Support for Implementation of EU Legislation on Cybersecurity and National Cybersecurity Strategies (2024)

Call updates

03 April 2025

Submissions to call DIGITAL-ECCC-2024-DEPLOY-CYBER-07:

A total of 172 proposals has been submitted to call DIGITAL-ECCC-2024-DEPLOY-CYBER-07, which closed on 27 March 2025. These proposals, for which the evaluation will be organized in Q2-2025, were submitted to the following topics:

DIGITAL-ECCC-2024-DEPLOY-CYBER-07-CYBERSEC-02 - Support for Implementation of EU Legislation on Cybersecurity and National Cybersecurity Strategies (2024): 36 proposals

Jul 23, 2024 3:43:07 PM

Please note that the call document has been amended to include a minor update under the topic DIGITAL-2024-DEPLOY-CUBER-07-CYBERSEC-02 (please refer to the section 10 ). It is to be noted that this update DOES NOT modify in any way the topic conditions, the eligibility or evaluation criteria and it is only relevant to these topics

Support for Implementation of EU Legislation on Cybersecurity and National Cybersecurity Strategies (2024)

TOPIC ID: DIGITAL-ECCC-2024-DEPLOY-CYBER-07-CYBERSEC-02

Type of grant: Call for proposals

General information

Programme: Digital Europe Programme (DIGITAL)

Call: Deployment actions in the area of cybersecurity (DIGITAL-ECCC-2024-DEPLOY-CYBER-07)

Type of action: DIGITAL-JU-SIMPLE DIGITAL JU Simple Grants

Type of MGA: DIGITAL Action Grant Budget-Based [DIGITAL-AG]

Status: Forthcoming

Deadline model: single-stage

Planned Opening Date: 04 July 2024

Deadline dates: 21 January 2025 17:00 (Brussels time)

Topic description

ExpectedOutcome:

• Incident management solutions reducing the overall costs of cybersecurity for individual Member States and for the EU as a whole.
• Better compliance with NIS2 (Directive (EU) 2022/2555) and higher levels of situational awareness and crisis response in Member States.
• Organisation of events, workshops, stakeholder consultations and white papers.
• Enhanced cooperation, preparedness and cybersecurity resilience in the EU.
• Support actions and cooperation for further advanced of cybersecurity certification.
• Effective supervision and enforcement of the CRA by the market surveillance authorities and adequate capabilities of notifying authorities and national accreditation bodies for the implementation of the CRA.

Objective:

The action focuses on capacity building and the enhancement of cooperation on cybersecurity at technical, operational and strategic levels, in the context of existing and proposed EU legislation on cybersecurity in particular the NIS2 Directive (Directive (EU) 2022/2555), the Cybersecurity Act, and the Directive on attacks against information systems (Directive 2013/40). It complements the work of SOCs in the area of threat detection. It is a continuation of work currently supported under the previous Digital Work Programme.

In addition, this action also aims at supporting the implementation of the proposed Cyber Resilience Act (CRA) by market surveillance authorities/notifying authorities/national accreditation bodies, by increasing their capacities to ensure effective implementation of the CRA.

Proposals should contribute to achieving at least one of these objectives:

• Development of trust and confidence between Member States.
• Supporting market surveillance authorities/notifying authorities/national accreditation bodies to implement the CRA.
• Effective operational cooperation of organisations entrusted with EU or Member State’s national level cybersecurity, in particular cooperation of CSIRTs (including in relation to the CSIRT Network) or cooperation of Operators of Essential Services including public authorities.
• Better security and notification processes and means for Essential and Important Entities in the EU, including cross-border (automated) incident notification systems.
• Better reporting of cyber-attacks to law enforcement authorities in line with the Directive on attacks against information systems.
• Improved security of network and information systems in the EU.
• More alignment of Member States’ implementations of NIS2 (Directive (EU) 2022/2555).
• Support cybersecurity certification in line with the Cybersecurity Act.

