Strengthening Cybersecurity of micro, small and medium-sized enterprises

The grant opportunity titled "Strengthening Cybersecurity of micro, small and medium-sized enterprises" has a total budget of €1,970,000 and is part of the Digital Europe Programme, specifically under the project "Deploying Croatian Nacional Coordination Center," acronymed as NCC-HR. The grant agreement number is 101195170, and the call for applications opens on September 1, 2025, with a submission deadline of November 21, 2025, at 17:00 Brussels time.

This opportunity primarily targets micro, small, and medium-sized enterprises (SMEs) in Croatia, aiming to enhance their cybersecurity capabilities through various activities. Applicants are required to choose at least one action from a minimum of two defined groups, which include:

1. Certification and Compliance: Activities aimed at achieving compliance with recognized security standards like ISO 27001, which may involve implementing security management systems, performing self-assessments, and obtaining certification from accredited bodies.
2. Education: Initiatives focused on improving staff competencies through training and workshops related to cybersecurity management systems and general cybersecurity awareness.
3. Security Testing: Activities including penetration testing, vulnerability assessments, and incident response planning to evaluate and enhance current security measures.

The grant functions as a non-repayable funding mechanism, specifically designed to provide financial support to eligible SMEs for implementing cybersecurity measures. The application process includes administrative checks, eligibility verification, and an evaluation against predefined criteria. Individual SMEs can submit applications with no consortium requirements, as the focus is on single applicant submissions.

The grant's emphasis is on practical deployment and implementation of cybersecurity improvements rather than early research stages, thereby aligning with broader EU cybersecurity objectives. Although the funding amount per project is not specified, the total funding is to be distributed among multiple successful applicants. Detailed information about the application process, including submission guidelines, can be found on the Croatian National Coordination Centre's website.

Overall, this initiative reflects the EU's commitment to enhancing cybersecurity measures across all business sizes, particularly within the SME sector, which often faces unique challenges in accessing resources for effective cybersecurity measures.

The NCC-HR project, co-funded by the European Union under the Digital Europe Programme (DIGITAL), grant agreement No 101195170, offers financial support to third parties to strengthen the cybersecurity of micro, small, and medium-sized enterprises (SMEs).

The call for proposals aims to support SMEs in implementing activities that improve their cybersecurity. Applicants must select at least one activity from a minimum of two different groups of activities.

The opening date for submissions is 01 September 2025. The deadline for submissions is 21 November 2025 at 17:00 (Brussels time). This is a single-stage submission model.

The total funding available is 1,970,000.00 €.

The project acronym is NCC-HR. The full name of the EU-funded project is Deploying Croatian Nacional Coordination Center. The grant agreement number is 101195170. The topic is DIGITAL-ECCC-2024-DEPLOY-NCC-06-MS-COORDINATION - Deploying The Network of National Coordination Centres with Member States.

Applications must be submitted within the specified deadline. Proposals are evaluated after the call closure based on eligibility and quality criteria. The evaluation process includes an administrative check, eligibility check, and assessment against predefined award criteria. Only proposals meeting the eligibility requirements and achieving the minimum score may be recommended for funding. Applicants will be notified of the results and invited to sign the grant agreement. Project submissions must be made through the IT portal at projekti.nks.hr.

Detailed information about the call, including eligibility criteria, application procedures, and supporting documents, is available on the official website of the National Coordination Centre - Croatia (NCC-HR) at nks.hr/poziv.

The activities are divided into three groups:

Group 1: Certification and compliance - activities to achieve and demonstrate compliance with applicable security standards and regulatory requirements (e.g., internal cybersecurity self-assessment under the Cybersecurity Act; implementation of measures based on the self-assessment; preparation and/or implementation of a cybersecurity management system aligned to ISO 27001/27002/27005/22301/27032 or similar; certification of the management system by an accredited body).

Group 2: Education - activities that strengthen staff competencies through specialized trainings, workshops, and awareness-raising (e.g., trainings on implementing measures based on a self-assessment or completed security testing; trainings related to the introduction and/or certification of a cybersecurity management system per internationally recognized standards; general cybersecurity trainings).

