Supporting ENISA for the provision of the EU Cybersecurity Reserve services to DEP-Associated Third Countries

The European Union Agency for Cybersecurity (ENISA) has issued a call for tenders, ENISA/2025/OP/0013, aiming to identify trusted managed security service providers. The primary focus is on delivering incident response services to support the implementation of the EU Cybersecurity Reserve for Digital Europe Programme (DEP)-associated third countries. This initiative is designed to assist eligible users in responding to significant, large-scale cybersecurity incidents that exceed the internal response capacities of these countries.

The estimated total value of the tender is €1,500,000, with a maximum contract duration of 36 months. The contract will be awarded based on the quality-price ratio, with a significant emphasis on quality at 70% versus 30% for price. This aligns with ENISA's emphasis on having highly competent service providers who can effectively manage critical cybersecurity incidents.

Qualifying applicants are limited to larger, specialized managed security service providers rather than small and medium-sized enterprises (SMEs), reflecting the complexity and scale of services required. The tender allows for both individual bids and consortia, enabling flexibility in how service delivery is structured.

The opportunity specifically targets the cybersecurity sector and the services offered must include established incident response capabilities. The application process requires electronic submissions by February 9, 2026, at 10:00 CET. There is a series of mandatory documentation requirements, including a Personal Identification Code (PIC) for participation, and no co-funding is required.

The call for tenders emphasizes the importance of providing robust cybersecurity support during crises, which is a strategic investment by the EU in strengthening regional cybersecurity resilience across associated nations. The electronic submission platform supports multiple EU languages and includes strict file size and format limitations for the documentation. Interested parties must follow the stipulated guidelines for submission to ensure eligibility for this critical opportunity in enhancing cybersecurity infrastructure.

The European Union Agency for Cybersecurity (ENISA) has issued a call for tenders, ENISA2025OP0013, to identify trusted managed security service providers. These providers will support ENISA in implementing the EU Cybersecurity Reserve for DEP-associated third countries. The primary focus is on delivering incident response (ex-post) cybersecurity services, specifically IR Retainer services.

The services are designed to assist eligible users, upon request, in responding to significant, large-scale, or large-scale-equivalent cybersecurity incidents. These incidents should cause a level of disruption that exceeds the affected DEP-associated third country's capacity to handle.

This is an open procedure, with electronic submissions required. The estimated total value of the tender is 1,500,000 EUR. The TED publication date is December 17, 2025. The lead contracting authority is the European Union Agency for Cybersecurity (ENISA). The main classification (CPV) is 72000000, covering IT services such as consulting, software development, Internet services, and support. The nature of the contract is for services, with a maximum duration of 36 months. The award method will be based on the best price-quality ratio. A framework agreement with reopening of competition will be used.

Key milestones include the TED publication date of December 17, 2025, a public opening scheduled for February 9, 2026, at 13:00 Europe/Athens time, and a deadline for receipt of tenders on February 9, 2026, at 10:00 Europe/Athens time. The contracting authority will not respond to questions submitted after January 31, 2026, at 06:00 Europe/Athens time.

The following documents are available for download:

EN00. EN-Invitation to tender ENISA2025OP0013 Provision of services to Third CountriesInvitation letter, published on 17/12/2025, Version 1, No translations available.
EN01. Annex I Part 1 admin specifications ENISA2025OP0013 third countriesTender specifications - adm. part, published on 17/12/2025, Version 1, No translations available.
EN02. Annex I Part 2 technical specifications ENISA2025OP0013 third countriesTechnical specifications, published on 17/12/2025, Version 1, No translations available.
EN03. Annex II EN Draft Service FWC ENISA2025OP0013Draft contract annex, published on 17/12/2025, Version 1, No translations available.
ENAnnex 02. declaration-of-honour-tenders_ENISA2025OP0013Declaration on honour (tender), published on 17/12/2025, Version 1, No translations available.
ENAnnex 03 Agreement Power of attorneyOther invitation to tender document, published on 17/12/2025, Version 1, No translations available.
ENAnnex 04. List of identified subcontractors and proportion of subcontractingOther invitation to tender document, published on 17/12/2025, Version 1, No translations available.
ENAnnex 05.1. Commitment letter by an identified subcontractorOther invitation to tender document, published on 17/12/2025, Version 1, No translations available.
ENAnnex 05.2. Commitment letter by an entity on whose capacities is being reliedOther invitation to tender document, published on 17/12/2025, Version 1, No translations available.
ENAnnex 06. Financial Offer F-OSU-25-T23 tenderer nameFinancial offer form, published on 17/12/2025, Version 1, No translations available.

