Support services in relation to EU cybersecurity certification schemes and CRA implementation

ENISA call ENISA/2026/OP/0007 seeks to award mixed multiple framework contracts (up to 5 contractors) for expert support on EU cybersecurity certification schemes and interplay with the Cyber Resilience Act, with a framework ceiling of €2,000,000 and maximum duration of 48 months. Submission is exclusively electronic via the EU Funding & Tenders Portal with a deadline for receipt of tenders on 17 April 2026 at 10:00 Europe/Athens, and the procedure is restricted under the Digital Europe Programme with mandatory Ownership and Control Assessment for all involved entities. Selection requires consolidated financial and technical capacity (average turnover > €500,000 over the last three years and extensive project references) and award will be by best price-quality ratio (price 30%, quality 70%) subject to minimum quality thresholds. Required submission documents include the Financial Offer (Annex 6), Simplified Financial Statement (Annex 7), project references (Annex 8), Declaration on Honour (Annex 2) and Ownership and Control Declaration (Annex 11).

Tender snapshot

Essential facts

Buyer:European Union Agency for Cybersecurity (ENISA). Procedure: open tender (ENISA/2026/OP/0007) to award mixed multiple framework contracts (up to 5 contractors) for services supporting EU cybersecurity certification schemes and interaction with the Cyber Resilience Act.

Estimated budget:Indicative total value €2 000 000; framework contracts for up to 48 months; specific purchases through specific contracts under the framework.

1. 1What is funded: documentation, market analysis, scheme development and maintenance, training materials, testing/tool support and related support services for EU cybersecurity certification and CRA implementation.
2. 2Who can apply: economic operators established in EU Member States or EEA (Norway, Iceland, Liechtenstein) meeting Digital Europe Programme access/control restrictions (EU/EEA establishment and control), including sole tenderers or joint tenders; subcontracting permitted with rules and identified subcontractor requirements.
3. 3Award method and evaluation: best price-quality ratio (price 30%, quality 70%); minimum quality thresholds apply; framework agreements partly with and partly without reopening of competition.
4. 4How to apply: electronic submission only via the EU eSubmission system on the Funding & Tenders Opportunities Portal; registration in the Participant Register (PIC) and completion of Ownership and Control Assessment (OCA) required.
5. 5Key dates: deadline for receipt of tenders 17-04-2026 10:00 Europe/Athens; public opening 17-04-2026 13:00 Europe/Athens; contracting authority will not reply to questions submitted after 09-04-2026 23:59 Europe/Athens.

Interested bidders must follow the tender specifications and annexes available on the Funding & Tenders Opportunities Portal and upload required administrative, technical and financial documents; failure to follow mandatory templates (financial model, declarations, annexes) may lead to rejection ¹.

Footnotes

1. 1Procurement documents, templates and submission are available on the F&T Portal invitation page: F&T Portal tender page.

Lead contracting authority:European Union Agency for Cybersecurity (ENISA). Procedure type: Open procedure. Nature of the contract: Services. Framework setup: Mixed multiple framework contracts with up to 5 contractors, partly without reopening and partly with reopening of competition. Award method: Best price-quality ratio. Main CPV: 79131000 Documentation services. Estimated total value (framework ceiling): €2,000,000. Maximum duration: up to 48 months. TED publication: 03/03/2026. Deadline for receipt of tenders: 17/04/2026 10:00 Europe/Athens. Public opening: 17/04/2026 13:00 Europe/Athens. Q&A latest date the authority is not bound to reply after: 09/04/2026 23:59 Europe/Athens. Announcement: submission deadline extended to 17-04-2026 and Administrative Specifications updated (Annex I, Part 1 F-CCU-26-T03 Rev.1-March 2026). Address: ENISA, Agamemnonos 14, Chalandri, Attiki, GR-15231 Athens, Greece. Portal reference and documents are available at the EU Funding & Tenders Portal.

