Implementation report of the ECCC required under Article 38(2) of Regulation (EU) 2021/887

The opportunity presented is a pre-information notice regarding a planned procurement contract by the European Commission, specifically under the Directorate-General for Communications Networks, Content and Technology (DG CNECT). This contract focuses on the preparation of an implementation report for the European Cybersecurity Industrial, Technology and Research Competence Centre (ECCC) as mandated by Article 38(2) of Regulation (EU) 2021/887.

Eligible applicants for this procurement include consulting firms, research institutions, or individuals with relevant expertise in cybersecurity policy, implementation reporting, and data analysis. The contract is categorized as a service procurement and not a grant, with a maximum total contract value set at €139,500. The nature of this contract emphasizes the need for external expertise, highlighting tasks associated with information gathering, data analysis, and drafting the implementation report.

The procurement process operates primarily as a planned negotiated procedure, indicating that it will require an expression of interest followed by negotiations rather than an only open call for tenders. Although there are no explicit restrictions on the types of organizations able to apply, the absence of a specified consortium requirement suggests that either single entities or consortia could participate.

Geographically, the contract targets entities based in the European Union or European Economic Area, aligning with the overarching mandate of the ECCC which is situated within EU institutions. The primary focus of this procurement is centered on cybersecurity, particularly the assessment and reporting related to the implementation of EU cybersecurity measures and policies.

The project stage indicates that this contract is not for preliminary research but rather for the analysis and reporting of existing frameworks and actions within the field of cybersecurity. The expected duration of the contract is six months, with an expression of interest start date on December 22, 2025, and a submission deadline on January 16, 2026. The planned date for the launch of the negotiated procedure is also January 16, 2026.

This notice emphasizes the potential for low success rates due to the competitive nature of such procedures, where typically only one or a few contractors may be selected based on the interests expressed. There is no co-funding requirement mentioned, signifying that the European Commission will cover the total contract value.

In summary, the European Commission intends to hire external expertise to draft a vital implementation report regarding cybersecurity in the EU, with a clear focus on analytical support and evidence gathering. This announcement serves to alert potential applicants of the upcoming opportunity to participate in this process.

This is a pre-information notice, not a call for tenders. It announces the European Commission's intention to publish a future negotiated low or middle value procedure.

The procedure identifier is EC-CNECT/2026/MVP/0001-EXA.

The title of the planned call for tenders is "Implementation report of the ECCC required under Article 38(2) of Regulation (EU) 2021/887".

The description is as follows: Regulation (EU) 2021/887 of the European Parliament and of the Council established the European Cybersecurity Industrial, Technology and Research Competence Centre (ECCC) and the Network of National Coordination Centres (NCCs) to strengthen the Union’s leadership and strategic autonomy in cybersecurity (hereinafter “the Regulation”). The Regulation entrusts the ECCC with the coordination of Union cybersecurity research, innovation, and industrial activities, notably under the Digital Europe Programme (DEP) and Horizon Europe. Pursuant to Article 38(2) of the Regulation, the European Commission shall prepare an implementation report, which will be submitted to the European Parliament and to the Council The implementation report shall take into account the preliminary input of the Governing Board, the national coordination centres and the Community. The Competence Centre and Member States shall provide the Commission with the information necessary for the preparation of that report. On the basis of the conclusions of the implementation report, the Commission may take appropriate actions. The contract concerns the provision of external expertise, information and data gathering and analytical support for the drafting of the above-mentioned implementation report. The contractor shall support with gathering of information and evidence, related assessment and drafting of the implementation report. The overall objective of the resulting contract would be to support the Commission in preparing the Article 38(2) implementation report and assessment of the ECCC by delivering robust, traceable evidence and analytical inputs.

The maximum total contract value is 139,500 EUR.

The procedure type is a planned negotiated procedure for a middle/low value contract.

The lead contracting authority is the European Commission, DG CNECT Communications Networks, Content and Technology.

The main classification (CPV) code is 79400000 Business and management consultancy and related services.

The nature of the contract is for services.

The maximum contract duration is 6 months.

There is no framework agreement.

Milestones:
Start date for expression of interest: 2025-12-22 Europe/Brussels
Deadline for expression of interest: 16/01/2026 06:59 Europe/Brussels
Indicative date of launch of the negotiated procedure: 2026-01-16 Europe/Brussels

Expression of interest:
Submissions must be sent exclusively at the address for submission given below.
Method of expression of interest: Electronic
Address for expression of interest: Express interest

A question and answer section is available.