Scope:

The action will focus on the support of at least one of the following priorities:

• Implementation, validation, piloting and deployment of technologies, tools and IT-based solutions, processes and methods for monitoring and handling cybersecurity incidents.
• Increasing capacity for market surveillance authorities/notifying authorities/national accreditation bodies in view of tasks as provided by the CRA.
• Collaboration, communication, awareness-raising activities, knowledge exchange and training, including through the use of cybersecurity ranges, of public and private organisations working on the implementation of NIS2 (Directive (EU) 2022/2555).
• Twinning schemes involving originator and adopter organisations from at least 2 different Member States to facilitate the deployment and uptake of technologies, tools, processes and methods for effective cross-border collaboration preventing, detecting and countering Cybersecurity incidents.
• Robustness and resilience building measures in the cybersecurity area that strengthen suppliers’ ability to work systematically with cybersecurity relevant information or supplying actionable data to CSIRTs.
• Ensure that manufacturers improve the security of products with digital elements since the design and development phase and throughout the whole life cycle.
• Ensure a coherent cybersecurity framework, facilitating compliance for hardware and software producers.
• Enhance the transparency of security properties of products with digital elements.
• Enable businesses across all sectors and consumers to use products with digital elements securely.
• Support to Cybersecurity certification, including support to national cybersecurity certification authorities and other relevant stakeholders, such as SMEs. This includes activities such as threat-led penetration testing, acquiring certification testbeds, sharing best practices, implementing innovative evaluation methods for specific ICT products or components.

Proposals may target, where relevant, Member State competent authorities, which play a central role in the implementation of NIS2 (Directive (EU) 2022/2555), as well as other actors within the scope of this Directive.

Proposals may support, amongst others, the continuation of cybersecurity activities funded through the CEF Telecom programme, building where relevant on the results from the CEF projects.

Proposals may support, amongst others, for the onboarding to the CEF Cybersecurity Core Service Platforms of public and private organisations working on the implementation of NIS2 (Directive (EU) 2022/2555) and are potential contributors to the goals of the CEF Cybersecurity Core Service Platform.

This action seeks to support the European cybersecurity posture by creating a European ecosystem of companies and organisations that will support the implementation of EU cybersecurity legislation that will contribute to strengthening the European capacities in protecting the cyberspace. The results from the work carried out in the projects funded under this action may include implementation, validation, piloting and deployment of technologies, tools and IT-based solutions, processes and methods for monitoring and handling cybersecurity incidents involving cybersecurity of providers of essential services and critical infrastructures, as well as other actors. As previously noted, participation of non-EU entities entails the risk of highly sensitive information about security infrastructure, risks and incidents being subject to legislation or pressure that obliges those non-EU entities to disclose this information to non-EU governments, with an unpredictable security risk. Therefore, based on the outlined security reasons, the actions relating to these technologies are subject to Article 12(5) of Regulation (EU) 2021/694, in consistency with WP 2021/2022.

Conditions

1.Admissibility conditions: described in section 5 of the call document

Proposal page limits and layout:described in Part B of the Application Form available in the Submission System

2. Eligible countries:described in section 6 of of the call document

3. Other eligibility conditions:described in section 6 of the call document

4. Financial and operational capacity and exclusion:described insection 7 of the call document

5.Evaluation and award:

• Award criteria, scoring and thresholds:described in section 9 of the call document

• Submission and evaluation processes:describedsection 8 of the call document and theOnline Manual

• Indicative timeline for evaluation and grant agreement:described in section 4 of the call document

6. Legal and financial set-up of the grants:describedin section 10 of the call document

Start submission

The submission system is planned to be opened on the date stated on the topic header.

Get support

For help related to thiscall, please contact ushere

Funding & Tenders Portal FAQ– Submission of proposals.

IT Helpdesk– Contact the IT helpdesk for questions such as forgotten passwords, access rights and roles, technical aspects of submission of proposals, etc.

Online Manual– Step-by-step online guide through the Portal processes from proposal preparation and submission to reporting on your on-going project. Valid for all 2021-2027 programmes.