Européen
EUDOROS Open Call 2
EUDOROS Open Call #2 aims to fund cybersecurity preparedness projects across the EU. It aims to fund circa 35 entities.
It primarily targets entities that can benefit from receiving cybersecurity preparedness services, Cybersecurity Services Recipients (CSRs). These entities are to invest in increasing their cybersecurity preparedness in the short term and plan to retain or improve their heightened preparedness levels in the long term.
There are two classes for entities that EUDOROS Open Call #2 invites to apply for the purpose of improving their cybersecurity preparedness:
Priority CSRs: Medium and large entities and central government entities irrespective of size. In other words, an entity with 50+ employees (Annual Work Units) OR EUR 10+ million turnover or EUR 10+ million annual balance sheet total can be declared as a priority CSR. Both commercial and non-commercial entities including NGOs and local governmental organisations exceeding any of the three limits can be considered priority CSRs. Additionally, governmental organisations can be considered priority CSRs irrespective of their size.
Other (non-priority) CSRs: All other CSRs.
There are certain features of applications that will make proposals particularly relevant to the open call:
– Use of the EUDOROS cyber range training to increase cybersecurity preparedness among staff (including cybersecurity hygiene)
– Use of the EUDOROS risk analysis service to establish an understanding of exposure to cybersecurity threats
– Use of the EUDOROS threat monitoring service to monitor IT systems of high-criticality
– Use of the EUDOROS security testing service to assess the current resilience level at baseline and estimate improvement after corrective actions
– Use of the EUDOROS information sharing service to share cyberthreat intelligence data
– Inclusion of essential and/or important entities from at least two different countries and the definition of cross-border security testing scenarios
– Inclusion of essential and/or important entities from at least two different sectors and the definition of cross-sector security testing scenarios
– Demonstration of capabilities (e.g. experienced IT staff) and plan to ensure a long-term maintenance of the improved cybersecurity preparedness
There are two application streams:
• Priority Stream: Applications in this stream are submitted either
• by 2 to 4 eligible co-applicants where at least one is a priority cybersecurity services recipient, one is a cybersecurity services provider, and the remaining entities, if any, are cybersecurity services recipients.
• by 5 eligible co-applicants where at least one is a priority cybersecurity services recipient, one or two are cybersecurity services providers, and the remaining entities, if any, are cybersecurity services recipients.
• General Stream: Applications in this stream are submitted by 2 to 5 eligible co-applicants, where 1 to 4 are non-priority (other) cybersecurity services recipients and 1 is a cybersecurity services provider.
All participating entities will receive 50% of the estimated
costs on a lump sum basis. The maximum EU contribution that may be requested for a EUDOROS Open Call #2 project depends on the stream, the number of priority CSRs and the number of different CSR countries covered:
– from EUR 184,000 for the General Stream
– to up to EUR 460,000 for the Priority Stream
All entities must be established in EU Member States to be eligible. Only consortia can apply, ideally with cybersecurity recipients from different countries, able to demonstrate cross-border interactions between their key digital assets.
Entities applying to the EUDOROS Open Call should have a level of cybersecurity expertise in-house. Additionally, there must either be a Cybersecurity Services Provider (or possibly two in the case of five co-applicants in the priority stream) in each proposal that can support the consortium’s efforts in increasing its members’ cybersecurity preparedness and also support knowledge sharing. If properly justified, an entity may play the role of both a Cybersecurity Services Provider and a Cybersecurity Services Recipient.