Group 3: Security testing - activities such as penetration testing and other assessments to evaluate and improve security (e.g., internal/external/application penetration testing; vulnerability scanning and assessments; social-engineering exercises; risk assessments; development and exercising of incident response and recovery plans).

In summary, this EU-funded project, managed by the Croatian National Coordination Centre (NCC-HR) under the Digital Europe Programme, provides financial support to micro, small, and medium-sized enterprises (SMEs) in Croatia to enhance their cybersecurity. SMEs can apply for funding to implement various cybersecurity-related activities, such as achieving compliance with security standards, providing cybersecurity education and training to their staff, and conducting security testing and assessments. To be eligible, applicants must select activities from at least two of the three defined groups: certification and compliance, education, and security testing. The application process involves submitting a proposal through the designated IT portal, which will then be evaluated based on eligibility and quality criteria. Successful applicants will be notified and invited to sign a grant agreement. The overall goal is to strengthen the cybersecurity posture of SMEs in Croatia, contributing to a more secure digital environment within the European Union.

Eligible Applicant Types: Micro, small and medium-sized enterprises (SMEs).

Funding Type: Grant (financial support to third parties, cascade funding).

Consortium Requirement: Single.

Beneficiary Scope (Geographic Eligibility): This opportunity is specifically managed by the National Coordination Centre - Croatia (NCC-HR), so it is highly likely that the geographic eligibility is limited to entities registered and operating in Croatia.

Target Sector: Cybersecurity.

Mentioned Countries: Croatia.

Project Stage: The project stage is for implementation of activities that contribute to improving the cybersecurity of the enterprise, suggesting a development or validation stage.

Funding Amount: The total funding available is €1,970,000.00. The funding range for individual projects is not specified in the provided text, but it will likely be variable depending on the scope of the proposed activities.

Application Type: Open call.

Nature of Support: Money.

Application Stages: The application process includes an administrative check, eligibility check, and assessment against predefined award criteria, suggesting at least 3 stages.

Success Rates: The success rate is not explicitly mentioned, but the text indicates that only proposals meeting the eligibility requirements and achieving the minimum score may be recommended for funding, suggesting a competitive process.

Co-funding Requirement: The text does not explicitly mention a co-funding requirement from the applicant.

Summary:

This opportunity is a call for proposals managed by the Croatian National Coordination Centre (NCC-HR) and co-funded by the European Union under the Digital Europe Programme. The primary goal is to strengthen the cybersecurity of micro, small, and medium-sized enterprises (SMEs) in Croatia. The funding will be distributed as grants to selected SMEs that propose activities to improve their cybersecurity posture. The total funding available is €1,970,000.00.

To be eligible, applicants must be SMEs and propose activities that combine at least one activity from a minimum of two different groups:

Group 1: Certification and compliance, including activities to achieve and demonstrate compliance with applicable security standards and regulatory requirements, such as internal cybersecurity self-assessment under the Cybersecurity Act, implementation of measures based on the self-assessment, preparation and/or implementation of a cybersecurity management system aligned to ISO 27001/27002/27005/22301/27032 or similar, and certification of the management system by an accredited body.

Group 2: Education, including activities that strengthen staff competencies through specialized trainings, workshops, and awareness-raising, such as trainings on implementing measures based on a self-assessment or completed security testing, trainings related to the introduction and/or certification of a cybersecurity management system per internationally recognized standards, and general cybersecurity trainings.

Group 3: Security testing, including activities such as penetration testing and other assessments to evaluate and improve security, such as internal/external/application penetration testing, vulnerability scanning and assessments, social-engineering exercises, risk assessments, and development and exercising of incident response and recovery plans.

The application process involves an administrative check, eligibility check, and assessment against predefined award criteria. The deadline for submissions is November 21, 2025, at 17:00 (Brussels time). Project submissions must be made through the IT portal at projekti.nks.hr. Detailed information about the call, including eligibility criteria, application procedures, and supporting documents, is available on the official website of the National Coordination Centre - Croatia (NCC-HR) at nks.hr/poziv.