Call for Proposals: Uptake of Innovative Cybersecurity Solutions for SMEs

Focus Areas/Objectives/Priorities/Themes: Proposals should contribute to achieving at least one of these objectives: availability of innovative tools and services that support SMEs in complying with the EU cybersecurity legislation; availability of innovative tools and services that support SMEs in reporting incidents and in assisting with recovery if possible, and in exchanging with competent authorities; improved security and notification processes and means in the EU; improved security of network and information systems in the EU; industrial and market readiness for the proposed Cyber Resilience Act; support for cybersecurity certification in line with the Cybersecurity Act; support for supply chain partners in standardised self-assessments and certifications, helping downstream supply chain partners in a step-by-step approach to increase cyber resilience; overcome the challenge of finding the technical skills required to deal with a complex technology landscape that relies heavily on extensive configurations and capabilities; cyber toolkit as a service to support SMEs managing cyber risks, defining, and implementing their cybersecurity strategy, including several functions dedicated to risk assessment, vulnerabilities and threats detection; support and incident response capabilities to SMEs.

The DIGITAL-ECCC-2025-DEPLOY-CYBER-09-UPTAKE action focuses on empowering SMEs to meet emerging cybersecurity requirements by enhancing their preparedness for upcoming EU regulations, such as the Cyber Resilience Act. The initiative addresses the lack of market readiness among SMEs by encouraging the development and deployment of practical, innovative solutions tailored to their operational realities.

The expected outcome of the call is the creation of a “cyber toolkit as a service,” a modular suite of applications that helps SMEs identify, assess, and mitigate cyber risks. This toolkit may integrate with existing software platforms—such as financial, CRM, or accounting systems—to detect vulnerabilities and manage risk more effectively. Additional functionalities include interfaces for incident reporting and recovery assistance, as well as mapping tools that centralize available cybersecurity solutions for SMEs.

Support and incident response mechanisms form a vital component of the action. The initiative foresees the establishment of multilingual cybersecurity helplines and national cyber response platforms to improve SMEs’ access to expert guidance. These will help reduce the success rate of cyber scams, improve response coordination, and strengthen Europe’s cyber crisis management capacity.

The call also encourages the creation of interfaces between SMEs and national or cross-border cybersecurity authorities, allowing efficient incident notification and information sharing. Specialized training for first responders in sectors like healthcare, finance, energy, and transport aims to enhance technical capacity and foster a culture of cyber resilience.

The topic primarily targets SMEs but also welcomes applications from public and private entities implementing the NIS 2 Directive or the Cyber Resilience Act, as well as research and academic institutions and end-users. Submissions from consortia are not mandatory but are encouraged to maximize impact.

The total budget available for this topic is EUR 15 million under the Digital Europe Programme (DIGITAL-ECCC-2025-DEPLOY-CYBER-09-UPTAKE). The action type is SME Support Actions, with a funding rate of 50% for general participants and up to 75% for SMEs.

For more information, visit EC.