The European Commission announced Thursday it is allocating €145.5 million, or about US$170 million, to help public administrations and small and medium-sized enterprises adopt cybersecurity solutions and apply research-driven innovations. To support this effort, the European Cybersecurity Competence Centre has launched two funding calls. These funds are available through EU calls for proposals, which are competitive funding opportunities that award grants to research institutions, public bodies, NGOs, and private companies working on projects that advance European policy goals.
The first call, part of the Digital Europe Programme, has a €55 million budget. Of this, €30 million is set aside specifically to strengthen cybersecurity in hospitals and healthcare providers. The goal is to help these institutions detect, monitor, and respond to threats like ransomware, improving the resilience of the healthcare system in light of ongoing geopolitical tensions. The initiative also supports the EU’s action plan on cybersecurity in the healthcare sector.
The move responds to the urgent need for continuous cybersecurity monitoring, threat intelligence, and incident response in hospitals and healthcare providers, many of which lack the resources to defend against increasingly sophisticated cyber threats. It will fund pilot projects that bring together key stakeholders, including national or regional hospital clusters, healthcare systems, professional associations, and cybersecurity service providers, to strengthen collective defense capabilities.
The pilot projects will define the state of preparedness of clusters of hospitals and healthcare providers in the European Union, to be able to assess their needs. Based on this analysis, they will prepare an overview of the cybersecurity solutions and resources needed (technologies, services, tools, human resources, training needs, etc.) for hospitals and healthcare providers to meet the scope of the action. These may include, for example, security operation centres offering real-time monitoring, threat detection, and rapid incident response, and advanced cybersecurity tools, such as Security Information and Event Management (SIEM) platforms, threat intelligence, and automated response capabilities, among others.
The pilots will develop technical plans tailored to the needs of representative hospitals and healthcare providers, which will also need to include best implementation recommendations and cost estimates for effective deployment. They will conduct a demo implementation of these technical plans to demonstrate their effectiveness in operations at the stakeholders’ sites, showcasing different use cases for different user groups at small, medium, and large hospitals and healthcare providers, at least in two different Member States.
The pilot projects will serve as demonstration projects and will also provide cybersecurity education and training to the staff of their partner hospitals and healthcare providers, enhancing awareness and ensuring best practices in safeguarding sensitive healthcare information.
Finally, in cooperation with each other, the pilot projects will undertake wide dissemination activities of best practices across the EU, with the specific goal of helping replicate and scale up the pilots’ activities as widely as possible. These pilot projects will support healthcare institutions complying with the NIS 2 Directive.
The Commission also aims to support the operation of the National Coordination Centres (NCCs) and enable them to support the cybersecurity community for the uptake and dissemination of cybersecurity solutions and strengthen cybersecurity capacities. This could also be achieved by using Financial Support for Third Parties (FSTPs).
Based on the financing received in previous years and on the different operational start dates in the Member States, this activity aims to continue providing support for NCCs.
In this regard, it is important to stress that individual NCCs can choose from the list of activities and deliverables included in this topic, depending on their interest and mandate. There is no obligation for NCCs to execute all actions.
The topic also considers providing support for the uptake of EU cybersecurity technologies and products, commercialisation and scale-up of the European cybersecurity start-up/SME ecosystem, in collaboration and complementarity with the European and ongoing national and regional initiatives, such as accelerator and incubation programmes and technology transfer programmes. Such a strategy should also include support for scale-ups, considering the use of public procurement and private investment.
An essential aspect of this action is to create a framework for the emergence of such incubators and accelerators in the Member States, based on best practices and considering the specific needs and requirements arising from EU legislation, such as the Cyber Resilience Act and the NIS 2 Directive.
In addition, this topic could contribute to cybersecurity awareness. It is becoming increasingly important to inform and educate EU citizens on cybersecurity topics in their daily use of digital technologies. Cybersecurity awareness helps individuals and organisations to identify threats and take appropriate action.
By promoting awareness, the likelihood of incidents and data breaches can be reduced. Within this topic, NCCs are encouraged to build upon ongoing initiatives, including for example the ones from the EC and ENISA, to improve the awareness of EU citizens, businesses and organisations about cybersecurity risks and threats and to support Europe-wide actions to increase the number of students in cybersecurity courses, students engaged in cybersecurity research activities and students and young professionals choosing a career in cybersecurity.
Furthermore, European companies are innovative and develop highly competitive products, but the still underdeveloped Digital Single Market confines most of these companies (especially SMEs and start-ups) to their home country. A platform that can open the European market for small and medium-sized enterprises would also act as a springboard into international markets. This platform will ensure the competitiveness of European cybersecurity solutions.
As such, the topic could also support the EU market’s growth in cybersecurity products and services by providing a platform on which European SMEs and start-ups can post their ‘market-ready’ products and solutions and on which businesses, public authorities and private individuals can search for the best solution for their needs, regardless of the country.
The second call, under the Horizon Europe Programme, is backed by approximately €90.5 million. It focuses on advancing generative AI applications in cybersecurity, developing new operational cybersecurity tools and processes, improving privacy-enhancing technologies, and supporting research in post-quantum cryptography.
It also addresses the need to focus on developing innovative frameworks, technologies, tools, processes, and services that reinforce cybersecurity capabilities for operational and technical cybersecurity cooperation, in line with relevant EU policy, with particular focus on NIS2, Cyber Solidarity Act and the EU Cybersecurity Strategy, as well as legal and ethical requirements.
The European Commission stated that proposals must address at least two of the following intended outcomes. These include enhanced situational awareness through advanced cyber threat intelligence frameworks, tools, and services as well as cybersecurity risk assessments of critical supply chains made in the EU. Frameworks, tools, and services for preparedness against cyber and hybrid threats in information and communication technology (ICT) and operational technology (OT), including cybersecurity exercises,
It also included expanded Security Operations Centre/Computer Security Incident Response Teams (SOC/CSIRT) functionality through advanced tools and services for detection, analysis, incident handling including response and reporting as well as remediation. It also covers the development of testing and experimentation facilities for advanced tools and processes for operational cybersecurity, including the creation of digital twins for critical infrastructures and essential and important entities as defined in NIS2; and the development and pilot implementation of cross-sector and/or cross-border cyber crisis management frameworks, services, and tools.
Furthermore, it includes drameworks, services, and tools aimed at mechanisms and processes for enhanced operational cooperation between public sector entities. Extension of the above to essential and important entities as defined in NIS2, would be an advantage.
The European Commission said that the deadline to apply for the first funding call is Oct. 7, while the second funding call closes on Nov. 12. Both calls are managed by the European Cybersecurity Competence Centre.
Last week, telecom ministers from across the European Union formally adopted the EU Cyber Blueprint for cyber crisis management, marking a significant step in how the bloc prepares for and responds to large-scale cybersecurity incidents. The newly endorsed framework provides clear guidance for coordinated detection, response, and recovery efforts across member states in the event of a major cyberattack or digital disruption that could affect critical infrastructure or services across the EU.
