National Cyber Hubs

This summary outlines a significant EU funding opportunity under the Digital Europe Programme for establishing National Cyber Hubs in EU Member States, Iceland, and Norway. The call, titled DIGITAL-ECCC-2026-DEPLOY-CYBER-10-NCH, opens on December 9, 2025, with a submission deadline of May 28, 2026. Each National Cyber Hub is set to receive €2 million, aimed at enhancing national cybersecurity infrastructure and capabilities.

Eligible applicants are public sector entities designated by their Member State to act as National Cyber Hubs. The funding operates as a budget-based action grant, structured around two main components: a joint procurement action for necessary infrastructure, tools, and services, and a grant component for operational and preparatory activities.

The application process is single-stage, requiring an evaluation of both procurement and grant proposals. Each Member State is allowed a single applicant, reinforcing coordination and governance in cybersecurity efforts. The geographic scope includes all 27 EU Member States plus Iceland and Norway, effectively creating a comprehensive cybersecurity network across Europe.

The initiative focuses primarily on the cybersecurity sector, emphasizing advanced technologies for threat detection, intelligence sharing, monitoring capabilities, and the protection of critical infrastructure, including submarine cables. It aims to foster collaboration among various cybersecurity actors, enhancing situational awareness and resilience against threats.

Furthermore, applicants must show their ability to engage with other stakeholders and commit to participating in cross-border cybersecurity efforts. The call supports capacity building and knowledge transfer initiatives, including training for cybersecurity professionals based on established frameworks.

In summary, this funding opportunity seeks to bolster cybersecurity infrastructure in Europe through targeted investments in National Cyber Hubs, fostering a secure digital environment and enhancing cooperative efforts against cyber threats. The process requires strategic proposals demonstrating operational readiness and the effective use of advanced technology.

This is a call for proposals under the Digital Europe Programme (DIGITAL) focusing on CyberHUBs Capacity Building, specifically the DIGITAL-ECCC-2026-DEPLOY-CYBER-10-NCH topic. The action type is DIGITAL-JU-SIMPLE DIGITAL JU Simple Grants, with the Model Grant Agreement being a DIGITAL Action Grant Budget-Based [DIGITAL-AG]. The deadline model is single-stage, with a planned opening date of December 9, 2025, and a deadline of May 28, 2026, at 17:00 Brussels time.

The expected outcome is the establishment of world-class National Cyber Hubs across the Union, supported by state-of-the-art technology. These hubs will act as clearing houses for detecting, gathering, and storing data on cybersecurity threats, analyzing this data, and sharing and reporting Cyber Threat Intelligence (CTI), reviews, and analyses, taking into account well-established standards for sharing and automation processes. The hubs will also enhance threat intelligence and situational awareness capabilities, support capacity building, and foster strengthened collaboration between cybersecurity actors, including private and public entities. Targeted training courses based on the European Cybersecurity Skills Framework (ECSF) are also expected to improve the capacity of cybersecurity roles, along with applications for automated notification of private and public actors about compromised or insecure systems.

The objective is to enable Member States to participate in the European Cybersecurity Alert System by designating or establishing a National Cyber Hub. These hubs will serve as reference points and gateways for collecting and analyzing information on cyber threats and incidents, contributing to a Cross-Border Cyber Hub. They should be capable of detecting, aggregating, and analyzing data and information relevant to cyber threats and incidents, such as cyber threat intelligence, using state-of-the-art technologies to prevent incidents. The emphasis is on continuing activities initiated in past years, with the goal of creating or strengthening National Cyber Hubs with advanced tools for monitoring, understanding, and proactively managing cyber events in collaboration with entities like CSIRTs and ISACs. These hubs will benefit from information and feeds from other Cyber Hubs and deliver early warnings to targeted critical infrastructures. Monitoring undersea infrastructure, such as submarine cables, is also a consideration.

The scope of the call involves building capacity for new or existing National Cyber Hubs, including equipment, tools, data feeds, and costs related to data analysis and interconnection with Cross-Border Cyber Hubs. This includes automation, analysis, and correlation tools, and data feeds covering Cyber Threat Intelligence (CTI) at various levels, from field data to Security Information and Event Management (SIEM) data to higher-level CTI. Automation is crucial for efficient information handling. Established standards like the Common Security Advisory Framework (CSAF) for security advisories and the IntelMQ project for processing cybersecurity-related messages should be used. Applications developed by Cyber Hubs/SOCs should be compatible with European standardization projects like the EU vulnerability database (EUVD). National Cyber Hubs should leverage state-of-the-art technology, such as artificial intelligence and dynamic learning of the threat landscape, and use shared cybersecurity information based on existing taxonomies and/or ontologies, along with hardware for secure information exchange and storage. Operations should be built upon live network data and training data, with consideration given to SMEs as recipients of cybersecurity operational information.

