Open topic for improved preparedness for, response to and recovery from large-scale disruptions of critical infrastructures

GRANT PURPOSE AND TARGET

• Core Objective: To fund innovative solutions and address new challenges to increase the resilience of European critical infrastructure against large-scale disruptions, including natural hazards, human actions, and cyberattacks. The grant supports the development, testing, and validation of new tools and methodologies to improve preparedness, response, and recovery.
• Funding Organization: European Commission, under the Horizon Europe programme.
• Target Recipients: This grant is open to any legal entity, but consortia must include specific practitioners such as critical infrastructure operators (public or private), authorities responsible for critical infrastructure resilience, civil protection authorities, and law enforcement agencies or private security companies. The engagement of SMEs is also encouraged.
• Sector Focus: This is a SECTOR-AGNOSTIC call for applicants, but projects must focus on enhancing the resilience of critical infrastructure sectors. These include, but are not limited to, Energy, Transport, Banking, Financial Market Infrastructure, Health, Drinking & Waste Water, Digital Infrastructure, Public Administration, Space, and Food Production/Distribution.
• Geographic Scope: Applicants must be from EU Member States or countries associated with the Horizon Europe programme.
• Key Filtering Criteria:
  • Project Scale: The expected EU contribution is around €5 million per project.
  • Consortium: A consortium is required, including at least 3 practitioner organizations from 3 different eligible countries.
  • Technology Readiness Level (TRL): Projects are expected to start at a level allowing them to achieve TRL 6-7 by completion.
  • Financial Support to Third Parties (FSTP): Proposals must include a plan to allocate 10-30% of their budget to fund third-party practitioners and SMEs.

FINANCIAL STRUCTURE

Funding Range

• Indicative Project Budget: The Commission expects proposals to request around €5,000,000.
• Minimum Funding: €5,000,000
• Maximum Funding: €5,000,000
• Total Call Budget: €15,000,000, expected to fund approximately 3 projects.

Co-financing

• Funding Rate: This is an Innovation Action (IA). The funding rate is:
  • 70% of total eligible costs for for-profit legal entities.
  • Up to 100% of total eligible costs for non-profit legal entities.
• The remaining costs must be covered by the applicants' own resources.

Eligible Costs

• Direct Costs:
  • Personnel costs: Costs for employees, SME owners without a salary, and natural persons with a direct contract.
  • Subcontracting costs: Must be justified and awarded based on best value for money.
  • Purchase costs: Travel, accommodation, subsistence, equipment (normally as depreciation, full cost in exceptional cases), and other goods, works, and services.
  • Financial Support to Third Parties (FSTP): Between 10% and 30% of the requested EU funding must be allocated for providing financial support to third parties.
• Indirect Costs: A flat rate of 25% of the total eligible direct costs is applied. This excludes subcontracting costs, financial support to third parties, and costs already including an indirect cost component.

Ineligible Costs

• Costs that do not comply with the eligibility conditions.
• Debt and debt service charges, provisions for future losses, interest owed, currency exchange losses.
• Deductible or refundable Value Added Tax (VAT).

Payment & Reporting

• Payments are managed through a coordinator and include an initial pre-financing, potential interim payments, and a final payment of the balance.
• A contribution of 5% of the maximum grant amount will be retained from the pre-financing for the Mutual Insurance Mechanism (MIM) and released at the end of the project.

ELIGIBILITY REQUIREMENTS

Formal Criteria

• Consortium Composition: Applications must be submitted by a consortium of at least three independent legal entities, each established in a different EU Member State or Associated Country. At least one of these entities must be established in an EU Member State.
• Practitioner Involvement: This topic has an additional requirement for the consortium to include at least 3 relevant practitioner organizations as beneficiaries, from at least 3 different EU Member States or Associated Countries. These practitioners must be one of the following types:
  • Critical infrastructure operator.
  • Authority responsible for critical infrastructure resilience.
  • Civil protection authority.
  • Law enforcement or a private company providing security for critical infrastructure.

