Aims of this initiative
By managing the cybersecurity funds under the next multi-annual financial framework 2021-2027, the initiative will help to create an inter-connected, EU-wide cybersecurity industrial and research ecosystem. It should encourage better cooperation between relevant stakeholders, including between cybersecurity civilian and defence sectors.
This cooperation will help stakeholders to make the best use of existing cybersecurity resources and expertise across Europe. The initiative builds on the expertise that already exists in more than 660 cybersecurity expertise centres from all Member States who responded to a survey conducted by the European Commission in 2018.
The initiative should help the EU and Member States take a proactive, longer-term strategic perspective to cybersecurity industrial policy going beyond research and development. This approach should help to come up with breakthrough solutions to the cybersecurity challenges which the private and public sectors are facing and support the effective deployment of these solutions.
It will allow relevant research and industrial communities and public authorities to gain access to key capacities such as testing and experimentation facilities. These facilities are often beyond the reach of individual Member States due to insufficient financial and human resources.
The initiative will contribute to closing the skills gap and to avoiding a brain drain by ensuring access of the best talents to large-scale European cybersecurity research and innovation projects and therefore providing interesting professional challenges.
Network of National Coordination Centres
Each Member State will nominate one National Coordination Centre. They will function as contact points at the national level for the Competence Community and the Competence Centre. They are the ’gatekeepers’for the cybersecurity community in their country. They support to carry out actions under this Regulation, and they can pass on financial support to national and local ecosystems.
The Cybersecurity Competence Community
This Community will involve a large, open, and diverse group of actors involved in cybersecurity technology, including in particular research entities, supply/demand-side industries and the public sector. It will provide input to the activities and work plan of the Competence Centre. And, it will benefit from the community-building activities of the Competence Centre and the Network.
The European Cybersecurity Competence Centre
The European Cybersecurity Competence Centre (ECCC) aims to increase Europe’s cybersecurity capacities and competitiveness. It will work together with a Network of National Coordination Centres (NCCs) to build a strong cybersecurity community.Located in Bucharest, it will implement relevant parts of the Digital Europe and Horizon Europe programmes by allocating grants and carrying out procurements.
Tasks and objectives
The ECCC will seek to achieve its overall mission by:
- setting up and helping to coordinate the National Coordination Centres Network and the cybersecurity competence community;
- making strategic investment decisions and pooling resources from the EU, its Member States and industry;
- implementing cybersecurity-related financial support from Horizon Europe and Digital Europe Programmes.
This will feed into the following objectives:
- contributing to the wide deployment of the latest cybersecurity technology, in particular through carrying out or supporting procurement of products and solutions;
- providing financial support and technical assistance to cybersecurity start-ups and a to connect them to potential markets and to attract investment;
- supporting research and innovation based on a comprehensive industrial and research agenda, including large-scale research and demonstration projects in next-generation cybersecurity capabilities;
- driving high cybersecurity standards not only in technology and cybersecurity systems but also in skills development;
- facilitating the cooperation between the civil and defence spheres with regard to dual use technologies and applications, and enhancing civil-defence synergies in relation to the European Defence Fund.
The ECCC is currently being set up. Its administrative and governance structure will include:
- a Governing Board, to provide strategic orientation and oversee its activities;
- an Executive Director, to be the legal representative and to be responsible for day-to-day management;
- a Strategic Advisory Group to ensure a comprehensive, ongoing dialogue between the ECCC and the cybersecurity community.
The Governing Board will include:
- one representative from each member State, and two from the Commission, serving for a renewable four year term;
- observers, including ENISA permanently, and others on an ad-hoc basis;
- a Chairperson and deputy Chairperson, elected for three years, once renewable;
- the Executive Director, who takes part but has no voting rights.
In principle, decisions will be taken by consensus. Where this is not possible, there needs to be a majority of at least 75% of all votes. For join actions, the vote will be proportional to the financial contributions of those involved. The EU holds 26% of voting rights for any decision affecting the EU budget .
The Governing Board is assisted by an Industrial and Scientific Advisory Board to ensure regular dialogue with the private sector, consumers’ organisations and other relevant stakeholders.
The European Commission proposes that the Competence Centre is funded jointly through financial contributions from the European Union and the participating Member States.
The European Commission has placed cybersecurity high on the agenda for the next long-term EU budget for years 2021-2027. Under the new Digital Europe programme the European Commission proposed in 2018 to invest €2 billion into safeguarding the EU's digital economy, society and democracies through polling expertise, boosting EU's cybersecurity industry, financing state-of-the-art cybersecurity equipment and infrastructure. Cybersecurity research and innovation will additionally be supported under the Horizon Europe programme.
The ECCC and Network will also seek to achieve synergies with other relevant EU programmes where appropriate.
The participating Member States should match the EU's financial contribution with investments of the same amount in line with their priorities and with co-financing of the running costs of the Centre and the Network.
The concrete funding priorities will be established as part of the Competence Centres annual Work Plan, which will be adopted by the Governing Board after having received input from the Industrial and Scientific Advisory Group.
It is envisioned that the bulk of the funding will be allocated through open calls for proposals and calls for tender. Stakeholders know this system from the past Research and Innovation Framework Programmes. In these cases, the Competence Centre will manage and eventually disburse financial support to recipients, which would typically be academic and research entities, industrial companies, or public authorities.
The ECCC will also seek to promote joint procurement of strategic cybersecurity infrastructures and tools together with one or several other entities – typically public authorities.
Some funding will be made available directly to National Coordination Centres for them to carry out tasks under this Regulation.
National Coordination Centres will also be able to financially support their respective national ecosystems through the use of so-called cascading grants.
The European Union works on various fronts to promote cyber resilience, safeguarding our communication and data and keeping online society and economy secure.
New EU cybersecurity rules ensure safer hardware and software.
Operators of Essential Services (OES), National Cybersecurity Certification Authorities (NCCAs) and National Competent Authorities (NCAs) for cybersecurity are among the selected applicants that will receive €11 million in funding by the Connecting Europe Facility cybersecurity...
The Stakeholder Cybersecurity Certification Group was established to provide advice on strategic issues regarding cybersecurity certification.
The Cybersecurity Act strengthens the EU Agency for cybersecurity (ENISA) and establishes a cybersecurity certification framework for products and services.
The EU cybersecurity certification framework for ICT products enables the creation of tailored and risk-based EU certification schemes.
The NIS2 Directive is the EU-wide legislation on cybersecurity. It provides legal measures to boost the overall level of cybersecurity in the EU.