Grants8 | The most comprehensive grants search on the web

Grant Analysis

Purpose & Target

This grant aims to strengthen the cybersecurity of hospitals and healthcare providers across Europe. Its core objective is to enhance their ability to detect, monitor, and respond effectively to cyber threats, especially ransomware, thereby improving the overall resilience of the European healthcare system. - Explicit identification of target recipient type and size: The grant targets hospitals, healthcare providers, regional and/or national cluster associations of these entities, and cybersecurity service providers. - MUST state if grant is 'SECTOR-SPECIFIC' or 'SECTOR-AGNOSTIC': SECTOR-SPECIFIC focusing on Healthcare and Cybersecurity. - Geographic scope and any location requirements: Projects must cover the European Union, with pilot demonstrations conducted in at least two different Member States. - Key filtering criteria for initial grant screening: Businesses or organizations involved in healthcare provision or cybersecurity solutions, capable of collaborative projects (consortia) within the EU, with a focus on improving healthcare cyber resilience. - Grant frequency and program context: This specific call for 'DIGITAL-ECCC-2025-DEPLOY-CYBER-08-CYBERHEALTH' is part of the broader Digital Europe Programme (2021-2027). While this particular topic is currently open for a single submission round, it is embedded within an ongoing multi-annual program.

Financial Structure

The total available budget for this specific topic, 'DIGITAL-ECCC-2025-DEPLOY-CYBER-08-CYBERHEALTH', is 30,000,000 EUR.
No specific minimum or maximum grant amount per project is stated within the provided documents.
The grant type is a 'DIGITAL Action Grant Budget-Based'. Specific funding rates are not provided, but these grants typically cover a percentage of eligible costs.
Eligible costs generally include: personnel costs (including volunteers and staff based on time/deliverables), subcontracting, travel and subsistence, equipment, other goods, works, and services, financial support to third parties, and indirect costs.
Ineligible costs are not explicitly detailed but are subject to the Model Grant Agreement (MGA) and EU Financial Regulation.
Co-financing or matching fund percentages are not specified in the provided information.
Financial reporting and audit requirements are implied by the general EU grant framework, including adherence to the EU Financial Regulation and the Annotated Model Grant Agreement.

Eligibility Requirements

Organizational Type and Structure

Eligible entities include hospitals, healthcare providers, regional and/or national cluster associations of hospitals and healthcare providers (e.g., national healthcare systems, associations of hospitals, healthcare practitioners), and cybersecurity service providers.
'Cluster associations' are defined as any legally established group of hospitals and healthcare providers, such as regions and professional associations established in one or more Member States.

Geographic Requirements

Eligible countries are the 27 EU Member States, Iceland, and Norway. This is inferred from information on the National Cybersecurity Coordination Centres (NCCs) which are available in these countries for support, and the requirement for pilot projects to be demonstrated in at least two different Member States.

Consortium Requirements

Formation of a consortium is required, bringing together healthcare stakeholders and cybersecurity service providers.

Capacity and Legal Requirements

Applicants must demonstrate financial and operational capacity to carry out the proposed project, as described in section 7 of the main call document.
Compliance with rules for Legal Entity Validation, LEAR (Legal Entity Appointed Representative) Appointment, and Financial Capacity Assessment is mandatory.
Applicants must not be subject to any exclusion grounds under the EU Financial Regulation 2018/1046.
All applicants must provide explicit consent for their participation and the content of the proposal.

Application Process

Application Deadlines and Submission

The application period opens on June 12, 2025.
The final submission deadline is 2025-10-07 00:00:00+0000.
Applications must be submitted online via the EU Funding & Tenders Portal's Electronic Submission Service.

Required Documentation and Materials

Part A: Contains structured administrative information, filled out directly in the Portal Submission System screens.
Part B: A narrative technical description of the project, uploaded as a PDF. The template is available in the Submission System. The normal page limit for Part B is 70 pages. Content must be concise, and excess pages will be disregarded.
Annexes: Supporting documents can be provided as annexes and do not count towards the Part B page limit. These may include a detailed budget table/calculator, CVs, annual activity reports, and a mandatory list of previous projects (for the last 4 years), if required by the call document. Other special annexes may also be required.