Purpose and scope:ENISA will contract external support services to underpin EU cybersecurity certification schemes and their interplay with other relevant legislation, notably the Cyber Resilience Act (CRA). The framework will supply specialized expertise for scheme development and maintenance, market analysis, guidance, capacity building, training, evaluation practices, and tool development connected to certification.

Eligibility, access, and participation rules

Access to this procurement is restricted under the Digital Europe Programme (DEP) cybersecurity work programme. Participation is open on equal terms to entities within the scope of the EU Treaties and to EEA-EFTA countries associated to DEP, with additional ownership and control requirements. All participating entities must be established or deemed established in EU Member States or EEA EFTA countries and must be directly or indirectly controlled by Member States or by nationals of Member States or by EEA EFTA nationals, as specified in the administrative specifications. The WTO GPA does not apply. Entities subject to EU restrictive measures prohibiting making funds available are not eligible. All involved entities must undergo Ownership and Control Assessment (OCA) and submit the Ownership and Control Declaration (Annex 11), guided by Annex 10 and Annex 12. Registration in the European Commission Participant Register and obtaining a PIC is mandatory for each involved entity. The tender may be submitted in any official EU language; however, English versions of procurement documents are the authentic texts. Submission is exclusively electronic via eSubmission through the Funding & Tenders Portal.

What ENISA plans to buy (indicative technical scope)

Detailed tasks are defined in Tender Specifications Part 2 (Technical specifications). Based on Part 1 administrative specifications and selection criteria, the service scope includes, at least: market analysis and documentation around certification acceptance, mapping to existing schemes, and analysis of synergies and market impacts; development and maintenance of cybersecurity certification schemes, including surveying requirements, feasibility and impact assessments, risk assessments, and drafting scheme requirements; development of testing tools, particularly for cryptographic solutions; drafting guidance on key certification topics and competence/capacity-building materials; preparing training material and organizing or delivering trainings on cybersecurity certification; support to evaluation and certification practices, including ISMS evaluation (ISO/IEC 27000 series), ICT product evaluation and certification, enabling and managing evaluation labs and quality assurance for labs; general documentation services in support of certification workstreams and the CRA interplay.

Procurement structure and implementation

• Framework form: Mixed multiple framework contracts with up to 5 contractors. Specific contracts may be awarded by ranking order using objective conditions or via reopening of competition among framework contractors, as defined in the Technical specifications.
• Ceiling and repetition: Framework ceiling is €2,000,000. Within three years after signature, ENISA may, via negotiated procedure, procure new similar services up to 50% of the initial ceiling with the framework contractors.
• Duration: Up to 48 months.
• Security: Contractors must comply with ENISA security requirements. Any costs for security background checks or clearances are borne by the contractor.
• Electronic exchanges: ENISA may mandate an electronic exchange system compliant with Article 151 Financial Regulation for contract implementation.

Administrative timetable and submission

• Submission method: Electronic via eSubmission only. No email or paper submissions.
• Deadline for tenders: 17/04/2026 10:00 Europe/Athens. Public opening: 17/04/2026 13:00 Europe/Athens.
• Q&A: Requests via the Portal; ENISA not bound to reply to questions submitted after 09/04/2026 23:59 Europe/Athens.
• Validity: Tender validity period as indicated in the contract notice applies.
• Attendance at opening: Up to two representatives per tenderer may attend the virtual opening upon prior email request, providing the required details and submission receipt.
• Language: Any official EU language. Procurement documents are in English and are the authentic versions.
• PIC registration: Each involved entity must have a PIC; OCA applies to sole tenderers, group leaders and members, all subcontractors, and entities on whose capacities the tenderer relies.

Selection and exclusion criteria

Exclusion and restrictive measures

Standard exclusion grounds under Article 138(1) of the Financial Regulation apply. A Declaration on Honour on exclusion and selection criteria (Annex 2) is required with the tender. ENISA will consult the Early Detection and Exclusion System (EDES). Evidence from the presumed successful tenderer will be requested before award. All involved entities must not be subject to EU restrictive measures (asset freeze, prohibition to make funds available). Professional conflicting interests that may negatively affect performance constitute grounds for rejection.

