Funds for Companies

Grants and Resources for Sustainability

You are here: Home / Grant / EC: Support to implement EU Legislation and National Strategies on Cybersecurity (2024)

EC: Support to implement EU Legislation and National Strategies on Cybersecurity (2024)

Deadline: 21 January 2025

European Commission (EC) seeking applications to support the implementation of the proposed Cyber Resilience Act (CRA) by market surveillance authorities/notifying authorities/national accreditation bodies, by increasing their capacities to ensure effective implementation of the CRA.

Objectives 

  • The action focuses on capacity building and the enhancement of cooperation on cybersecurity at technical, operational and strategic levels, in the context of existing and proposed EU legislation on cybersecurity in particular the NIS2 Directive (Directive (EU) 2022/2555)7 , the Cybersecurity Act8 , and the Directive on attacks against information systems (Directive 2013/40)9 . It complements the work of SOCs in the area of threat detection. It is a continuation of work currently supported under the previous Digital Work Programme.
  • Proposals should contribute to achieving at least one of these objectives:
    • Development of trust and confidence between Member States.
    • Supporting market surveillance authorities/notifying authorities/national accreditation bodies to implement the CRA.
    • Effective operational cooperation of organisations entrusted with EU or Member State’s national level cybersecurity, in particular cooperation of CSIRTs (including in relation to the CSIRT Network) or cooperation of Operators of Essential Services including public authorities.
    • Better security and notification processes and means for Essential and Important Entities in the EU, including cross-border (automated) incident notification systems.
    • Better reporting of cyber-attacks to law enforcement authorities in line with the Directive on attacks against information systems.

Scope

  • The action will focus on the support of at least one of the following priorities:
    • Implementation, validation, piloting and deployment of technologies, tools and IT based solutions, processes and methods for monitoring and handling cybersecurity incidents.
    • Increasing capacity for market surveillance authorities/notifying authorities/national accreditation bodies in view of tasks as provided by the CRA.
    • Collaboration, communication, awareness-raising activities, knowledge exchange and training, including through the use of cybersecurity ranges, of public and private organisations working on the implementation of NIS2 (Directive (EU) 2022/2555).
    • Twinning schemes involving originator and adopter organisations from at least 2 different Member States to facilitate the deployment and uptake of technologies, tools, processes and methods for effective cross-border collaboration preventing, detecting and countering Cybersecurity incidents.
    • Robustness and resilience building measures in the cybersecurity area that strengthen suppliers’ ability to work systematically with cybersecurity relevant information or supplying actionable data to CSIRTs.
    • Ensure that manufacturers improve the security of products with digital elements since the design and development phase and throughout the whole life cycle.
    • Ensure a coherent cybersecurity framework, facilitating compliance for hardware and software producers.
    • Enhance the transparency of security properties of products with digital elements.
    • Enable businesses across all sectors and consumers to use products with digital elements securely.
    • Support to Cybersecurity certification, including support to national cybersecurity certification authorities and other relevant stakeholders, such as SMEs. This includes activities such as threat-led penetration testing, acquiring certification testbeds, sharing best practices, implementing innovative evaluation methods for specific ICT products or components.

Funding Information

  • Funding Amount: EUR 20.000.000

Targeted Stakeholders 

  • This topic targets relevant industrial stakeholders, including SMEs and start-ups in the scope of the upcoming CRA, concerned by the NIS2 Directive or that may benefit from the European cybersecurity certification schemes. It refers also to Member State competent authorities, which play a central role in the implementation of the NIS2 Directive, Computer Security Incident Response Teams (CSIRTs) including sectorial CSIRTs, Security Operation Centres (SOC), Operators of Essential Services (OES), digital service providers (DSP), Information Sharing and Analysis Centres- ISACs, actors that play a role in the implementation of the Cyber Resilience Act.

Outcomes and Deliverables 

  • Incident management solutions reducing the overall costs of cybersecurity for individual Member States and for the EU as a whole.
  • Better compliance with NIS2 (Directive (EU) 2022/2555) and higher levels of situational awareness and crisis response in Member States.
  • Organisation of events, workshops, stakeholder consultations and white papers.
  • Enhanced cooperation, preparedness and cybersecurity resilience in the EU.
  • Support actions and cooperation for further advanced of cybersecurity certification.
  • Effective supervision and enforcement of the CRA by the market surveillance authorities and adequate capabilities of notifying authorities and national accreditation bodies for the implementation of the CRA.

Eligibility Criteria

  • Eligible participants (eligible countries):
    • be legal entities (public or private bodies)
    • be established in one of the eligible countries, i.e.:
      • EU Member States (including overseas countries and territories (OCTs))
      • EEA countries (Norway, Iceland, Liechtenstein)

For more information, visit EC.