Submissions must be sent exclusively via electronic means to the address provided upon accessing the submission link.

Regarding the eSubmission system, several FAQs are addressed:

To address system slowness or malfunctions during document upload/download, it is recommended to use the latest versions of Google Chrome or Mozilla Firefox, clear browser cache and cookies, and consult the System Requirements.
eSubmission supports the latest versions of Google Chrome and Mozilla Firefox. Refer to the System Requirements link for up-to-date technical recommendations.
Submission details are inaccessible after the deadline due to system encryption.
Submissions can be found in the Funding & Tenders portal under ‘My Submission(s)’ for open calls for tenders.
Attachments should be less than 50 MB in size.
Attachment names must adhere to the System Requirements.
The system supports video submissions; check the System Requirements for supported formats.
Invited candidates can view procurement documents after selecting an organization in the F&T Portal under “My Invitations”.
A Personal Identification Code (PIC) is mandatory for participation as a sole candidate/tenderer or as part of a consortium.
File upload issues require adherence to the system's technical requirements.
The system allows a maximum of 200 document uploads per tender.
Tenderers need a PIC for identification and participation tracking.
Organizations can register and obtain a PIC via the Search PIC tool.
The system supports all 24 official EU languages.
The character set encoding is UTF-8.
The system uses encryption to ensure data integrity and confidentiality.
Supported file types depend on the submission type and are specified in the system requirements.
Draft submissions can be viewed, edited, and deleted until the deadline.
An "UNKNOWN" legal form display issue in the submission report does not block submission.
An automatic email received after submitting on time, informing of the deadline, does not indicate incorrect submission.

In summary, this tender is an opportunity for managed security service providers to become part of the EU Cybersecurity Reserve, providing critical incident response services to DEP-associated third countries. The selected providers will play a vital role in enhancing the cybersecurity resilience of these nations by offering support during significant cyber incidents. The tender process is electronic, and interested parties must adhere to the specified deadlines and technical requirements for submission. A key aspect is the establishment of a framework agreement, implying a longer-term partnership with ENISA for cybersecurity support services.

Eligible Applicant Types: The eligible applicant types are managed security service providers.

Funding Type: This is a procurement opportunity, specifically a call for tenders. The nature of the contract is for services.

Consortium Requirement: The text mentions subcontractors, suggesting that both single applicants and consortia are possible. The Personal Identification Code (PIC) is mandatory whether applying as a sole candidate/tenderer or as a member of a group (consortium).

Beneficiary Scope (Geographic Eligibility): The opportunity is targeted towards DEP-associated third countries.

Target Sector: The target sector is cybersecurity, specifically IT services, consulting, software development, Internet and support.

Mentioned Countries: The opportunity explicitly mentions "Third Countries" and "DEP-associated third countries".

Project Stage: The project stage is focused on the delivery of incident response (ex-post) cybersecurity services, indicating a need for established and operational services.

Funding Amount: The estimated total value of this opportunity is 1,500,000 EUR.

Application Type: This is an open call for tenders.

Nature of Support: Beneficiaries will receive money in exchange for providing services.

Application Stages: The number of application stages is not explicitly mentioned, but the process involves submitting a tender electronically, suggesting at least one stage.

Success Rates: The success rates are not mentioned in the provided text.

Co-funding Requirement: The text does not explicitly mention a co-funding requirement.

Summary:

This is a call for tenders (ENISA/2025/OP/0013) issued by the European Union Agency for Cybersecurity (ENISA). The purpose is to identify trusted managed security service providers to support the implementation of the EU Cybersecurity Reserve for DEP-associated third countries. The selected providers will deliver incident response (ex-post) cybersecurity services (IR Retainer services) to assist eligible users in responding to significant, large-scale, or large-scale-equivalent cybersecurity incidents that exceed the response capacity of the DEP-associated third country. The procedure type is an open procedure, and submissions must be electronic. The estimated total value is 1,500,000 EUR, and the maximum contract duration is 36 months. The award method is based on the best price-quality ratio, and the framework agreement involves reopening of competition. The TED publication date was 17/12/2025, and the deadline for receipt of tenders is 09/02/2026 at 10:00 Europe/Athens time. The contracting authority is not bound to reply to questions submitted after 31/01/2026 at 06:00 Europe/Athens time. Tenderers must submit their proposals electronically, and a Personal Identification Code (PIC) is mandatory for participation. The system supports 24 official EU languages and uses UTF-8 character set encoding. The system encrypts all uploaded documents. The maximum number of documents allowed per tender is 200, and the maximum file size is 50 MB.