Legal and regulatory capacity

• Criterion L1: Enrolment in a relevant trade or professional register. Basis: applies to each involved entity for its tasks. Evidence: proof of enrolment.

Economic and financial capacity

• Criterion F1: Average yearly turnover over the last three closed financial years above €500,000. Basis: consolidated at tenderer level (combined capacities). Evidence required with tender: profit and loss accounts and balance sheets for the last three closed years for each contributing entity, and Annex 7 Simplified Financial Statement.

Technical and professional capacity

Capacities of other entities may be relied upon only if those entities will perform the works or services for which those capacities are required. Evidence must be provided with the tender.

• Criterion T1: Team capacity. A capable and available team to carry out tasks in the Technical Specifications Part 2. Evidence: CVs for all team members (preferably Europass), indicating EQF level, English proficiency per CEFR, professional experience, technical expertise, exact start/end dates per position, and contractual link to the tenderer. ENISA may verify via interviews or desk research.
• Criterion T2: Market analysis and documentation for certification. Minimum: at least 32 similar projects in the last 3 years, each with value ≥ €20,000; tenderer’s share ≥ 50% of each. Evidence: Annex 8 Project References List with client details, dates, amounts, descriptions; statements may be requested.
• Criterion T3: Development and maintenance of certification schemes. Minimum: at least 31 similar projects in the last 3 years, each with value ≥ €22,000; tenderer’s share ≥ 50%. Evidence: Annex 8 as above.
• Criterion T4: Experience in at least 2 of the listed topics: software development of testing tools for cryptographic solutions; preparing training material, delivering and organising trainings on cybersecurity certification; development of guidance and competence/capacity-building material; software development of testing tools as specified in the technical description. Minimum: at least 2 similar projects in the last 3 years, each with value ≥ €20,000; tenderer’s share ≥ 50%. Evidence: Annex 8 as above.
• Criterion T5: Drafting training material and organising trainings on cybersecurity certification. Minimum: at least 3 similar projects in the last 3 years, each with value ≥ €15,000; tenderer’s share ≥ 50%. Evidence: Annex 8 as above.
• Criterion T6: Experience in at least one of: ISMS evaluation and certification based on ISO/IEC 27000; evaluation and certification of ICT products; enabling/managing evaluation labs and QA processes for labs; software development for cryptographic testing tools. Minimum: at least 1 similar project in the last 3 years, value ≥ €20,000; tenderer’s share ≥ 50%. Evidence: Annex 8 as above.

Award criteria and evaluation

Evaluation follows administrative compliance, access to procurement, non-exclusion, selection criteria, and tender compliance. Quality is weighted at 70% and price at 30%.

• Quality sub-criterion 1: Technical Quality and Relevance with technical specifications (max 15 points).
• Quality sub-criterion 1 (methodology and organisation detail): Approach and Methodology (max 6), Organisation of work including collaboration with ENISA (max 3), Contract Management including team organisation and backup policy (max 3), Quality Assurance and risk management (max 3). Total 15 points.
• Quality sub-criterion 2: Quality of the Team Members assigned (advantageous criteria as per Technical specifications sections 2.7.1 and 2.7.2) (max 20 points).
• Quality sub-criterion 3: Response to Scenario 1 — Technical Approach (max 12), Resource Allocation (max 8), Risk Management (max 5) (max 25 points).
• Quality sub-criterion 4: Response to Scenario 2 — Technical Approach (max 12), Resource Allocation (max 8), Risk Management (max 5) (max 25 points).
• Scoring scale descriptors from Inadequate (0%) to Outstanding (100%) apply. Tenders scoring below 50% on any sub-criterion or below 75% overall are eliminated.
• Ranking formula: Total Score = Price Score + Quality Score, where Price Score = (Cheapest price / Price of tender X) × 100 × 30%, Quality Score = (Total quality score out of 100) × 70%. Ties are broken in favour of the lower price.
• Abnormally low tenders may be rejected per the Financial Regulation.

