Official call identifier: EUDOROS
Objective of the call
The objective of EUDOROS Open Call #2 is to fund cybersecurity preparedness projects across the EU. The call aims to mobilise private and public organisations and the EU cybersecurity industry to increase cybersecurity preparedness in entities across the EU and promote a culture of sharing general and sector-specific cybersecurity information and knowledge.
The call supports activities that may contribute to the prevention, detection, response and recovery efforts of other organisations. It primarily targets Cybersecurity Services Recipients (CSRs), meaning entities that can benefit from cybersecurity preparedness services and are ready to invest in increasing their cybersecurity preparedness in the short term and maintaining or improving it in the long term.
Scope of activities
The call funds cybersecurity preparedness projects implemented by consortia composed of Cybersecurity Services Recipients and Cybersecurity Services Providers. Selected projects are expected to improve cybersecurity preparedness through the use of services, tools, training, testing, monitoring, risk analysis and information sharing.
Applications are particularly relevant where they include one or more of the following activities:
• Use of the EUDOROS cyber range training to increase cybersecurity preparedness among staff, including cybersecurity hygiene
• Use of the EUDOROS risk analysis service to establish an understanding of exposure to cybersecurity threats
• Use of the EUDOROS threat monitoring service to monitor IT systems of high criticality
• Use of the EUDOROS security testing service to assess the current resilience level at baseline and estimate improvement after corrective actions
• Use of the EUDOROS information sharing service to share cyberthreat intelligence data
• Inclusion of essential and/or important entities from at least two different countries and the definition of cross-border security testing scenarios
• Inclusion of essential and/or important entities from at least two different sectors and the definition of cross-sector security testing scenarios
• Demonstration of capabilities and plans to ensure long-term maintenance of improved cybersecurity preparedness
Successful applicants will implement projects in three phases:
• Phase I. Planning & Preparation (M1–M2): creation of a plan for Phase II, covering implementation strategy, personnel engagement, training, and installation of EUDOROS and other cybersecurity-enhancing tools into selected infrastructures. Where possible, baseline measurements should also be performed.
• Phase II. Preparedness Actions (M3–M7): implementation of the cybersecurity preparedness enhancement plan, including cybersecurity testing of infrastructures, technical cybersecurity measures, staff training, awareness raising, and coaching from EUDOROS experts to support the use of EUDOROS solutions for risk analysis, threat monitoring and information sharing.
• Phase III. Evaluation & Feedback (M8–M10): provision of feedback to the EUDOROS Consortium to support the customisation of services to the needs of different sectors, and sharing of lessons learned with organisations in the same sector, adjacent sectors and other sectors.
Eligible applicants
Only consortia may apply. The call targets exclusively EU entities, and applying entities must be EU-controlled. Non-EU entities, EEA entities and non-EU controlled entities are not eligible.
The call distinguishes between two roles:
• Cybersecurity Services Recipients (CSRs): entities receiving cybersecurity preparedness services
• Cybersecurity Services Providers (CSPs): entities supporting the consortium in increasing cybersecurity preparedness and knowledge sharing
If properly justified, one entity may act both as a Cybersecurity Services Recipient and a Cybersecurity Services Provider. In that case, it is counted as a CSR for computing the maximum EU contribution and for evaluation metrics, and the requirement to include a CSP is considered fulfilled. However, the entity is not counted as two separate entities.
The call has two application streams:
Priority Stream:
Applications may be submitted by:
• 2 to 4 eligible co-applicants, where at least one is a priority Cybersecurity Services Recipient, one is a Cybersecurity Services Provider, and the remaining entities, if any, are Cybersecurity Services Recipients
• 5 eligible co-applicants, where at least one is a medium or large Cybersecurity Services Recipient, one or two are Cybersecurity Services Providers, and the remaining entities, if any, are Cybersecurity Services Recipients
General Stream:
Applications may be submitted by 2 to 5 eligible co-applicants, where 1 to 4 are non-priority Cybersecurity Services Recipients and 1 is a Cybersecurity Services Provider.
Priority CSRs include central government entities and medium and large enterprises. An entity with 50 or more employees (Annual Work Units), or EUR 10 million or more turnover, or EUR 10 million or more annual balance sheet total may be declared as a priority CSR. Governmental organisations may be considered priority CSRs irrespective of size if they are national or central-government organisations, including ministries, independent authorities and state-controlled organisations. Regional and municipal organisations must exceed one of the three limits to be considered priority CSRs.
Eligible costs
The available call text specifies the following cost guidance:
• Personnel costs are the only obligatory category of expenses
• Travel and subsistence costs may be included, but are not mandatory and must be in line with the participant’s standard business expenses policy and well justified
Funding is provided as a lump sum based on the estimated costs of each participant’s engagement.
Funding conditions
Type of action:
Cascade Funding
Funding rate:
50% of eligible costs
Maximum grant per beneficiary: Minimum EUR 20,000 and maximum EUR 200,000 per entity. If two or more project participants are affiliated, the EUR 200,000 limit applies collectively to the affiliated entities.
Maximum grant per application:
• General Stream: up to EUR 184,000
• Priority Stream: up to EUR 184,000, EUR 276,000, EUR 368,000 or EUR 460,000 depending on the number of priority CSRs and the number of CSR countries covered
Project duration:
10 months
Deadline for submission
7 August 2026