Core Objective: Develop new advanced tools and processes for Operational Cybersecurity to strengthen the EU's strategic autonomy, digital sovereignty, and resilience.
Target Recipient Types: Legal entities, with a strong encouragement for innovative European cybersecurity start-ups and SMEs.
Geographic Scope: EU Member States and Associated Countries.
Key Filtering Criteria: Focus on operational cybersecurity, establishment in eligible EU/Associated Countries, and no direct or indirect control by non-eligible countries.
Grant Frequency and Context: This is a single-stage Innovation Action (IA) call under the Horizon Europe Work Programme, indirectly managed by the European Cybersecurity Competence Centre (ECCC).
Financial Structure
Grant Type: Lump sum contribution.
Total Topic Budget: EUR 23,550,000 (allocated for approximately 4 expected grants).
Minimum Grant Amount Per Project: EUR 4,500,000.
Maximum Grant Amount Per Project: EUR 6,000,000.
Currency: EUR.
Funding Rate: Not specified as a percentage, as it is incorporated into the lump sum calculation. For Innovation Actions, the maximum typical funding rate is 70% (or up to 100% for non-profit legal entities) of estimated eligible costs.
Eligible Costs: Defined by categories such as personnel, subcontracting, purchase (travel, equipment, other goods/services), and other specific categories (e.g., financial support to third parties, internally invoiced goods/services). Costs must be eligible under actual cost grant rules.
Ineligible Costs: Any costs specifically identified as ineligible under Horizon Europe rules.
Indirect Costs: A flat rate of 25% applied to direct eligible costs (excluding subcontracting, financial support to third parties, and unit costs/lump sums that already include indirect costs).
Co-financing Requirement: The total estimated costs of the action must exceed the estimated Union contributions, ensuring compliance with co-financing principles.
Payment Mechanism: Lump sum contributions are paid upon the proper implementation of corresponding work packages. Payments include pre-financing (typically 160% of the average EU funding per reporting period, with 5-8% deducted for the Mutual Insurance Mechanism), interim payments, and a final payment. There is no requirement to report actual costs.
No-profit Rule: The grant amount, combined with revenues, cannot result in a profit. Any surplus will be deducted from the final grant amount.
Double Funding Prohibition: Strict rules against declaring the same costs to multiple EU actions, except for EU Synergy grants.
Eligibility Requirements
Organization Type & Structure
Eligible Entities: Any legal entity (natural or legal person) created and recognized under national law, EU law, or international law, with legal personality. Entities without legal personality may exceptionally participate if their representatives can undertake legal obligations and offer financial guarantees.
Specific Entity Types: EU bodies (e.g., Joint Research Centre (JRC)), and associations/interest groupings (e.g., European Research Infrastructure Consortia (ERICs)) are eligible.
Encouraged Participants: Highly innovative European cybersecurity start-ups and SMEs with a proven track record in cybersecurity innovation at EU level (e.g., active participation in successful EU-funded projects, established operational cooperation with National Cybersecurity Authorities, or equity investments from venture capital funds for cybersecurity activities).
Consortium Requirement: Mandates a consortium of at least three independent legal entities. One must be established in an EU Member State, and the other two must be established in different EU Member States or Associated Countries. Affiliated entities do not count towards this minimum.
Geographic & Control Requirements
Establishment: Legal entities must be established in an EU Member State or an Associated Country.
Controlled Entities: Entities established in an eligible country but directly or indirectly controlled by a non-eligible country or non-eligible country entity are explicitly prohibited from participation. Applicants must submit an 'Ownership Control Declaration'.
Excluded Countries: Legal entities established in Russia, Belarus, or non-government controlled territories of Ukraine are not eligible to participate in any capacity.
EU Restrictive Measures: Entities subject to EU restrictive measures are ineligible.
Capacity & Compliance
Financial Capacity: Applicants must demonstrate stable and sufficient resources. A financial capacity check is typically performed for the coordinator if the requested grant amount is equal to or greater than EUR 500,000 (exemptions for public bodies, international organizations, and low-value grants not exceeding EUR 60,000).
