SECURE-CALL #1 - SECURE First Open Call For Proposals

References and Official Sources

All official information, documentation, templates, deadlines and platform access for the SECURE First Open Call for Proposals are available through the following sources:

1. The complete Application, Evaluation & Implementation Process, together with Authoritative requirements, procedures and evaluation rules are fully described in the SECURE Open Calls Application Guidelines (Annex 1), including Appendix A (Eligibility), Appendix B (Technical Evaluation) and Appendix C (Implementation Assessment)
2. SECURE Open Call Platform and documentation
3. FAQ and general project information

Eligibility Criteria

Eligible applicants are single legal entities qualifying as micro, small or medium‑sized enterprises (mSMEs) under Commission Recommendation 2003/361/EC, legally established in an EU Member State (including OCTs) or in EEA countries. Consortia, EU bodies, international organisations and ineligible natural persons are excluded. Applicants must comply with all applicable EU and national legal, ethical and financial obligations, must not fall under EU exclusion grounds, must not qualify as enterprises in difficulty, and must ensure the absence of double funding.

Projects must demonstrate direct and substantive relevance to the Cyber Resilience Act (CRA). Applicants must operate, or credibly plan to operate, within the CRA scope, and proposed activities must clearly support compliance with CRA requirements for identified digital products or services. Company eligibility is formally validated by the relevant National Cybersecurity Coordination Centre (NCC). Detailed rules are provided in Appendix A, while CRA scope and eligible activities are specified in ANNEX 2 – CRA Scope & Eligible Activities, Services and Goods.

STAGE 1 - Application & Evaluation Process

Applications are submitted exclusively via the SECURE online platform and follow a structured, sequential process designed to ensure administrative compliance, technical quality and regulatory relevance.

Phase 1 – Registration and Company Documentation

Applicants register on the platform, complete the eligibility checklist and upload mandatory company documentation, including digitally signed declarations (PAdES format), official registration evidence, ownership and control declaration (ANNEX 3 – Ownership Control Declaration), the most recent financial statement, and any additional documentation requested by the national NCC. After final submission, modifications are only possible upon explicit NCC request.

Phase 2 – Proposal and Budget Submission

Applicants prepare and upload the Proposal Template (ANNEX 1.1) and the Budget Template (ANNEX 1.3), in accordance with the Proposal Budget Guidelines (ANNEX 1.2). Proposals must define objectives, work packages, deliverables, milestones and KPIs, with a maximum project duration of 180 calendar days. Funding is granted as a lump sum, covering 50% of eligible costs up to EUR 30,000. Applicants may optionally request 40% pre‑financing at this stage. Once the final submission is confirmed, no further changes are allowed.

Phase 3 – Evaluation

Submitted proposals undergo a three‑layer evaluation process.

1. Formal Evaluation verifies completeness, CRA relevance and consistency with eligible activities.
2. Technical Evaluation is carried out by an independent Evaluation Committee of cybersecurity and CRA experts, assessing proposals against the criteria of Excellence & Relevance, Impact & Clarity, and Implementation, using the scoring system and thresholds defined in Appendix B – Proposal Technical Evaluation. Evaluation of proposals is based on three core award criteria assessed by an independent Evaluation Committee: Excellence & Relevance, Impact & Clarity, and Implementation. Excellence & Relevance measures the coherence, credibility and CRA alignment of the proposed activities and their ability to address identified compliance gaps. Impact & Clarity assesses the expected benefits for the applicant mSME, the contribution to CRA compliance, the clarity of the proposal and the robustness of the proposed KPIs. Implementation evaluates the feasibility and consistency of the work plan, including work packages, deliverables, milestones, evidence and budget coherence. Each criterion is scored on a 0–5 scale by multiple evaluators, aggregated through a weighted scoring system with defined minimum thresholds. Proposals are evaluated using a multi‑evaluator scoring and averaging system designed to ensure fairness and comparability. Each proposal is independently assessed by three evaluators, who assign scores from 0 to 5 for each of the three award criteria. For each criterion, individual scores are summed and averaged, with the result rounded to the nearest integer, producing a criterion score with a maximum of 15 points. These rounded scores are then combined into a final weighted average score, reflecting the relative importance of the criteria. To be eligible for funding, proposals must meet defined minimum thresholds, namely: an overall final score of at least 10 points and no score below 10 in two or more individual criteria; failure to meet either threshold results in exclusion. Where significant scoring discrepancies occur—specifically, differences of five points or more between evaluators on two or more criteria—an additional evaluator is appointed and the final score is recalculated using all assessments. In the case of tie scores in the final ranking, priority is given to the proposal submitted earlier on the platform, with submission date and time serving as the sole tie‑breaking rule.
3. Company Eligibility Verification is conducted by the applicant’s national NCC, which may request integrations and formally confirms company‑level eligibility. Failure to obtain NCC validation may result in exclusion, irrespective of technical score.

Phase 4 – Final Results and Sub‑Grant Agreement

Applicants are notified of the final outcome (funded, eligible but not funded due to budget constraints, or rejected). Successful applicants are invited to sign the Sub‑Grant Agreement (ANNEX 5). Following countersignature by the SECURE Consortium, the project is formally admitted to implementation and pre‑financing, if requested, may be disbursed.

STAGE 2 – Project Implementation and Assessment (Overview)

Following Sub‑Grant Agreement signature, funded projects enter Stage 2, which covers implementation, reporting and payment. Beneficiaries must complete an initial CRA Maturity Assessment, implement the approved activities within 180 days, and submit a Technical Report (ANNEX 6) together with supporting evidence demonstrating achievement of declared deliverables and KPIs. Implementation is assessed by the Evaluation Committee in accordance with Appendix C – Implementation Assessment, determining full, partial or no balance payment based on the degree of objective achievement.