ExpectedOutcome:
Deliverables:
The objective of this topic is to support European SMEs, with a focus on micro and small enterprises, to strengthen their cybersecurity capacities and to support the implementation of the proposed Regulation on the Cyber Resilience Act (CRA).
Scope:In synergy with other actions launched under this WP which will be developing compliance tools for the CRA, the action should distribute cascade financing grants to European SMEs, with a focus on micro and small enterprises, though remaining open to other stakeholders, to support achieving compliance with requirements and obligations stemming from the CRA.
Applicants are encouraged to identify categories of cascade financing recipients, including at least the following:
For each identified stakeholder category, a dedicated set of activities should be devised taking into consideration the specific needs of target consumers, business users, and other relevant stakeholders.
The proposed project should include actions addressing the following:
Third parties receiving grants should, in particular:
Priority should be given to solutions available to use free of charge or free and open-source software (FOSS) solutions both when setting up the openly available platform and when distributing cascading finance grants.
These activities should be carried out in close coordination, and where possible collaboration, with the European Cybersecurity Competence Centre (ECCC), the Network of National Coordination Centres (NCCs), the European Digital Innovation Hubs (EDIHs) network, other relevant European and National cybersecurity entities, and other projects of this work programme.
The operational involvement of NCCs in implementing and running such actions is strongly recommended.
Indicatively one proposal is expected to be financed via this topic. Proposed projects should foresee at least 75% of the budget to be distributed for cascade financing grants.
This action includes the creation of a central platform that serves as a reference point, and hence will enable interactions between providers of essential services and critical infrastructures, as well as other actors, regarding their cybersecurity measures and possible vulnerabilities. Also third parties receiving funding will engage in solutions for testing, detecting and addressing vulnerabilities. As such information could be exploited by malicious actors, the central entity handling such must be protected against possible dependencies and vulnerabilities in cybersecurity to pre-empt foreign influence and control. As previously noted, participation of non-EU entities entails the risk of highly sensitive information about security infrastructure, risks and incidents being subject to legislation or pressure that obliges those non-EU entities to disclose this information to non-EU governments, with an unpredictable security risk. Therefore, based on the outlined security reasons, the actions relating to these technologies are subject to Article 12(5) of Regulation (EU) 2021/694.