One FAQ is listed:
Where can I find the procurement documents for calls for tenders with ‘ExA' in the reference? References that feature an ‘ExA’ are not calls for tenders. They are a publication announcing the contracting authority’s intent to launch in the future a low or middle negotiated procedure. Published on 03/10/2024 17:32

In summary, the European Commission, DG CNECT, intends to launch a negotiated procedure for a low or middle value contract to obtain external expertise, information, data gathering, and analytical support for drafting an implementation report required under Article 38(2) of Regulation (EU) 2021/887. This regulation established the European Cybersecurity Industrial, Technology and Research Competence Centre (ECCC) and the Network of National Coordination Centres (NCCs). The contract aims to support the Commission in preparing the report and assessing the ECCC by providing robust evidence and analytical inputs. The maximum contract value is 139,500 EUR, and the duration is 6 months. The expression of interest period begins on December 22, 2025, and ends on January 16, 2026. The indicative launch date for the negotiated procedure is also January 16, 2026. This announcement is not a call for tenders but a pre-information notice to alert potential bidders about the upcoming opportunity.

Eligible Applicant Types: The opportunity seeks external expertise, suggesting eligible applicants could include consulting firms, research institutions, individual experts, or other entities with relevant expertise in cybersecurity policy, implementation reporting, and data analysis. The specific types of organizations eligible are not explicitly defined, but the nature of the work implies organizations or individuals with experience in policy analysis, data gathering, and report writing.

Funding Type: This is a procurement opportunity, specifically a planned negotiated procedure for a middle/low value contract. The nature of the contract is for services.

Consortium Requirement: The document does not explicitly state whether a consortium is required or if a single applicant is preferred. It is possible that either a single entity or a consortium could apply, depending on the scope and expertise offered.

Beneficiary Scope (Geographic Eligibility): The geographic eligibility is not explicitly stated, but given that it is an EU funding opportunity related to the European Cybersecurity Industrial, Technology and Research Competence Centre (ECCC), it is highly likely that the eligible applicants should be based in the EU or EEA countries.

Target Sector: The primary target sector is cybersecurity, specifically focusing on the implementation and assessment of the European Cybersecurity Industrial, Technology and Research Competence Centre (ECCC) and the Network of National Coordination Centres (NCCs). It also touches upon research, innovation, and industrial activities within the digital domain. Related sectors include consulting and policy analysis.

Mentioned Countries: No specific countries are mentioned, but the opportunity is related to the European Union and its institutions, including the European Parliament, the Council, and Member States.

Project Stage: The project stage is focused on implementation reporting and assessment. The contract aims to support the European Commission in preparing an implementation report and assessment of the ECCC, indicating a focus on evaluating existing activities and outcomes rather than early-stage research or development.

Funding Amount: The maximum total contract value is 139,500 EUR. This falls into the €50k–€200k range.

Application Type: The application type is a planned negotiated procedure. This involves an expression of interest followed by a negotiated procedure, rather than an open call.

Nature of Support: The beneficiaries will receive money in exchange for services rendered. The contract is for the provision of external expertise, information and data gathering, and analytical support.

Application Stages: There are at least two stages: an expression of interest and a subsequent negotiated procedure. The exact number of stages might depend on the specifics of the negotiated procedure.

Success Rates: The success rates are not mentioned. As this is a negotiated procedure, the success rate will depend on the number of applicants expressing interest and the subsequent negotiation process. It is difficult to estimate the success rate without further information.

Co-funding Requirement: The document does not mention any co-funding requirement.

Summary: This opportunity is a planned negotiated procedure for a middle/low value contract, with a maximum value of 139,500 EUR. The European Commission, specifically DG CNECT, intends to contract external expertise to support the preparation of an implementation report and assessment of the European Cybersecurity Industrial, Technology and Research Competence Centre (ECCC) as required by Article 38(2) of Regulation (EU) 2021/887. The selected contractor will be responsible for gathering information and evidence, conducting related assessments, and drafting the implementation report. The expression of interest is to be submitted electronically, with a start date of 2025-12-22 and a deadline of 2026-01-16. The indicative date for the launch of the negotiated procedure is 2026-01-16. This is not a call for tenders but an announcement of the contracting authority's intention to publish a future negotiated procedure. The opportunity targets entities with expertise in cybersecurity policy, data gathering, and report writing, likely based in the EU or EEA.