Organizational Status

• Eligible Applicants: Any legal entity, regardless of its place of establishment, is eligible to participate, provided it adheres to the consortium and country-specific rules. This includes universities, research organisations, public bodies, SMEs, and large enterprises.
• Gender Equality Plan (GEP): Public bodies, research organisations, and higher education establishments from EU Member States and Associated Countries must have a Gender Equality Plan in place to be eligible.

Technical Expertise

• The consortium as a whole must demonstrate the necessary operational and technical capacity to carry out the proposed project. The involvement of specified practitioner types is non-negotiable and their role and expertise must be clearly justified.

Exclusion Criteria

• Geographic Exclusions: Legal entities established in Russia, Belarus, or non-government controlled territories of Ukraine are not eligible to participate in any capacity.
• EU Restrictive Measures: Entities subject to EU sanctions are not eligible to participate.
• Innovation Action Restriction: As this is an 'Innovation Action', legal entities established in China are not eligible to participate in any capacity (including as beneficiaries, subcontractors, or partners).
• High-Risk Suppliers: The topic is 'subject to restrictions for the protection of European communication networks'. Therefore, entities assessed as 'high-risk suppliers' of mobile network communication equipment are not eligible to participate.
• Hungary Public Interest Trusts: Following Council Implementing Decision (EU) 2022/2506, Hungarian public interest trusts established under Hungarian Act IX of 2021 (and entities they maintain) are not eligible for funding.

APPLICATION PRACTICAL INFORMATION

Deadlines

• Submission Deadline: 12 November 2025, 17:00:00 Brussels time (CET).
• Evaluation Outcome: Approximately 5 months after the submission deadline.
• Grant Agreement Signature: Approximately 8 months after the submission deadline.

Required Documents

• Standard Application Form, submitted electronically via the portal, which includes:
  • Part A: Administrative information about the applicants and budget summary.
  • Part B: A detailed technical description of the project.
• Annex: Applicants must complete and submit the 'Information about security practitioners' table to detail the involvement of the required practitioner organizations.

Application Process

• This is a single-stage call for proposals.
• Submissions must be made electronically through the EU Funding & Tenders Portal.
• Applicants must use the forms provided within the submission system.

Support

• Financial Support: The grant provides funding as an Innovation Action.
• Financial Support to Third Parties (FSTP): Projects must provide cascade funding to external practitioners and SMEs. The maximum amount per third party is €200,000 for activities like testing and validation.
• Guidance: Applicants can receive support from their National Contact Points (NCPs), the Enterprise Europe Network (EEN), and various helpdesks listed on the portal.

Post-Award Obligations

• Reporting: Beneficiaries are required to submit periodic technical and financial reports.
• Mid-term Assessment: A specific mid-term deliverable is required, consisting of an assessment of project outcomes performed by the practitioners involved.
• Coordination: Successful proposals are expected to coordinate with each other and with projects funded under the topic HORIZON-CL3-2025-INFRA-01-02 to avoid duplication and enhance impact.

EVALUATION CRITERIA

Proposals will be evaluated based on the standard criteria for Horizon Europe Innovation Actions. The 'Impact' criterion will be weighted 1.5 times higher than 'Excellence' and 'Quality and efficiency of the implementation'. The evaluation threshold is 3/5 for each criterion and 10/15 overall.

Scoring Factors

• Excellence (Threshold: 3/5):

  • Clarity and pertinence of the project’s objectives.
  • Ambition of the proposed work and the extent to which it goes beyond the state-of-the-art.
  • Soundness of the proposed methodology, including inter-disciplinary approaches, consideration of the gender dimension, and the quality of open science practices.