Operational Capacity: Applicants must possess the necessary know-how, qualifications, and resources to successfully implement their tasks. This is assessed during the evaluation of the 'Quality and efficiency of the implementation' criterion (exemptions for public bodies, Member State organizations, and international organizations).
Gender Equality Plan: Required for public bodies, research organizations, and higher education establishments from Member States and Associated Countries. The plan must be published, allocate dedicated resources, include sex/gender disaggregated data collection and annual reporting, and provide training on gender equality and unconscious biases.
Exclusion Criteria
General Exclusion: Applicants subject to EU administrative sanctions or involved in situations like bankruptcy, grave professional misconduct, fraud, corruption, money laundering, significant breaches of prior EU grants, or non-compliance with social security/tax obligations are excluded.
Application Process
Application Submission
Application Deadline: 2025-11-12 00:00:00+00:00.
Submission Platform: Applications must be submitted electronically via the Funding & Tenders Portal's electronic submission system.
Application Format: Consists of Part A (online administrative information, budget summary, call-specific questions) and Part B (technical description, submitted as a PDF upload).
Required Documentation: Part A, Part B, and a detailed budget table (essential for justifying and fixing the lump sum amount). An 'Ownership Control Declaration' is also required.
Page Limits: Part B for lump sum Innovation Actions has a limit of 50 pages. Any pages exceeding this limit will not be considered by evaluators.
Coordinator Mandate: The coordinator must confirm their mandate to act for all applicants and confirm that all information is correct and that participants meet funding conditions.
Process & Timeline
Submission Procedure: Single-stage submission.
Evaluation Outcome Notification: Applicants will be informed of the evaluation results approximately 5 months after the submission deadline.
Grant Agreement Signature: The indicative date for signing grant agreements is approximately 8 months after the submission deadline.
Project Start Date: Typically after the grant agreement is signed. Retroactive start dates are possible in exceptional, justified circumstances with approval from the granting authority.
Post-Award & Reporting
Deliverables & Milestones: Managed through the Portal's grant management system and specified in Annex 1 of the grant agreement.
Reporting Obligations: Periodic and final reports are required throughout the project duration.
Payments: Pre-financing, interim payments (linked to periodic reports), and a final payment. Recoveries for undue payments are based on individual financial responsibility.
Consortium Agreement: Highly recommended for multi-beneficiary projects to ensure smooth implementation and address unforeseen circumstances. Not required for mono-beneficiary projects.
Support & Guidance
Direct Contacts: National Cybersecurity Coordination Centres (NCC) and the ECCC Applicants Direct Contact Centre ([email protected]).
Online Resources: The Funding & Tenders Portal Online Manual, Horizon Europe Programme Guide, and Funding & Tenders Portal FAQ provide comprehensive guidance.
Information Services: Research Enquiry Service for general research questions, National Contact Points (NCPs) for specific Horizon Europe guidance, and the Enterprise Europe Network (EEN) for business advice (especially for SMEs).
Technical & IP Support: IT Helpdesk for portal technical issues, European IPR Helpdesk for intellectual property matters, and CEN-CENELEC/ETSI Research Helpdesk for standardization advice.
Partner Search: Functionality is available to find suitable partner organizations for proposals.
Evaluation Criteria
Main Award Criteria (Scored 0-5)
Excellence: Assesses the clarity and pertinence of project objectives, ambition beyond the state-of-the-art, soundness of methodology (concepts, models, assumptions, inter-disciplinary approaches), consideration of the gender dimension in research/innovation content, and quality of open science practices (data sharing, citizen/end-user engagement).
Impact: Evaluates the credibility of pathways to achieve expected outcomes and impacts outlined in the work programme, the likely scale and significance of contributions, and the suitability/quality of measures for maximizing outcomes and impacts through dissemination, exploitation, and communication activities.
Quality and Efficiency of the Implementation: Focuses on the quality and effectiveness of the work plan, assessment of risks, appropriateness of effort assigned to work packages and overall resources, and the capacity and expertise of the consortium members.
Scoring & Thresholds
Individual Criterion Threshold: Each criterion (Excellence, Impact, Implementation) must achieve a score of at least 3 out of 5.
