Request for Proposals: Privacy Enhancing Technologies

Scope

• Protecting individuals’ personal data and ensuring privacy while allowing for data processing and analysis is fundamental for their society. Privacy-preserving techniques allow to minimize the amount of personal data collected and processed, and to protect that data through advanced cryptographic methods. For instance, machine-learning methodologies are leveraged to dissect medical and behavioural data, aiming to unearth causations and insights into cyber attacks or threats. However, a substantial portion of this data comprises personal information, (such as sensitive health data), raising concerns over potential breaches or misuse, thus jeopardizing the privacy of individuals, societal well-being, and economic stability.
• In addition, the challenges related to the exploitation of non-personal/industrial data assets, which could impede the full realization of the data-driven economy, are also subject to the work that can be proposed under this topic. Solutions that can provide security against quantum adversaries are also encouraged.
• Privacy-enhancing technologies (PETs) such as cryptographic anonymous credentials, differential privacy, secure multiparty computation, homomorphic encryption, advanced digital signatures, such as ring signatures, blind signatures and attribute-based credentials hold promise in mitigating these challenges, yet their practical application necessitates further refinement and rigorous testing. Consortia are encouraged to propose solutions that can improve the usability and effectiveness of different PETs in realistic environment and to investigate their integration within common European data spaces. The inclusion of agile schemes designed in a modular way to support the transition to post-quantum PETs and the design, improvement and security analysis of quantum-resistant PETs is welcome, in light of the advances of quantum technologies.
• Proposals should also focus on enhancing the usability, scalability, and dependability of secure and PETs within supply chains, while seamlessly integrating with existing infrastructures and conventional security protocols. They should also accommodate the diversity in data types and models across various organizations, undergoing validation and pilot runs within authentic data environments. Adherence to data regulations, notably GDPR, is paramount.
• Consortia should seek to intertwine interdisciplinary expertise and resources from industry stakeholders, service providers, and end-users. The engagement of SMEs is encouraged, alongside the inclusion of legal proficiency to ensure regulatory compliance, including GDPR adherence. Furthermore, proactive identification and assessment of potential regulatory hurdles and constraints for the developed technologies/solutions are strongly encouraged.

Funding Information

• Budget (EUR) – Year 2025: 11 000 000
• Contributions: 3000000 to 4000000

Expected Impacts

• Support the EU’s technological capabilities by investing in cybersecurity research and innovation to further strengthen its leadership, strategic autonomy, digital sovereignty and resilience;
• Help protect its infrastructures and improve its ability to prevent, protect against, respond to, resist, mitigate, absorb, accommodate and recover from cyber and hybrid incidents, especially given the current context of geopolitical change;
• Support European competitiveness in cybersecurity and European strategic autonomy, by protecting EU products and digital supply chains, as well as critical EU services and infrastructures (both physical and digital) to ensure their robustness and continuity in the face of severe disruptions;
• Encourage the development of the European Cybersecurity Competence Community;
• Particular attention will be given to SMEs, who play a crucial role in the cybersecurity ecosystem and in overall EU digital single market competitiveness, by promoting security and privacy ‘by design’ in existing and emerging technologies.

Expected Outcomes

• Projects’ results are expected to contribute to some or all of the following outcomes:
  • Development of robust, scalable, and reliable technologies to uphold privacy within federated and secure data sharing frameworks, as well as in the processing of personal and industrial data, integrated into real-world systems.
  • Development of privacy preserving approaches for data sharing solutions, including privacy-preserving cyber threat information sharing, and in collaborative computations involving sensitive data.
  • Integration of privacy-by-design at the core of software and protocol development processes, with attention to ensure that cryptographic building blocks and implementations of privacy-enhancing digital signatures and user-authentication schemes are crypto-agile and modular, to facilitate a transition towards post-quantum cryptographic algorithms.
  • Development of privacy enhancing technologies for the users of constrained devices.
  • Contribution towards the advancement of GDPR-compliant European data spaces for digital services and research, such as those on health data, aligning with DATA Topics of Horizon Europe Cluster 4.
  • Development of privacy enhancing technologies and solutions, to benefit the requirements of citizens and companies, including small and medium-sized enterprises (SMEs).
  • Development of blockchain-based and decentralized privacy-enhancing technologies, to preserve data confidentiality, integrity, and the authenticity of transactions and digital assets. Possible combination of blockchain with other technologies, such as federated learning, will need to address the data’s security and privacy shared through such networks while ensuring that their connected devices are trusted.
  • Investigating the usability and user experience of privacy-enhancing technologies and exploring ways to design systems that are both secure and user-friendly.

Eligibility Criteria

• Entities eligible to participate:
  • Any legal entity, regardless of its place of establishment, including legal entities from nonassociated third countries or international organisations (including international European research organisations) is eligible to participate (whether it is eligible for funding or not), provided that the conditions laid down in the Horizon Europe Regulation have been met, along with any other conditions laid down in the specific call/topic.
  • A ‘legal entity’ means any natural or legal person created and recognised as such under national law, EU law or international law, which has legal personality and which may, acting in its own name, exercise rights and be subject to obligations, or an entity without legal personality.
• To become a beneficiary, legal entities must be eligible for funding.
• To be eligible for funding, applicants must be established in one of the following countries:
  • the Member States of the European Union, including their outermost regions:
    • Austria, Belgium, Bulgaria, Croatia, Cyprus, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden.
  • the Overseas Countries and Territories (OCTs) linked to the Member States:
    • Aruba (NL), Bonaire (NL), Curação (NL), French Polynesia (FR), French Southern and Antarctic Territories (FR), Greenland (DK), New Caledonia (FR), Saba (NL), Saint Barthélemy (FR), Sint Eustatius (NL), Sint Maarten (NL), St. Pierre and Miquelon (FR), Wallis and Futuna Islands (FR).
  • countries associated to Horizon Europe;
    • Albania, Armenia, Bosnia and Herzegovina, Canada, Faroe Islands, Georgia, Iceland, Israel, Kosovo, Moldova, Montenegro, New Zealand, North Macedonia, Norway, Serbia, Tunisia, Türkiye, Ukraine, United Kingdom.

For more information, visit EC.