Contracting form, lots, and consortiums

No division into lots. Joint tenders are permitted. All group members are jointly and severally liable and must sign the Agreement/Power of Attorney (Annex 3). Subcontracting is permitted; identified subcontractors must be listed (Annex 4) and provide commitment letters (Annex 5.1). Entities on whose capacities the tenderer relies must provide commitment letters (Annex 5.2). Cross-subcontracting among tenderers is forbidden. Changes in group composition or identified subcontractors after submission require ENISA’s prior approval and are limited to specific cases such as universal succession.

Financial terms and pricing

• Currency: Euro.
• Prices: Quoted free of all duties, taxes, and charges, including VAT exemption under the Protocol on the Privileges and Immunities of the European Union.
• Financial offer: Mandatory use of Annex 6 Financial Offer form (Excel). Daily rates for Junior Expert, Senior Expert, Project Manager must be provided. Two evaluation scenarios are included with predefined person-day splits. All yellow cells must be filled with numbers greater than zero; formulas must not be altered.
• Contractor costs: All tender preparation and opening attendance costs, as well as any security clearance costs, are borne by tenderers.

Data protection and confidentiality

Personal data are processed under Regulation (EU) 2018/1725. Tenderers must specify in the technical tender if any personal data will be processed or stored outside the EU/EEA; otherwise, ENISA will consider that processing and storage are within the EU/EEA. Tenders become ENISA’s property upon opening and are treated confidentially. Limited disclosure may occur for evaluation and legal obligations. Post-award, ENISA may share the winner’s name, characteristics and relative advantages, and total financial offer amount, withholding trade secrets and confidential details as necessary.

Templates and required documents (structure and use)

All templates are provided on the Funding & Tenders Portal and must be completed as specified. Failure to upload the technical and financial tenders results in rejection. Key templates and their structure are as follows.

• Annex 1 List of documents to be submitted: Comprehensive checklist mapping each document to the relevant party (sole tenderer, group leader, group member, identified subcontractor, relying entity), the file naming, and where to upload it in eSubmission. Includes Administrative Identification Form (Annex 9), Declaration on Honour (Annex 2), authorisation to sign evidence, Agreement/Power of Attorney (Annex 3), List of identified subcontractors (Annex 4), Commitment letters (Annex 5.1, 5.2), legal capacity evidence, financial capacity evidence (balance sheets, P&L, Annex 7), technical capacity evidence (Annex 8, CVs), and the Technical and Financial tenders.
• Annex 2 Declaration on Honour: Single form covering exclusion criteria, selection criteria, restrictive measures, established debts to the Union, and independence of tender preparation; to be signed by authorised representative(s) with QES preferred or handwritten signature. Contains detailed self-declarations and references to acceptable evidence.
• Annex 3 Agreement/Power of Attorney: To be signed by all group members, appointing a group leader empowered to submit, sign, manage communications, and handle payments; establishes joint and several liability and contract administration arrangements.
• Annex 4 List of identified subcontractors: Table capturing subcontractor identification, tasks, and proportion of subcontracting; also captures non-identified subcontractors’ aggregated share and intended roles.
• Annex 5.1 Commitment letter by identified subcontractor: Confirms availability of resources, acceptance of procurement terms including audit and checks, and absence of conflicting interests.
• Annex 5.2 Commitment letter by relying entity (non-subcontractor): Confirms reliance for financial/technical capacity and resource availability; states acceptance of checks and audits and absence of conflicting interests.
• Annex 6 Financial Offer form: Multi-sheet Excel with locked formulas. Page 1 enters daily rates for Junior Expert, Senior Expert, Project Manager. Page 2 Scenario A person-day split: 40 expert days (70% Junior, 30% Senior) plus 10% extra expert days and 4 Project Manager days; totals computed automatically. Page 3 Scenario B person-day split: 100 expert days (70% Junior, 30% Senior) plus 10% extra expert days and 10 Project Manager days; totals computed automatically. Page 4 Overall price summary and signature block. Mandatory to upload the original Excel and a signed PDF printout of all pages.
• Annex 7 Simplified Financial Statement: Spreadsheet to input last three closed financial years data (assets, liabilities, equity, turnover, gross operating profit, net profit), with declaration acknowledging possible request for official financial statements before contract signature.
• Annex 8 Project References List: Per-project form including customer, contact details, amount, timing, completion percentage, tenderer’s share, public links/documents, and a 200–300 word description. Tenderers must mark which selection criterion each project satisfies. Declaration by authorised representative confirms accuracy and awareness of sanctions for false declarations.
• Annex 9 Administrative Identification Form: Captures identification details for each participant and is uploaded under the correct party in eSubmission.
• Annex 10 Explanatory Note on Exclusion Criteria on non-EU controlled entities: Guidance supporting the DEP restricted access and control requirements.
• Annex 11 Ownership and Control Declaration form: Mandatory OCA self-assessment for all involved entities, to support validation of EU/EEA control.
• Annex 12 Guidance for participation in DEP restricted calls: Practical instructions on OCA and validation by the Central Validation Service.

