Open topic for role of the human factor for the resilience of critical infrastructures

Grant Purpose and Target

• Core Objective: This grant aims to enhance the resilience of Europe's critical infrastructures against a range of threats, including natural hazards and cyber-attacks, by developing innovative solutions and strengthening capabilities that focus specifically on the human factor.
• Funding Organization: European Commission, through the Horizon Europe programme.
• Target Recipients: Consortia of public and private entities, including research organisations, universities, critical infrastructure operators, public authorities (national, regional, civil protection), law enforcement, and private security companies.
• Sector Focus: SECTOR-SPECIFIC. The grant targets the 11 critical sectors defined in the EU Resilience of Critical Entities (CER) Directive: Energy, Transport, Banking, Financial Market Infrastructure, Health, Drinking Water, Waste Water, Digital Infrastructure, Public Administration, Space, and Food production, processing, and distribution.
• Geographic Scope: Applicants must be from EU Member States or Horizon Europe Associated Countries. The mandatory consortium must include entities from at least three different eligible countries.
• Key Filtering Criteria:
  • Project Type: Research and Innovation Action (RIA).
  • Technology Readiness Level (TRL): Projects are expected to achieve TRL 5 by completion.
  • Consortium: A multi-partner consortium including specific types of practitioners is mandatory.
  • Core Focus: Proposals must explicitly address the 'human factor' in the context of critical infrastructure resilience.

Financial Structure

• Funding Range: The European Commission expects to fund projects with a contribution of around EUR 3.50 million each. The total indicative budget for this topic is EUR 7.00 million, intended to fund approximately two projects.

• Co-financing:

  • Funding Rate: As a Research and Innovation Action (RIA), projects are funded at a rate of 100% of total eligible costs.
  • Indirect Costs: A 25% flat-rate of the total eligible direct costs is provided to cover overheads. This flat-rate does not apply to subcontracting costs or financial support to third parties.

• Eligible Costs:

  • Direct Costs: Costs that are directly linked to the project and necessary for its implementation. These include personnel costs, subcontracting, travel and subsistence, equipment (depreciation or full cost depending on rules), and other goods, works, and services.
  • Indirect Costs: Overheads such as administration, office supplies, and utility costs are covered by the 25% flat-rate.

• Ineligible Costs: Costs that do not comply with the eligibility conditions, such as costs not directly related to the project, VAT (for most entities), and costs incurred outside the project duration. A full list is available in the Annotated Model Grant Agreement (AGA).

• Payment & Reporting: The grant is paid in several instalments:

  • An initial pre-financing payment is made at the start of the project.
  • Interim payments are disbursed based on the eligible costs claimed in periodic reports.
  • A final payment of the balance is made after the project's completion and the approval of the final report.

Eligibility Requirements

• Formal Criteria:

  • Consortium Composition: A consortium must consist of at least three independent legal entities from three different countries. At least one entity must be from an EU Member State, and at least two others must be from two different EU Member States or Associated Countries.
  • Practitioner Involvement: The consortium must include as beneficiaries at least 3 relevant practitioners from at least 3 different EU Member States or Associated Countries. A specific 'Information about security practitioners' annex must be completed.
  • Submission: Applications must be submitted electronically via the EU Funding & Tenders Portal before the deadline.

• Organizational Status:

  • The call is open to any legal entity (public bodies, private for-profit companies, research organisations, universities, NGOs) established in an eligible country.
  • Mandatory Practitioners: These can be critical infrastructure operators, national or regional authorities responsible for critical infrastructure resilience, civil protection authorities, law enforcement agencies, or private companies delivering security for critical infrastructure.
  • Gender Equality Plan: Public bodies, research organisations, and higher education establishments (from EU Member States and Associated Countries) are required to have a Gender Equality Plan in place to be eligible.

• Technical Expertise:

  • A multi-disciplinary team is required to address both technological and societal dimensions of the challenge.
  • SSH Integration: Proposals must demonstrate an effective and meaningful contribution from Social Sciences and Humanities (SSH) disciplines and experts.
  • Expertise in infrastructure resilience, human factors, risk assessment, and security (both physical and cyber) relevant to the project's scope is implicitly necessary.

• Exclusion Criteria:

  • Standard Horizon Europe exclusion criteria apply (e.g., bankruptcy, grave professional misconduct, fraud).
  • Entities established in Russia, Belarus, or non-government controlled territories of Ukraine are not eligible to participate in any capacity.
  • The topic is subject to 'restrictions for the protection of European communication networks', which may exclude certain entities assessed as 'high-risk suppliers' from participating.

Application Practical Information

• Deadlines:

  • Call Opening: 12 June 2025.
  • Submission Deadline: 12 November 2025 at 17:00:00 Brussels time (CET).
  • Evaluation Outcome: Applicants will be informed of the evaluation results approximately 5 months after the submission deadline.
  • Grant Signature: Grant agreements are expected to be signed approximately 8 months after the submission deadline.

