Support services in relation to monitoring, analyses and evaluation of Cybersecurity legal framework, policies and strategies

The European Union Agency for Cybersecurity (ENISA) has released a tender opportunity titled "Monitoring and analysis of strategies," referencing the procedure identifier ENISA/2025/OP/0012. This call seeks professional services aimed at supporting ENISA in monitoring, analyzing, and evaluating cybersecurity legal frameworks, policies, and strategies within the EU and countries with a perspective of joining the EU.

The tender has an estimated total value of 450,000 EUR and a maximum contract duration of 48 months. It will be awarded based on the best price-quality ratio, with an open procedure allowing both individual applicants and consortia to participate. Proposals must be submitted electronically, with a deadline set for December 16, 2025, at 10:00 Europe/Athens time.

Eligible participants are likely to include large consulting firms, legal consultancies specializing in cybersecurity, research institutions, and organizations with relevant expertise in policy analysis and capacity building. The procurement process allows subcontracting, and bidders must provide a Personal Identification Code (PIC) to participate.

The primary focus of the services includes conducting analyses of legal frameworks and policies that pertain to cybersecurity, as well as engaging in capacity-building activities and facilitating knowledge exchange related to these areas. The opportunity aims to aid ENISA in enhancing the resilience of cybersecurity measures throughout the European Union and its candidate countries.

The submission process necessitates adhering to specific technical requirements, including file size limits and naming conventions. Relevant documents for the tender include administrative specifications, technical specifications, and financial offer forms, all of which are available for download through the designated platform.

Overall, this tender reflects an important initiative by ENISA to ensure the effective monitoring and evaluation of cybersecurity strategies within a critical domain for the European Union and its neighboring regions.

The European Union Agency for Cybersecurity (ENISA) has published a call for tenders, ENISA2025OP0012, titled "Monitoring and analysis of strategies," seeking support services in relation to monitoring, analyses, and evaluation of the Cybersecurity legal framework, policies, and strategies. The call was published on 17/11/2025, and this is version 1. The procedure is an open procedure, and submissions must be sent exclusively via electronic means.

The tender aims to provide ENISA with support in two key areas:

1.  Monitoring, analysis, and evaluation of legal frameworks, policies, and/or strategies relevant to cybersecurity at the national level, within the EU, and in countries with an EU membership perspective.

2.  Activities for capacity building and knowledge exchange in areas related to legal frameworks, policies, and strategies relevant to cybersecurity at the national level, within the EU, and in countries with an EU membership perspective.

The estimated total value of this tender is 450,000 EUR. The maximum contract duration is 48 months. The award method will be based on the best price-quality ratio. This call for tenders is for a framework agreement with reopening of competition.

Key Milestones:

*  TED publication date: 17/11/2025

*  Date and time of public opening: 16/12/2025 13:00 Europe/Athens

*  Deadline for receipt of tenders: 16/12/2025 10:00 Europe/Athens

*  Deadline after which the Contracting authority is not bound to reply to questions: 08/12/2025 06:00 Europe/Athens

The main classification (CPV) code for this tender is 73210000, which refers to research consultancy services. The nature of the contract is for services.

The following documents are available for download:

1.  ENEN-Invitation to tender ENISA2025OP0012 Monitoring and analysis of strategies (Invitation to tender/request for offer)

2.  Annex I Part 1 Administrative specifications ENISA2025OP0012 Monitoring and analysis of strategies (Tender specifications - adm. part)

3.  Annex I Part 2 technical specifications ENISA2025OP0012 Monitoring and analysis of strategies (Tender specifications)

4.  Annex 2 declaration-of-honour-tenders ENISA2025OP0012 (Declaration on honour (tender))

5.  Annex 3 Agreement Power of attorney (Other invitation to tender document)

6.  Annex 4 List of identified subcontractors and proportion of subcontracting (Other invitation to tender document)

7.  Annex 5.1 Commitment letter by an identified subcontractor (Other invitation to tender document)

8.  Annex 5.2 Commitment letter by an entity on whose capacities is being relied (Other invitation to tender document)

9.  Annex 06 Financial Offer F-PMA-25-T12 ENISA2025OP0012 (Financial offer form)

10. Annex 07 Simplified Financial Statement (Other invitation to tender document)

There are 14 documents in total.

Submissions must be sent exclusively at the address for submission given below, using the electronic submission method.

A Personal Identification Code (PIC) is mandatory to participate in this call for tenders as a sole candidate/tenderer or as a member of a group (consortium).