Categorisation and structured information

Eligible Applicant Types:Economic operators established and controlled in the EU or EEA EFTA under DEP restrictions, including SMEs, large enterprises, specialist cybersecurity consultancies, certification bodies, testing and evaluation laboratories, software and cryptography tool developers, universities, research institutes, nonprofit organisations, and natural persons with the required capacity. Public bodies and agencies established and controlled within the eligible jurisdictions may also participate. Joint tenders and subcontracting structures are allowed subject to rules and OCA.

Funding Type:Procurement: Services framework contract(s). Payments against specific contracts and deliverables; not a grant.

Consortium Requirement:Single tenderers or joint tenders are permitted. No obligation to form a consortium. Up to 5 contractors will be awarded framework contracts.

Beneficiary Scope (Geographic Eligibility):EU Member States and EEA EFTA associated countries to DEP (Norway, Iceland, Liechtenstein) with mandatory EU/EEA control. WTO GPA access does not apply.

Target Sector:Security/cybersecurity; CRA implementation support; certification and conformity assessment; ICT products and services; cryptography testing tools; training and capacity building; standards and ISMS (ISO/IEC 27000 series); software services; guidance and documentation.

Mentioned Countries:Greece; Norway; Iceland; Liechtenstein; EU Member States (regionally referenced). Time zone: Europe/Athens.

Project Stage:Professional services implementation across development, documentation, validation, capacity building, and delivery in support of EU cybersecurity certification schemes and CRA interplay.

Funding Amount:Framework ceiling €2,000,000 over up to 48 months, with potential negotiated procedure to repeat similar services up to +50% of the initial ceiling within three years after signature. Individual specific contract values will vary.

Application Type:Open call for tenders via the EU Funding & Tenders Portal eSubmission.

Nature of Support:Money: service fees paid to contractors under specific contracts. No co-funding by beneficiaries; prices quoted are net of taxes and charges.

Application Stages:Single-stage submission and evaluation, including administrative compliance, exclusion checks, selection criteria verification, and award evaluation. Public opening follows submission. OCA and legal/financial validation may occur during the procedure.

Success Rates:Not published. Award will be made to up to the top 5 ranked tenders meeting all requirements based on best price-quality ratio and subject to minimum quality thresholds.

Co-funding Requirement:No co-funding. Contractors invoice for services rendered under the framework. Tender preparation, participation in opening, and any security clearance costs are borne by tenderers.