• Required Documents:

  • Application Form (Part A): Contains administrative data about the participants and the budget summary, filled in directly on the portal.
  • Application Form (Part B): The technical description of the project, uploaded as a PDF.
  • Practitioner Annex: The 'Information on Security Practitioners' template must be completed and included in the application.

• Application Process:

  • Proposals must be submitted electronically through the EU Funding & Tenders Portal.
  • This topic follows a single-stage submission and evaluation procedure.

• Support:

  • The grant provides financial support for research and innovation activities.
  • Applicants can receive guidance and assistance from their country's National Contact Points (NCPs), the Enterprise Europe Network (EEN), and various portal helpdesks (IT, IPR).

• Post-Award Obligations:

  • Reporting: Beneficiaries must submit periodic technical and financial reports throughout the project's duration.
  • Mid-term Assessment: A specific mid-term deliverable is required, consisting of an assessment of the project's outcomes performed by the practitioners involved in the consortium.
  • Coordination: Successful proposals are expected to establish coordination and synergy-building activities with other funded projects from this topic and related areas to enhance impact and avoid duplication.

Evaluation Criteria

Proposals are assessed against three criteria, each scored from 0 to 5. A minimum score of 3 is required for each criterion, and an overall score of at least 10 is needed for the proposal to be considered for funding.

• Scoring Factors:

  • Excellence: Score threshold: 3/5.
  • Impact: Score threshold: 3/5.
  • Quality and Efficiency of the Implementation: Score threshold: 3/5.

• Innovation & Impact:

  • Excellence: Evaluators assess the clarity, pertinence, and ambition of the project's objectives, and the extent to which the proposed work goes beyond the state-of-the-art. The soundness of the methodology, including inter-disciplinary approaches, consideration of the gender dimension, and the quality of open science practices, is crucial.
  • Impact: The proposal must present a credible pathway to achieve the expected outcomes and impacts specified in the work programme. Key expected outcomes include: more resilient critical infrastructure, a better understanding of the human factor for resilience, improved risk and threat assessment, enhanced post-incident investigation capabilities, effective tackling of insider threats, and the development of training curricula. The suitability and quality of the dissemination and exploitation plan are also evaluated.

• Project Quality:

  • Implementation: This criterion covers the quality and effectiveness of the work plan, the assessment of risks, and the appropriateness of the effort and resources assigned to work packages.
  • Consortium Capacity: The capacity and role of each participant are scrutinized, along with the extent to which the consortium as a whole brings together the necessary expertise to complete the project successfully.

• Strategic Fit:

  • Projects must demonstrate clear alignment with the objectives of the 'Resilient Infrastructure' destination within the 'Civil Security for Society' cluster.
  • Proposals should support key EU policies and strategies, such as the CER and NIS2 Directives, the Security Union Strategy, and the EU Counter-Terrorism Agenda.

• Cross-cutting Themes:

  • SSH Integration: The 'effective contribution of SSH disciplines' is a mandatory requirement and will be thoroughly evaluated.
  • Gender Dimension: The integration of sex and/or gender analysis into the research and innovation content is required by default and is assessed under the Excellence criterion. A justification must be provided if it's not considered relevant.
  • Open Science: The quality of open science practices, including the management and sharing of research outputs, is evaluated as part of the methodology.

Compliance and Special Requirements

• Regulatory Compliance:

  • Projects are expected to support and align with key EU legislation and strategies, particularly the Directive on the Resilience of Critical Entities (CER) and the NIS2 Directive on cybersecurity.
  • Use of EU Space Data: If projects utilize satellite-based earth observation, positioning, navigation, or timing data, they must make use of Copernicus and/or Galileo/EGNOS services. Other data sources may be used in addition.

• IP Policy:

  • Standard Horizon Europe rules on Intellectual Property apply. Results are owned by the beneficiary that generates them.
  • Consortium partners must be granted royalty-free access rights to results needed to carry out their own project work. Access rights for exploitation purposes must be granted under fair and reasonable conditions.
  • In a public emergency, the Commission may require beneficiaries to grant non-exclusive licences to their results to address the emergency, under fair and reasonable conditions.

• Unique Aspects:

  • Security Sensitivity: This topic is flagged as potentially security-sensitive. Activities may involve using classified information (EUCI) or producing sensitive but unclassified results (SEN). Projects will undergo a security appraisal, and specific security obligations may be included in the grant agreement.
  • Open Topic Nature: Being an 'open topic' allows for a broad range of proposals, provided they address new or existing challenges related to the human factor in critical infrastructure resilience.
  • SSH Integration: A meaningful and effective contribution from Social Sciences and Humanities (SSH) is a core, mandatory aspect of the proposal, not an optional extra.

• Industry-Specific Rules: No industry-specific rules are mentioned beyond the regulations and standards that govern the critical infrastructure sectors themselves.