Overall Threshold: The sum of the three individual scores must be at least 10.
Impact Weighting: For this Innovation Action (IA) call, the 'Impact' score is weighted by 1.5.
Prioritization of Equally Scored Proposals
Priority will be given to proposals addressing aspects of the call not covered by higher-ranked proposals.
Subsequent prioritization considers the 'Excellence' score (after 'Impact' for IAs), followed by 'Impact'.
Further prioritization factors include: gender balance among researchers, geographical diversity (number of Member States or Associated Countries represented), and other factors like enhancing synergies or involving SMEs.
Compliance & Special Requirements
Regulatory & Legal Compliance
EU Policy Alignment: Projects must align with and promote EU policy interests and priorities, including security, industrial policy, and social aspects.
Civil Applications: Projects must focus exclusively on civil applications and must not involve human cloning for reproductive purposes, heritable human genetic modification, or human embryo creation for research/stem cell procurement.
Ethical Standards: Adherence to ethical principles, the highest standards of research integrity, and applicable EU, international, and national laws. An ethics self-assessment is mandatory, and projects with ethical issues may undergo an ethics review.
Security Compliance: Projects involving classified or sensitive information require a security appraisal. Specific rules apply to EU classified information (EUCI), including prohibitions on funding for TRES SECRET UE/EU TOP SECRET information and requirements for Facility Security Clearances (FSC) for higher classification levels. Beneficiaries must ensure their projects are not subject to national/third-country security requirements that could impede implementation or grant award. The 'Ownership Control Declaration' is crucial here.
Data Protection: Compliance with data protection regulations, specifically Regulation 2018/1725, regarding the collection, use, and processing of personal data.
Industry-Specific Legislation: Solutions developed under this grant are expected to be in line with relevant EU legislation, particularly the NIS2 Directive, Cyber Resilience Act, and Cyber Solidarity Act.
Intellectual Property (IP) Policy: Standard IP rules apply. The granting authority retains the right to object to the transfer of ownership or exclusive licensing of results for up to 4 years after the project's end.
Special Considerations
Gender Dimension: Evaluation criteria include the appropriate consideration of the gender dimension within research and innovation content. Gender equality plans are required for specific organizational types (public bodies, research organizations, higher education establishments).
Open Science Practices: Quality of open science practices, including data sharing and engagement with citizens/end-users, is an evaluation factor. Beneficiaries must provide access to data for scientific publication validation and, in public emergencies, may be required to deposit research output in a repository with open access.
Pilot Implementations: Proposals are expected to demonstrate developed frameworks, tools, and services through pilot implementations.
Mandatory Participation in Pilots: Pilot implementations must involve relevant national cybersecurity authorities and/or essential and important entities as defined in NIS2.
Encouraged Collaboration: The participation of leading European cybersecurity industry is strongly encouraged in these pilot implementations.
Risk Management: Risk assessment is a key component of the 'Quality and Efficiency of the Implementation' evaluation criterion.
Standardization: Beneficiaries are obliged to inform the granting authority if their project results could reasonably contribute to European or international standards for up to 4 years after the project's completion.
Grant Details
cybersecurity
operational cybersecurity
advanced tools
incident response
cyber threat intelligence
cyber crisis management
ict
ot
critical infrastructure
digital twins
pilot projects
innovation actions
horizon europe
eccc
smes
startups
eu member states
associated countries
nis2
cyber resilience act
cyber solidarity act
digital sovereignty
strategic autonomy
eu funding
lump sum
research and innovation
technology development
risk assessment
gender equality
open science
ipr
ethical standards
New advanced tools and processes for Operational Cybersecurity
HORIZON-CL3-2025-02-CS-ECCC-02
Horizon Europe
STARTUP
SME
ENTERPRISE
PUBLIC
UNIVERSITY
OTHER
AT
BE
BG
HR
CY
CZ
DK
EE
FI
FR
DE
GR
HU
IE
IT
LV
LT
LU
MT
NL
PL
PT
RO
SK
SI
ES
SE
AL
AM
BA
FO
GE
IS
IL
MD
ME
NZ
MK
NO
RS
TR
UA
UK
XC
Grants8