Submission Process

The application form (Part A and Part B) must be prepared by the consortium and submitted by a representative.
Upon submission, a confirmation will be received.
All communication related to the application will be conducted through the Funding & Tenders Portal electronic exchange system.

Application Assistance Availability

For guidance and support, applicants are recommended to first contact the National Cybersecurity Coordination Centres (NCC) in their country (available in the 27 EU Member States, Iceland, and Norway).
The ECCC Applicants Direct Contact Centre can be reached at [email protected].
Additional resources include the Funding & Tenders Portal FAQ (for proposal submission), IT Helpdesk (for technical issues), and the Online Manual (step-by-step guide).

Evaluation Criteria

Applications will be evaluated based on criteria described in section 9 of the main call document. The general criteria for DEP Action Grants (as outlined in the application form template) typically include: Relevance

How well the proposed action plan aligns with the objectives and activities described in the call, specifically its contribution to strengthening healthcare cybersecurity.
Its contribution to the overall Digital Europe Programme objectives.
How it contributes to long-term policy objectives and relevant strategies, addressing needs at European and national levels (e.g., EU action plan on cybersecurity in healthcare, NIS 2 Directive compliance).
The extent to which it reinforces and secures the digital technology supply chain in the EU (if applicable).
Its ability to overcome financial obstacles, such as lack of market finance (if applicable).

Implementation

The maturity of the action plan, including preparedness and readiness to start activities.
Soundness of the implementation work plan, coherence between objectives, activities, resources, and project management.
Measures for ensuring high quality, timely completion, and effective monitoring and evaluation (using specific, measurable, achievable, relevant, time-bound indicators).
Cost-effectiveness and sound financial management.
Identification of critical risks and a robust risk management strategy, including mitigating measures and likelihood/impact assessment.
Capacity of the consortium to carry out the work, demonstrating necessary expertise, complementary roles, and adequate resources for each participant.
Clarity of project teams, staff roles, and how outside resources (subcontracting, seconded staff) will be obtained if needed.
Effectiveness of consortium management structures and decision-making mechanisms.

Impact

The extent to which the action plan will achieve expected outcomes, such as improved detection and response capabilities for healthcare institutions, minimized impact of cyberattacks (particularly ransomware), and maintained operational continuity.
The effectiveness of dissemination and communication activities to promote results, maximize impact, and ensure visibility of EU funding.
How the action plan strengthens competitiveness and brings important benefits for society.
Contribution to environmental sustainability and European Green Deal goals (if applicable).

Compliance & Special Requirements

Regulatory Compliance

Projects must contribute to healthcare institutions complying with the NIS 2 Directive.
Compliance with all applicable EU/national legal and ethical requirements of the countries where tasks are carried out is mandatory. Activities performed in non-EU countries must also be allowed in at least one EU Member State.

Data Protection and Privacy

Projects involving the processing of personal data require a detailed ethics self-assessment, addressing aspects such as: processing previously collected data, export/import of data from/to non-EU countries, and processing data related to criminal convictions or offenses.

Ethical Standards

A comprehensive ethics self-assessment is required for any relevant ethics issues, which may include aspects related to: human embryonic stem cells/human embryos, human participants (interventions, clinical studies), human cells/tissues, animals, activities in non-EU countries (potential ethics issues, use/import/export of local resources), environment/health/safety impacts, and the development/deployment/use of Artificial Intelligence-based systems.

Security Requirements

Projects must assess and address security issues, including those related to: EU Classified Information (EUCI), potential for misuse of results, and information/materials subject to national security restrictions.
Beneficiaries must ensure that their projects are not subject to national/third country security requirements that could affect implementation or the grant award.

Risk Management

Applicants must describe critical risks, uncertainties, or difficulties related to implementation, along with a strategy for addressing them. This includes assessing the impact and likelihood of each risk.

Double Funding

There is a strict prohibition of double funding from the EU budget for the same action plan, either in whole or in part. Applicants must confirm that their proposal has not benefited from, nor is submitted for, any other EU grant.

Grant Details