Compliance and legal references

• Financial Regulation: Regulation (EU, Euratom) 2024/2509.
• DEP legal basis and cybersecurity work programme restrictions.
• Regulation (EU) 2018/1725 on data protection for EU institutions.
• Directive 2014/24/EU Annex X obligations on environmental, social, and labour law.
• EU restrictive measures under Article 29 TEU and Article 215 TFEU.
• Trade secrets definition per Directive (EU) 2016/943.

Contacts and useful links

• Funding & Tenders Portal tender page: Support services in relation to EU cybersecurity certification schemes and CRA implementation.
• eSubmission guidance and system requirements pages.
• ENISA procurement mailbox for opening session attendance requests and information after opening: procurement@enisa.europa.eu.
• ENISA Procurement Privacy Statement and EDES information as referenced in the invitation letter.

Summary and explanation

This is an EU procurement by ENISA to establish up to five framework contracts, totaling up to €2 million over four years, to provide specialized services supporting EU cybersecurity certification schemes and the implementation interplay with the Cyber Resilience Act. Contractors will deliver expert services across market analysis, scheme development and maintenance, drafting of requirements, guidance, training materials and courses, competence and capacity building, as well as evaluation and certification know-how, including ISMS and ICT product evaluation practices and cryptographic testing tools. The process is an open procedure using the EU Funding & Tenders Portal’s eSubmission. Access is restricted under the Digital Europe Programme to EU and EEA EFTA established and controlled entities, with a mandatory ownership and control assessment for all involved participants and subcontractors. Selection requires a robust, demonstrable track record over the last three years, including extensive portfolios in certification market analysis and scheme development, plus targeted experience in training, guidance, evaluation, labs, ISMS, and cryptographic testing tools. Financial robustness is evidenced by an average annual turnover exceeding €500,000. Award is based on best price-quality ratio with quality weighted at 70%, determined by methodology, organisation, team quality, and responses to two scenarios, and price weighted at 30%. Tenders must use and correctly complete all mandatory templates, particularly the Financial Offer Excel with fixed daily rates for junior, senior, and project manager profiles and scenario-based costing. No co-funding is required; payments are made for services under specific contracts. The framework allows ENISA to order services via direct award based on objective conditions or through mini-competitions among the awarded contractors. Strict rules govern groupings, subcontracting, conflicts of interest, and security obligations, while data protection and confidentiality requirements apply throughout. The opportunity is well-suited to experienced cybersecurity certification consultancies, evaluation labs, universities and research bodies, and specialist firms capable of delivering high-quality, scheme-related documentation, tools, and training under EU legislative frameworks.

Footnotes

1. 1Call page and documents: Funding & Tenders Portal listing for ENISA/2026/OP/0007 ENISA tender page. Invitation to tender PDF and Administrative Specifications are accessible from the same page.

This open tender procedure seeks to establish mixed multiple framework contracts with up to 5 contractors to provide expert services supporting ENISA's activities in developing, maintaining, and reviewing EU cybersecurity certification schemes, including interplay with the Cyber Resilience Act (CRA) and other relevant legislation.

Procurement Overview

Contracting authority:European Union Agency for Cybersecurity (ENISA), Athens, Greece. Procedure type: Open procedure under the Financial Regulation. Nature: Services (CPV 79131000 - Documentation services). Estimated total value: €2,000,000. Maximum duration: 48 months. Award method: Best price-quality ratio (Price 30%, Quality 70%). Framework agreement: Mixed multiple (up to 5 contractors), partly without reopening and partly with reopening of competition.

Key Deadlines:Deadline for receipt of tenders: 17 April 2026, 10:00 Europe/Athens (extended from original date). Public opening: 17 April 2026, 13:00 Europe/Athens. Questions cutoff: 9 April 2026, 23:59 Europe/Athens.

TED references:43/2026 147953-2026 (initial), 50/2026 00173076-2026 (change notice with deadline extension and Annex I Part 1 update). Submission: Exclusively electronic via eSubmission on the EU Funding & Tenders Portal EU Funding & Tenders Portal.

