Grants8 | The most comprehensive grants search on the web

Grant Analysis

Purpose & Target

Core objective: Facilitate the secure transition to post-quantum Public Key Infrastructures (PKIs) by integrating new cryptographic algorithms and developing efficient migration strategies for strong business continuity. - Target recipients: Actors across the PKI ecosystem, including Certificate Authorities (CAs), intermediate CAs, researchers, end-users in various domains, and technology vendors. - This is a SECTOR-SPECIFIC grant. - Geographic scope: EU Member States, Iceland, and Norway. - Key filtering criteria: Focus on post-quantum cryptography in PKIs, cybersecurity expertise, and willingness to participate in a consortium. - Grant frequency: Part of a recurring call series (DIGITAL-ECCC-2025-DEPLOY-CYBER-08).

Financial Structure

Total budget for this specific topic (DIGITAL-ECCC-2025-DEPLOY-CYBER-08-PUBLICPQC) is 15,000,000 EUR.
Currency: EUR.
Eligible costs typically include personnel costs, subcontracting, travel and subsistence, equipment, and other goods/services.
Indirect costs are also covered.
No explicit minimum or maximum grant amount per project is specified.
No specific funding rate or co-financing percentage is provided in the general information.
Financial management arrangements must be described in the application to ensure cost-effectiveness and proper allocation of resources.
Strict prohibition of double funding from the EU budget (except under EU Synergies actions).

Eligibility Requirements

Organization Type

Diverse range of actors in the PKI ecosystem: Certificate Authorities (CAs), intermediate CAs, researchers, end-users (from various domains like governmental services, telecom, banking, smart homes, e-Health, automotive), and technology vendors.
Consortium requirement: Effective consortia are expected, comprising a diverse range of actors along the entire PKI chain.

Geographic Location

Organizations must be from EU Member States, Iceland, or Norway.
Non-EU entities: Participation of non-EU entities is restricted due to security concerns regarding sensitive information, as per Article 12(5) of Regulation (EU) 2021/694.

Technical Expertise

Expertise in areas such as software development, hardware implementation, cryptographic research, standardization, policy, and application deployment.
Ability to provide user case studies and real-world applications.

General Conditions

Applicants must confirm full compliance with eligibility criteria outlined in the call document.
Must not be subject to any exclusion grounds under EU Financial Regulation 2018/1046.
Must have the financial and operational capacity to carry out the proposed project.

Application Process

Application Timeline

Application submission window: Opens 2025-06-12.
Application deadline: 2025-10-07 00:00:00+00.

Application Materials

Part A: Structured administrative information, filled directly in the Funding & Tenders Portal Submission System.
Part B: Narrative technical description of the project, uploaded as a PDF.
Annexes: Supporting documents such as CVs, a list of previous projects (mandatory if required in call), and potentially other specific annexes (mandatory if required).
Page limit for Part B: Normally up to 70 pages, but applicants are advised to keep text concise. Excess pages will be disregarded.
Minimum font size: Arial 9 points.
Page size: A4 with at least 15mm margins.

Submission Process

Applications must be submitted via the EU Funding & Tenders Portal.
Prepared by the consortium and submitted by a representative.
Confirmation received upon submission.
Access to existing draft proposals via 'My Proposals' page in 'My Area'.

Post-Submission Requirements

If selected for funding, all applicants will be required to sign a declaration of honour.
Progress tracking: Milestones and deliverables should be defined, with a limit of 10-15 major deliverables for the entire project.
Reporting: Regular reporting on project progress is expected.

Application Support

Guidance and support available from National Cybersecurity Coordination Centres (NCC) in applicant's country.
Direct contact available via ECCC Applicants Direct Contact Centre ([email protected]).
IT Helpdesk for technical issues (passwords, access rights, submission).
Online Manual provides a step-by-step guide for proposal preparation and evaluation.

Evaluation Criteria

Relevance

Objectives and activities: How well the action plan aligns with the grant's objectives (effective PQC integration in PKIs, migration strategies, business continuity) and the broader Digital Europe Programme objectives.
Contribution to long-term policy objectives: How the project contributes to the call's domain objectives and relevant policies, based on a sound needs analysis.
Digital technology supply chain: Extent to which the action plan reinforces and secures the digital technology supply chain in the EU (if applicable to the topic).
Financial obstacles: Ability of the action plan to overcome financial obstacles like lack of market finance (if applicable to the topic).

Implementation Quality

Maturity: State of preparation and readiness to start implementing proposed activities.
Implementation plan: Soundness of the work plan, coherence between objectives, activities, resources, and project management processes. Integration with and building upon pre-existing work or EU-funded projects.
Project management: Quality assurance measures, monitoring, planning, and control activities.
Cost effectiveness: Measures to ensure cost-effective achievement of results and objectives.
Critical risks: Identification of risks and a robust risk management strategy.

Capacity to Carry Out Work

Consortium cooperation: Effectiveness of collaboration and division of roles among participants (Beneficiaries, Affiliated Entities, Associated Partners). How expertise is combined and complemented.
Project teams and staff: Adequacy of project teams, staff functions, profiles, tasks, and expertise.
External resources: How any missing skills/resources (subcontracting, seconded staff) will be acquired.
Consortium management: Clarity of management structures and decision-making mechanisms.

Impact

Expected outcomes and deliverables: Extent to which the action plan achieves the expected impacts outlined in the call document (e.g., new combiners, evaluation results, open-source libraries, clear procedures, awareness activities).
Dissemination and communication: Effectiveness of plans to promote activities/results, maximize impact, and ensure EU funding visibility.
Competitiveness and societal benefits: How the action plan strengthens competitiveness and provides important benefits for society.
Environmental sustainability: Contribution to environmental sustainability and European Green Deal goals (if applicable to the topic).

Compliance & Special Requirements

Regulatory Compliance

Compliance with EU Financial Regulation 2018/1046 is mandatory.
Projects must adhere to ethical principles and relevant national/EU legislation in countries where tasks are carried out.
Activities performed in non-EU countries should also be permissible in at least one EU Member State.

Data Protection and Privacy

Projects involving processing of personal data must detail compliance measures.
Specific attention to processing personal data related to criminal convictions or offences.
If personal data is exported from EU to non-EU countries or imported/transferred between non-EU countries, this must be addressed.

Ethical Standards

A detailed ethics self-assessment is required if any ethics issues apply (e.g., human participants, human embryonic stem cells, human embryos, human cells/tissues, personal data, animals, activities in non-EU countries, environmental impact, AI development/use).

Security Requirements

Projects must address security issues, including potential involvement of EU Classified Information (EUCI) or national security restrictions.
Potential for misuse of project results must be assessed and mitigated.
The grant explicitly states restrictions on non-EU entities participation due to the risk of sensitive information disclosure, making the topic subject to Article 12(5) of Regulation (EU) 2021/694. Beneficiaries must ensure projects are not subject to national/third-country security requirements that could affect implementation or grant award.

Special Considerations for PQC Transition

Proposals must safeguard compatibility with existing legacy systems, aiming for PKIs that support both pre-quantum and post-quantum cryptography.
Proposed systems should seamlessly interact with legacy systems, allowing PQC components to be disabled while preventing downgrade attacks.
Combinations of PQC and established pre-quantum solutions are required to ensure strongest-link security.
Development of clear procedures to guide stakeholders through the transition process is essential.
Consideration of key, signature, and ciphertext sizes, as well as performance, communication, computational, and storage overhead, and hardware optimization requirements.

Grant Details