A key element is translating advanced AI, data analytics, and other cybersecurity tools from research results to operational tools, testing and validating them in real conditions with access to supercomputing facilities. National Cyber Hubs could also deploy solutions for the surveillance and protection of critical undersea infrastructure, such as submarine cables, and detect malicious activities, requiring operational synergies with the EU Copernicus Space Programme.

Another key role is facilitating knowledge transfer and sharing, as well as supporting training initiatives based on the European Cybersecurity Skills Framework (ECSF). Cyber Hubs/SOCs dealing with critical infrastructures should benefit from the knowledge concentrated in National Cyber Hubs. National Cyber Hubs must share information with other stakeholders and commit to participating in a Cross-Border Cyber Hub within the next two years.

To achieve these aims, a call for expression of interest will be launched to select entities in Member States that can host and operate National Cyber Hubs. Applicants should describe the aims, objectives, role, activities, tasks, services, operationalization, duration, milestones, and deliverables of the National Cyber Hub, specifying the equipment, tools, and services needed.

Two workstreams are foreseen: a Joint Procurement Action with the Member State for procuring infrastructure, tools, and services, and a grant to cover preparatory activities, stakeholder interaction, and running costs. Applications must be made to both workstreams and will be subject to an evaluation procedure. Grants will only be awarded to applicants that have succeeded in the evaluation of the joint procurement action.

These actions aim at creating or strengthening National Cyber Hubs, which occupy a central role in ensuring the cybersecurity of national authorities, providers of critical infrastructures and essential services. Cyber Hubs, in cooperation with other relevant national/regional entities, are tasked with monitoring, understanding and proactively managing cybersecurity threats. Cyber Hubs will have a crucial operative role in ensuring cybersecurity in the Union and will handle sensitive information.

Participation is subject to restrictions under Article 12(5) of Regulation (EU) 2021/694, as specified in Appendix 3 of the Work Programme, until the mapping of services by the ECCC is completed.

Conditions for admissibility include proposal page limits and layout as described in section 5 of the call document and Part B of the Application Form. Eligible countries are described in section 6 of the call document, with other eligible conditions also in section 6. Financial and operational capacity and exclusion are detailed in section 7, while evaluation and award processes are in section 8 and the Online Manual. Award criteria, scoring, and thresholds are in section 9, and the indicative timeline for evaluation and grant agreement is in section 4. The legal and financial setup of the grants is described in section 10.

Relevant documents include the Digital Europe Cybersecurity Work Programme 2025-2027, Regulation (EU) 2021/887, the call document, application form templates (including the standard DEP form), an ownership control declaration, the appointment decision from the Member State designating the entity to act as National CyberHUB, Model Grant Agreements (MGA) including the DEP MGA, and additional documents such as the ECCC Digital Europe Cybersecurity Work Programme 2025-2027 - Consolidated Amendment 2, October 2025, DEP Regulation 2021/964, EU Financial Regulation 2024/2509, Rules for Legal Entity Validation, LEAR Appointment and Financial Capacity Assessment, EU Grants AGA, Funding & Tenders Portal Online Manual, Terms and Conditions, and Privacy Statement.

The budget for the DIGITAL-ECCC-2026-DEPLOY-CYBER-10-CBCH topic is 2,000,000 EUR, and for the DIGITAL-ECCC-2026-DEPLOY-CYBER-10-NCH topic is also 2,000,000 EUR. Both are single-stage grants with an opening date of December 9, 2025, and a deadline of May 28, 2026. One grant is indicatively available for each topic.

LEARs and Account Administrators can publish partner requests for collaboration. The submission system is planned to open on the date stated in the topic header. Applicants are advised to contact the National Cybersecurity Coordination Centres (NCC) in their country for guidance and support, or the ECCC Applicants Direct Contact Centre at applicants@eccc.europa.eu. Additional resources include the Funding & Tenders Portal FAQ, the IT Helpdesk, and the Online Manual.

In summary, this call aims to establish and strengthen National Cyber Hubs across the EU to improve cybersecurity capabilities. It involves a joint procurement action for infrastructure and a grant for operational costs. Applicants must address both workstreams and demonstrate their ability to contribute to a cross-border cybersecurity network. The focus is on using state-of-the-art technology, sharing information, and enhancing collaboration between public and private cybersecurity actors.

Eligible Applicant Types: The eligible applicant types are entities in Member States that provide the necessary facilities to host and operate National Cyber Hubs. The entity must be designated by the Member State to act as the National Cyber Hub. This suggests that the eligible applicants are likely government entities or organizations closely affiliated with the government.