Eligibility and Participation Rules

Open to natural/legal persons within EU Treaties scope, international organisations, or third-country entities with EU procurement agreements (WTO GPA excluded). Restricted under Digital Europe Programme: Entities must be established in EU/EEA (Norway, Iceland, Liechtenstein) and controlled by EU/EEA nationals or states. Mandatory Ownership and Control Assessment (OCA) via Annex 11 declaration; Explanatory Note in Annex 10. All involved entities (tenderers, group members, subcontractors, capacity-reliance entities) subject to OCA.

• No EU restrictive measures applicable to any involved entities or subcontractors.
• Sole tenderers, joint tenders (with group leader), subcontracting allowed (identified subcontractors >20% share or for selection criteria must provide Annex 5.1 commitment).
• Reliance on other entities' capacities permitted (Annex 5.2 commitment). Cross-subcontracting forbidden.
• Registration in Participant Register required for PIC.

Selection Criteria

Consolidated assessment for tenderer as a whole (involved entities combined). Evidence required with tender.

Economic and Financial Capacity (F1)

Average yearly turnover last 3 years >€500,000. Evidence: Profit/loss accounts, balance sheets (last 3 years), Annex 7 Simplified Financial Statement.

Technical and Professional Capacity

• T1: Team with minimum members by experience level (per Technical Specs 2.7). Evidence: CVs (Europass preferred, EQF/CEFR levels, exact dates).
• T2: >=32 projects (last 3 years, each >=€20,000, tenderer share >=50%) in market analysis of certification. Evidence: Annex 8 list.
• T3: >=31 projects (last 3 years, each >=€22,000, tenderer share >=50%) in certification scheme development/maintenance.
• T4: >=2 projects (last 3 years, each >=€20,000, tenderer share >=50%) in software dev/testing tools, training, or guidance.
• T5: >=3 projects (last 3 years, each >=€15,000, tenderer share >=50%) in cybersecurity certification training material/organisation.
• T6: >=1 project (last 3 years, >=€20,000, tenderer share >=50%) in ISMS evaluation, ICT product cert, eval labs, or crypto testing tools.

Legal/Regulatory:Enrolment in trade/professional register (each involved entity). Declaration on Honour (Annex 2) required from all involved entities.

Award Criteria and Evaluation

Ranking:TS = (Cheapest price / Tender X price * 100 * 30%) + (Quality score * 70%). Technical tender <=25 pages. Financial: Fixed daily rates (Junior/Senior/Project Manager) via Annex 6 Excel (scenarios for evaluation, binding rates).

Scope of Services

Detailed in Tender Specs Part 2 (not fully scraped). Supports ENISA certification under Cybersecurity Act: drafting requirements/specs, national scheme support, standards analysis, scheme maintenance, guidance/competence building, software dev (testing tools), market analysis, training. Interplay with CRA.

Required Documents (Annex 1)

1. 1Administrative Identification Form (Annex 9).
2. 2Declaration on Honour (Annex 2).
3. 3Power of Attorney (joint tenders, Annex 3).
4. 4Subcontractors list (Annex 4), commitments (Annex 5.1/5.2).
5. 5Financial: Annex 6 (Excel + signed PDF), Annex 7.
6. 6Technical: CVs, Annex 8 references.
7. 7Ownership/Control (Annex 11), Explanatory Note (Annex 10).

16 documents available on portal, including updated Annex I Part 1 (v2, 12 March 2026). Q&A: 1 public item on eligibility/OCA.

Additional Applicant Considerations

• Prepare OCA documents early; Central Validation Service may request anytime.
• No variants allowed; comply with min requirements.
• Security, fraud prevention, environmental/equal opportunities obligations apply.
• Abnormally low tenders may be rejected.

Full documents:Primary Opportunity ENISA Certification News.

Footnotes

1. 1Dates/times in Europe/Athens timezone. Check portal for updates.