• Impact (Threshold: 3/5, Weight: 1.5):

  • Credibility of the pathways to achieve the expected outcomes and impacts specified in the work programme.
  • The likely scale and significance of the project's contributions to making critical infrastructure more resilient.
  • Suitability and quality of the measures to maximise impact, as detailed in the dissemination and exploitation plan.

• Quality and Efficiency of the Implementation (Threshold: 3/5):

  • Quality and effectiveness of the work plan, including the appropriateness of effort assigned to work packages and overall resources.
  • Assessment of risks and proposed mitigation measures.
  • Capacity of each participant and the extent to which the consortium as a whole brings together the necessary expertise.

Innovation & Impact

Projects are expected to develop innovative solutions that directly contribute to the following outcomes:
* Increased resilience of critical infrastructure to a wide range of threats.
* Improved mapping of interdependencies for better crisis management.
* Better monitoring, risk assessment, and security tools for operators and authorities.
* Enhanced post-incident investigation capabilities.
* Development of effective digital tools for stress testing and training curricula for practitioners.

Project Quality

• The methodology must be sound, and the work plan must be clear, effective, and well-resourced.
• Proposals must convincingly explain how they will carry out demonstrations, testing, or validation of the developed tools and solutions in an operational environment, involving the required practitioners.
• A mid-term deliverable is required, consisting of an assessment of the project's progress performed by the practitioners involved.

Strategic Fit

• Proposals should address new challenges not covered by the Horizon Europe 'Resilient Infrastructure' calls of 2023 and 2024.
• Projects must demonstrate how they build upon, and do not duplicate, outcomes from the 2021-2022 calls.
• The proposal should align with key EU policies, including the CER Directive, NIS2 Directive, Security Union Strategy, and EU Adaptation Strategy.

Cross-cutting Themes

• Gender Dimension: Integration of sex and gender analysis is required only if relevant to the project's objectives. Applicants must justify their approach. A Gender Equality Plan (GEP) is mandatory for certain types of organizations.
• Tie-breaker: For proposals with the same score, gender balance among leading researchers, followed by geographic diversity, can be used as prioritisation factors.

COMPLIANCE AND SPECIAL REQUIREMENTS

Regulatory Compliance

• Ethics: Projects must adhere to the highest ethical standards and comply with all applicable EU, international, and national laws on ethical principles.
• Security: This is a security-sensitive topic. Activities may involve handling EU Classified Information (EUCI) or other sensitive information. Proposals will undergo a security appraisal, and projects may be subject to specific security requirements, which will become contractual obligations.
• Data Protection: All processing of personal data must comply with GDPR (Regulation (EU) 2016/679).

IP Policy

• Ownership: Results generated by the project are owned by the beneficiaries who generate them. The EU does not claim ownership.
• Rights of Use: The EU is granted a royalty-free, non-exclusive, and irrevocable licence to use project materials and non-sensitive information for policy, communication, and dissemination purposes.
• Open Science: Beneficiaries must manage research data responsibly according to FAIR principles ('Findable', 'Accessible', 'Interoperable', 'Reusable') and provide open access to scientific publications.

Unique Aspects

• Open Topic Nature: Proposals are explicitly invited to address new and emerging challenges to critical infrastructure resilience, avoiding topics covered in recent calls (2023-2024).
• Mandatory Financial Support to Third Parties (FSTP): A significant portion (10-30%) of the project's funding must be dedicated to 'cascade funding' for external SMEs and practitioners to conduct complementary assessments or testing activities.
• Satellite Data: If projects use satellite-based data (for earth observation, navigation, etc.), they must use Copernicus and/or Galileo/EGNOS services. Other data sources can be used in addition.
• Post-Project Coordination: Coordination with other funded projects is a requirement to maximize overall impact.

Industry-Specific Rules

• Projects must consider and align with sector-specific regulations relevant to the critical infrastructure they address. This includes but is not limited to the CER Directive (EU/2022/2557) on the resilience of critical entities and the NIS2 Directive (EU/2022/2555) on cybersecurity.