Funding Type: The primary financial mechanism is a grant, specifically a DIGITAL JU Simple Grant. There is also a Joint Procurement Action involved, where the grant is awarded to applicants who succeed in the evaluation of the joint procurement.

Consortium Requirement: The information suggests a single applicant is required, which is an entity designated by a Member State to act as a National Cyber Hub. However, the National Cyber Hub must share information with other stakeholders, and commit to participate in a Cross-Border Cyber Hub within the next 2 years, indicating a need for collaboration and information exchange.

Beneficiary Scope (Geographic Eligibility): The geographic eligibility is focused on EU Member States, Iceland, and Norway. The call is specifically targeted at entities within these countries that can host and operate National Cyber Hubs.

Target Sector: The target sector is cybersecurity. The program aims to create or strengthen National Cyber Hubs with state-of-the-art tools for monitoring, understanding, and proactively managing cyber events. It focuses on enhancing threat intelligence, situational awareness, and collaboration between cybersecurity actors.

Mentioned Countries: Iceland, Norway, and the 27 EU Member States are explicitly mentioned.

Project Stage: The project stage is primarily focused on deployment and capacity building. The emphasis is on the continuation of activities initiated during past years, suggesting that the projects should be at the stage of building capacity for new or existing National Cyber Hubs. This includes equipment, tools, data feeds, and interconnection with Cross-Border Cyber Hubs.

Funding Amount: The budget overview indicates that each of the two topics, DIGITAL-ECCC-2026-DEPLOY-CYBER-10-CBCH and DIGITAL-ECCC-2026-DEPLOY-CYBER-10-NCH, has a budget of EUR 2,000,000. The indicative number of grants for each topic is 1. Therefore, the funding amount is approximately €2,000,000 per grant.

Application Type: The application type is a call for expression of interest to select entities in Member States that provide the necessary facilities to host and operate National Cyber Hubs. It is a single-stage application process.

Nature of Support: The beneficiaries will receive both money and non-monetary services. They will receive grants to cover preparatory activities, interaction and cooperation with other stakeholders, and running/operating costs. Additionally, they will benefit from the joint procurement action, which provides the main infrastructure, tools, and services needed to build up the National Cyber Hub.

Application Stages: The application process appears to be single-stage, as indicated in the budget overview section. However, applicants must succeed in the evaluation of the joint procurement action to be awarded the grant, suggesting a two-step process: application and procurement evaluation.

Success Rates: The success rate can be inferred from the budget overview, which indicates that for each topic (DIGITAL-ECCC-2026-DEPLOY-CYBER-10-CBCH and DIGITAL-ECCC-2026-DEPLOY-CYBER-10-NCH), there is an indicative number of 1 grant. This suggests a relatively low success rate, as there will likely be more than one applicant for each grant. Therefore, the success rate is likely below 10%.

Co-funding Requirement: The information does not explicitly state whether co-funding is required.

Summary:

This opportunity is a call for proposals under the Digital Europe Programme (DIGITAL) aimed at building capacity for National Cyber Hubs in EU Member States, Iceland, and Norway. The goal is to create or strengthen these hubs with state-of-the-art technology to act as clearing houses for detecting, gathering, and analyzing cybersecurity threats. The hubs will share threat intelligence and situational awareness with public and private actors, and participate in Cross-Border Cyber Hubs.

The funding is provided through DIGITAL JU Simple Grants, with an indicative budget of EUR 2,000,000 per grant. The application process involves a single-stage submission, but grants are awarded only to applicants who succeed in the evaluation of a joint procurement action. This action covers the procurement of essential infrastructure, tools, and services for the National Cyber Hubs. The grant also covers preparatory activities, operational costs, and cooperation with other stakeholders.

Eligible applicants are entities designated by their Member State to host and operate a National Cyber Hub. These hubs are expected to leverage technologies like AI, data analytics, and automation, and adhere to established standards such as the Common Security Advisory Framework (CSAF) and the EU vulnerability database (EUVD). They should also facilitate knowledge transfer and training initiatives based on the European Cybersecurity Skills Framework (ECSF).

The National Cyber Hubs are also encouraged to consider deploying solutions for the surveillance and protection of critical undersea infrastructure, such as submarine cables, and to improve the resilience and security of this infrastructure. Synergies with the EU Copernicus Space Programme are also encouraged for situational awareness.

Overall, this call aims to enhance the cybersecurity capabilities of EU Member States, Iceland and Norway by establishing robust National Cyber Hubs that can effectively monitor, understand, and manage cyber threats, and contribute to a more secure digital environment across the Union.