and guidance on lump sums. Additional documents include the HE Main Work Programmes, EIC Work Programme, ERC Work Programme, HE Programme Guide, HE Framework Programme, HE Specific Programme Decision, EU Financial Regulation, Decision authorising the use of lump sum contributions, Rules for Legal Entity Validation, LEAR Appointment and Financial Capacity Assessment, EU Grants AGA, Funding & Tenders Portal Online Manual, Funding & Tenders Portal Terms and Conditions, and Funding & Tenders Portal Privacy Statement.

The budget overview for the call in 2027 includes various topics with different types of actions (HORIZON-RIA, HORIZON-IA, HORIZON-CSA, HORIZON-PCP), budgets ranging from 2,000,000 EUR to 14,000,000 EUR, single-stage submission, planned opening date of 2027-05-05, deadline of 2027-11-04, and indicative number of grants.

Partner search announcements can be viewed and edited by LEARs, Account Administrators, or self-registrants. The submission system is planned to be opened on the date stated on the topic header.

This Horizon Europe call focuses on addressing the malicious use of Open-Source Intelligence (OSINT) against critical infrastructure. The goal is to improve the awareness, preparedness, and resilience of critical infrastructure operators and authorities by developing tools, strategies, and training to mitigate the risks associated with OSINT. The call encourages proposals that analyse OSINT sources, assess their potential for hostile operations, and develop tools and awareness campaigns to counter these threats. The projects are expected to engage with the Europol Innovation Lab and build upon existing project outcomes to achieve a high technology readiness level. The funding is provided as a lump sum, and the call requires the involvement of relevant practitioners from EU Member States or Associated Countries. This initiative aims to protect critical infrastructure from evolving security threats by enhancing the understanding and management of publicly available information.

Eligible Applicant Types: The eligible applicant types include critical infrastructure operators, authorities responsible for critical infrastructure resilience, law enforcement, and private companies providing security for critical infrastructure. The call requires involvement as beneficiaries of at least 3 relevant practitioners from EU Member States or Associated Countries, representing one or several of these portfolios.

Funding Type: The funding type is a Horizon Innovation Action (HORIZON-IA) with a HORIZON Lump Sum Grant (HORIZON-AG-LS) mechanism.

Consortium Requirement: The call requires a consortium of multiple applicants. Specifically, it mandates the involvement of at least 3 relevant practitioners from EU Member States or Associated Countries as beneficiaries.

Beneficiary Scope (Geographic Eligibility): The geographic eligibility includes EU Member States and Associated Countries. A number of non-EU/non-Associated Countries that are not automatically eligible for funding have made specific provisions for making funding available for their participants in Horizon Europe projects. Entities established in an eligible country but directly or indirectly controlled by China or by a legal entity established in China are not eligible to participate in the action.

Target Sector: The target sector is Civil Security for Society, with a focus on critical infrastructure, security, cybersecurity, open-source intelligence (OSINT), artificial intelligence (AI), hybrid threats, and law enforcement.

Mentioned Countries: EU Member States, Associated Countries, China (mentioned as an entity that, if controlling an applicant, would make them ineligible).

Project Stage: The project stage is innovation action, which implies a focus on demonstrating and scaling up existing technologies and solutions. Proposals should build upon outcomes and tools of other relevant projects, adapting, optimising and integrating them when necessary to achieve the highest possible technology readiness level of the project results.

Funding Amount: The budget for the topic HORIZON-CL3-2027-01-INFRA-02 is EUR 7,670,000, with an indicative contribution of around EUR 3,835,000 per grant, and an indicative number of 2 grants. Other topics in the same call have different budget allocations.

Application Type: The application type is a single-stage call.

Nature of Support: Beneficiaries will receive money in the form of a lump sum grant.

Application Stages: The application process is a single-stage process.

Success Rates: The success rates are not explicitly mentioned, but the indicative number of grants for the topic HORIZON-CL3-2027-01-INFRA-02 is 2.

Co-funding Requirement: The presence or absence of a co-funding requirement is not explicitly stated.

Summary: This Horizon Europe call, under the Civil Security for Society program, aims to address the malicious use of Open-Source Intelligence (OSINT) and its impact on the business continuity of critical infrastructure. The call seeks proposals that analyse the accessibility and utility of publicly available information for planning hostile operations, including the role of AI in processing OSINT, and the implications for insider recruitment, identity theft, and disinformation campaigns. Projects should develop tools, awareness campaigns, and training curricula to mitigate these threats, with a focus on hybrid threats and lone wolf scenarios. The call encourages building upon existing project outcomes and engaging with the Europol Innovation Lab. Eligible applicants include critical infrastructure operators, authorities responsible for critical infrastructure resilience, law enforcement, and private security companies from EU Member States and Associated Countries. The funding mechanism is a lump sum grant, and the application process is a single-stage submission. The topic HORIZON-CL3-2027-01-INFRA-02 has a budget of EUR 7,670,000 and aims to fund approximately 2 projects with around EUR 3,835,000 each.