Support for Implementation of EU Legislation on Cybersecurity and National Cybersecurity Strategies (2024)
Programme Category
Programme Name
Programme Description
Digital Europe Programme is the first EU programme that aims to accelerate the recovery and drive the digital transformation of Europe.
Worth €7.6 billion (in current prices), the Programme is a part of the next long-term EU budget, (the Multiannual Financial Framework), and it covers 2021 to 2027. It will provide funding for projects in five crucial areas: supercomputing, artificial intelligence, cybersecurity, advanced digital skills, and ensuring the wide use of digital technologies across the economy and society.
The Programme is fine-tuned to fill the gap between the research of digital technologies and their deployment, and to bring the results of research to the market – for the benefit of Europe’s citizens and businesses, and in particular SMEs. Investments under the Digital Europe programme supports the Union’s twin objectives of a green transition and digital transformation and strengthens the Union’s resilience and strategic autonomy.
Identifier Code
Call
Summary
The action focuses on capacity building and the enhancement of cooperation on cybersecurity at technical, operational and strategic levels, in the context of existing and proposed EU legislation on cybersecurity. It complements the work of SOCs in the area of threat detection. It is a continuation of work currently supported under the previous Digital Work Programme.
In addition, this action also aims at supporting the implementation of the proposed Cyber Resilience Act (CRA) by market surveillance authorities/notifying authorities/national accreditation bodies, by increasing their capacities to ensure effective implementation of the CRA.
Detailed Call Description
The action will focus on the support of at least one of the following priorities:
- Implementation, validation, piloting and deployment of technologies, tools and IT-based solutions, processes and methods for monitoring and handling cybersecurity incidents.
- Increasing capacity for market surveillance authorities/notifying authorities/national accreditation bodies in view of tasks as provided by the CRA.
- Collaboration, communication, awareness-raising activities, knowledge exchange and training, including through the use of cybersecurity ranges, of public and private organisations working on the implementation of NIS2 (Directive (EU) 2022/2555).
- Twinning schemes involving originator and adopter organisations from at least 2 different Member States to facilitate the deployment and uptake of technologies, tools, processes and methods for effective cross-border collaboration preventing, detecting and countering Cybersecurity incidents.
- Robustness and resilience building measures in the cybersecurity area that strengthen suppliers’ ability to work systematically with cybersecurity relevant information or supplying actionable data to CSIRTs.
- Ensure that manufacturers improve the security of products with digital elements since the design and development phase and throughout the whole life cycle.
- Ensure a coherent cybersecurity framework, facilitating compliance for hardware and software producers.
- Enhance the transparency of security properties of products with digital elements.
- Enable businesses across all sectors and consumers to use products with digital elements securely.
- Support to Cybersecurity certification, including support to national cybersecurity certification authorities and other relevant stakeholders, such as SMEs. This includes activities such as threat-led penetration testing, acquiring certification testbeds, sharing best practices, implementing innovative evaluation methods for specific ICT products or components.
Proposals may target, where relevant, Member State competent authorities, which play a central role in the implementation of NIS2 (Directive (EU) 2022/2555), as well as other actors within the scope of this Directive.
Proposals may support, amongst others, the continuation of cybersecurity activities funded through the CEF Telecom programme, building where relevant on the results from the CEF projects.
Proposals may support, amongst others, for the onboarding to the CEF Cybersecurity Core Service Platforms of public and private organisations working on the implementation of NIS2 (Directive (EU) 2022/2555) and are potential contributors to the goals of the CEF Cybersecurity Core Service Platform.
This action seeks to support the European cybersecurity posture by creating a European ecosystem of companies and organisations that will support the implementation of EU cybersecurity legislation that will contribute to strengthening the European capacities in protecting the cyberspace. The results from the work carried out in the projects funded under this action may include implementation, validation, piloting and deployment of technologies, tools and IT-based solutions, processes and methods for monitoring and handling cybersecurity incidents involving cybersecurity of providers of essential services and critical infrastructures, as well as other actors.
Call Total Budget
Financing percentage by EU or other bodies / Level of Subsidy or Loan
50%
Maximum grant amount: €2.000.000 – €4.000.000 per project (but other amounts are not excluded)
Thematic Categories
- Information Technology
- Justice - Security
- New Entrepreneurship
- Research, Technological Development and Innovation
- Small-Medium Enterprises and Competitiveness
Eligibility for Participation
- Central Government
- Legal Entities
- Local Authorities
- Other Beneficiaries
- Private Bodies
- Researchers/Research Centers/Institutions
- Small and Medium Enterprises (SMEs)
- State-owned Enterprises
Eligibility For Participation Notes
In order to be eligible, the applicants (beneficiaries and affiliated entities) must:
- be legal entities (public or private bodies)
- be established in one of the eligible countries, i.e.:
- EU Member States (including overseas countries and territories (OCTs)
- EEA countries (Norway, Iceland, Liechtenstein)
Please be aware that all topics of this call are subject to restrictions due to security, therefore entities must not be directly or indirectly controlled from a country that is not an eligible country. All entities will have to fill in and submit a declaration on ownership and control.
Moreover:
- participation in any capacity (as beneficiary, affiliated entity, associated partner, subcontractor or recipient of financial support to third parties) is limited to entities established in and controlled from eligible countries
- project activities (included subcontracted work) must take place in eligible countries (see section geographic location below and section 10)
- the Grant Agreement may provide for IPR restrictions (see section 10).
Targeted stakeholders:
This topic targets relevant industrial stakeholders, including SMEs and start-ups in the scope of the upcoming CRA, concerned by the NIS2 Directive or that may benefit from the European cybersecurity certification schemes. It refers also to Member State competent authorities, which play a central role in the implementation of the NIS2 Directive, Computer Security Incident Response Teams (CSIRTs) including sectorial CSIRTs, Security Operation Centres (SOC), Operators of Essential Services (OES), digital service providers (DSP), Information Sharing and Analysis Centres- ISACs, actors that play a role in the implementation of the Cyber Resilience Act (including certification bodies), and any other actors within the scope of the legislations mentioned above. Submissions from consortia, despite not mandatory, will positively contribute to the impact of the action.
Consortium composition: no restrictions
Call Opening Date
Call Closing Date
National Contact Point(s)
Ministry of Research, Innovation and Digital Policy
Directorate of Research and Innovation
Eleana Gabriel
Telephone: +357 22 691918
Email: egabriel@dmrid.gov.cy