The eSubmission system supports all 24 official EU languages and uses UTF-8 character set encoding. The system encrypts all uploaded documents using an asymmetric key as an encryption mechanism. The maximum number of documents that can be uploaded per tender is 200 files. Attachments should be less than 50 MB in size.

The eSubmission system supports the latest versions of Google Chrome and Mozilla Firefox.

This tender is an invitation for organizations to provide support to ENISA in the critical area of cybersecurity strategy and policy. It involves research, analysis, and capacity building related to cybersecurity legal frameworks and strategies within the EU and its neighboring countries. The successful tenderer will assist ENISA in monitoring and evaluating existing cybersecurity measures, as well as in promoting knowledge exchange and capacity building in this field. The framework agreement allows for multiple projects within the 48-month duration, offering a sustained engagement in shaping the EU's cybersecurity landscape.

Eligible Applicant Types: The eligible applicant types are not explicitly stated, but given the nature of the tender, it is likely open to a range of entities including companies, research institutions, and consultancies with expertise in cybersecurity, legal frameworks, policy analysis, and capacity building. The requirement for a PIC (Personal Identification Code) suggests that any organization intending to submit a tender, either as a sole candidate or as part of a consortium, is eligible, including subcontractors.

Funding Type: Procurement. This is an invitation to tender (request for offer), indicating a procurement process where the contracting authority (ENISA) is seeking services from external providers.

Consortium Requirement: Both single applicants and consortia are potentially eligible. The documentation mentions the possibility of subcontractors and commitment letters from entities whose capacities are being relied upon, suggesting that consortia are permissible. The FAQ also mentions that a PIC is mandatory whether participating as a sole candidate/tenderer or as a member of a group (consortium).

Beneficiary Scope (Geographic Eligibility): The description mentions "at the national level, and/or in the EU and/or countries with EU membership perspective," indicating that the geographic eligibility includes the EU and countries with a perspective of joining the EU. The exact scope might be further defined in the tender specifications.

Target Sector: Cybersecurity. The tender focuses on "monitoring, analysis and evaluation of legal frameworks, policies and/or strategies relevant to cybersecurity" and "activities for capacity building and knowledge-exchange in areas related to legal frameworks, policies and strategies relevant to cybersecurity." Research consultancy services are also mentioned via the CPV code.

Mentioned Countries: The opportunity mentions the EU and countries with EU membership perspective.

Project Stage: The project stage is focused on implementation and support, specifically monitoring, analysis, evaluation, capacity building, and knowledge exchange related to existing or developing cybersecurity legal frameworks, policies, and strategies. This suggests a focus on development, validation, and potentially demonstration stages rather than basic research or idea generation.

Funding Amount: The estimated total value of the tender is 450,000 EUR.

Application Type: Open call. The procedure type is explicitly stated as an "Open procedure."

Nature of Support: Non-monetary services. The selected tenderer will provide services to ENISA, specifically "support in the monitoring, analysis and evaluation" and "support with activities for capacity building and knowledge-exchange."

Application Stages: The number of application stages is not explicitly stated, but it is likely a multi-stage process involving submission of a tender, evaluation by ENISA, and potential negotiation or clarification before contract award. The documents listed (Administrative specifications, Technical specifications, Financial Offer form, etc.) suggest a comprehensive application process.

Success Rates: The success rates are not mentioned in the provided text.

Co-funding Requirement: The co-funding requirement is not explicitly mentioned.

Summary:

This is an invitation to tender issued by the European Union Agency for Cybersecurity (ENISA) with the procedure identifier ENISA/2025/OP/0012. The tender seeks to procure services related to the monitoring, analysis, and evaluation of cybersecurity legal frameworks, policies, and strategies within the EU and countries with EU membership perspective. The selected contractor will also provide support to ENISA in capacity building and knowledge exchange activities. The estimated total value of the tender is 450,000 EUR, and the maximum contract duration is 48 months. The submission method is electronic, with a deadline for receipt of tenders on December 16, 2025, at 10:00 Europe/Athens time. The award method will be based on the best price-quality ratio. The tender is structured as a framework agreement with reopening of competition. The tender documents include administrative specifications, technical specifications, a declaration of honor, agreement and power of attorney templates, forms for listing subcontractors, commitment letters, a financial offer form, and a simplified financial statement. Tenderers must register for a PIC (Personal Identification Code) to participate, and submissions must adhere to specific technical requirements, including file size limits (under 50 MB) and naming conventions. The system supports all 24 official EU languages and uses encryption to ensure the integrity and confidentiality of information. The opportunity is open to both single applicants and consortia, and the geographic eligibility includes the EU and countries with EU membership perspective.