Filter Search for grants
Call key data
Capacity building of Security Operation Centres (SOC)
Estimated EU contribution per project
between € 1,000,000.00 and € 10,000,000.00
Link to the call
Link to the submission
The aim is to improve cybersecurity resilience with faster detection and response to cybersecurity incidents and threats at national and EU level through the establishment of SOCs, leveraging disruptive technologies, and sharing of information leading to increased situational awareness and stronger EU supply chains.
The objective will be to create, support and/or strengthen and interconnect SOCs at regional, national and EU level. This will allow for reinforced capacities to monitor and detect cyber threats, the creation of collective knowledge and sharing of best practices. In addition, data and capacities related to cybersecurity threat intelligence will be brought together from multiple sources (such as CSIRTs and other relevant cybersecurity actors) through cross-border platforms across the EU. The use of state-of the-art AI, machine learning capabilities and common infrastructures will make it possible to more efficiently and more rapidly share and correlate the signals detected, and to create high-quality threat intelligence for national authorities and other stakeholders, thus enabling a fuller situational awareness and a more rapid reaction.
- Supporting existing SOCs or establishing national, regional or sectoral SOCs serving private (SMEs in particular) and/or public organisations with real-time monitoring and analysis of data from public internet network traffic to detect malicious activities and incidents that affect the resilience of network and information systems;
- Strengthening SOCs by leveraging state of the art Artificial Intelligence (including Machine Learning techniques) and computing power to improve the detection of malicious activities, and dynamically learning about the changing threat landscape;
- Supporting information sharing among public authorities (including competent authorities and CSIRTs under the NIS Directive), as well as with other SOCs (e.g. operated by private entities), facilitated through appropriate sharing agreements, while complying with all obligations related to privacy and personal data protection;
- Developing and deploying appropriate tools, platforms and infrastructures to securely share and analyse large data sets among SOCs. Where possible and appropriate, existing building blocks will be re-used, including the results of relevant Connecting Europe Facility and Horizon 2020 projects;
- Supporting the increased availability, quality, usability and interoperability of threat intelligence data among SOCs and relevant entities;
- Identify potential critical dependencies on foreign suppliers and solutions in the area of threat intelligence and develop an EU supply chain on threat intelligence;
- Provide Member States bodies with threat intelligence and situational awareness capabilities helping to anticipate and respond to cyber-attacks, notably in the framework of the Blueprint/CyCLONe and the Joint Cybersecurity Unit;
- Bridge cooperation between various cybersecurity communities, e.g. civilian cybersecurity resilience, law enforcement, defence, taking into account cooperation frameworks such as the Blueprint/CyCLONe and the Joint Cybersecurity Unit.
To achieve this aim, the following activities are foreseen:
- Grants will be made available to enable capacity building, e.g. though the establishment or reinforcing of SOCs serving private or public organisations, leveraging state of the art technology such as artificial intelligence and dynamic learning of the threat landscape
- A call for expression of interest will be launched to select entities in Member Statesthat provide the necessary facilities to host and operate cross-border platforms for pooling data on cybersecurity threat between several Member States (data potentially coming from various sources). The call for expression of interest will also build up the planning and design of necessary tools and infrastructures.
- Building on the call for expression of interest, a joint procurement will be launched to develop and operate capacities for the selected cross-border platforms, including advanced tools and infrastructures to securely share and analyse large data sets and threat intelligence among the selected cross-border platforms (e.g. highly-secure infrastructure or advanced data analytics aimed at significantly improving the ability to analyse large sets of data)
- Several cross-border platform(s) for pooling data on cybersecurity threat between several Member States, equipped with a highly secure infrastructures and advanced data analytics tools;
- World-class SOCs across the Union, strengthened with state of the art technology in areas such as AI;
- Sharing of Threat Intelligence between SOCs, and information sharing agreements with competent authorities and CSIRTs;
- Threat intelligence and situational awareness capabilities supporting strengthened collaboration in the framework of the Blueprint/CyCLONe and the Joint Cybersecurity Unit, as well as with law enforcement and defence.
Regions / countries for funding
Island (Ísland), Liechtenstein, Norway (Norge)
Education and training institution, Non-Profit Organisation (NPO) / Non-Governmental Organisation (NGO), Other, Private institution, incl. private company (private for profit), Public Body (national, regional and local; incl. EGTCs), Research Institution incl. University, Small and medium-sized enterprise (SME)
To be eligible for funding, applicants must be:
- legal entities (public or private bodies)
- established in one of the eligible countries:
- EU Member States (including overseas countries and territories (OCTs))
- EEA countries (Norway, Iceland, Liechtenstein) for all topics
Natural persons are NOT eligible (with the exception of self-employed persons, i.e. sole traders, where the company does not have legal personality separate from that of the natural person).
International organisations — International organisations are not eligible, unless they are International organisations of European Interest within the meaning of Article 2 of the Digital Europe Regulation (i.e. international organisations the majority of whose members are Member States or whose headquarters are in a Member State).
EU bodies — EU bodies (with the exception of the European Commission Joint Research Centre) can NOT be part of the consortium.
other eligibility criteria
Financial support to third parties is allowed under the following conditions:
− the calls must be open, published widely and conform to EU standards concerning transparency, equal treatment, conflict of interest and confidentiality
− the calls must be published on the Funding & Tenders Portal, and on the participants’ websites
− the calls must remain open for at least two months
− if call deadlines are changed this must immediately be published on the Portal and all registered applicants must be informed of the change
− the outcome of the call must be published on the participants’ websites, including a description of the selected projects, award dates, project durations, and final recipient legal names and countries
− the calls must have a clear European dimension.
Your project application must clearly specify why financial support to third parties is needed, how it will be managed and provide a list of the different types of activities for which a third party may receive financial support. The proposal must also clearly describe the results to be obtained.
Relevance for EU Macro-Region
EUSAIR - EU Strategy for the Adriatic and Ionian Region, EUSALP - EU Strategy for the Alpine Space, EUSBSR - EU Strategy for the Baltic Sea Region, EUSDR - EU Strategy for the Danube Region
UN Sustainable Development Goals (UN-SDGs)
Proposals must be submitted electronically via the Funding & Tenders Portal Electronic Submission System (accessible via the Topic page in the Search Funding & Tenders section. Paper submissions are NOT possible.
Proposals must be complete and contain all the requested information and all required annexes and supporting documents:
- Application Form Part A — contains administrative information about the participants (future coordinator, beneficiaries and affiliated entities) and the summarised budget for the project (to be filled in directly online)
- Application Form Part B — contains the technical description of the project (to be downloaded from the Portal Submission System, completed and then assembled and re-uploaded)
- Mandatory annexes and supporting documents (to be uploaded):
- detailed budget table/calculator: not applicable
- CVs of core project team: not applicable
- activity reports of last year: not applicable
- list of previous projects: not applicable
- ownership control declarations
Proposals are limited to maximum 70 pages (Part B).