The European Union is setting new, binding standards for the cybersecurity of digital products with the Cyber Resilience Act. This EU regulation requires manufacturers, importers, and software managers to consider cybersecurity at every stage of a product’s life cycle, from development to maintenance. In order to prepare European micro, small and medium-sized enterprises (SMEs) for these requirements, the EU-funded SECURE project (“Strengthening EU SMEs Cyber Resilience”) is providing SMEs with five million euros of funding for the first time. Application deadline: 29 March 2026.

The Cyber Resilience Act (CRA), which came into force in December 2024 and will be fully applicable from 2027, establishes harmonized cybersecurity requirements for all products containing digital elements placed on the EU market. These common standards aim to close security gaps, boost consumer confidence, and establish a level playing field for businesses.

The SECURE consortium is based on close collaboration between the National Cybersecurity Coordination Centers (NCCs) and the European Digital Innovation Hubs (EDIHs). This extensive collaboration aims to engage with as many stakeholder groups as possible. To support micro, small, and medium-sized enterprises (MSMEs) with adaptation and development, SECURE offers targeted financing opportunities to help companies comply with cybersecurity regulations.

Who can apply?

The first open SECURE call for proposals comprises €5 million of cascade funding, with individual projects eligible for up to €30,000. Proposals may include concrete measures to improve cybersecurity, meet CRA requirements, and strengthen the resilience of digital products. Eligible small and medium-sized enterprises (SMEs) include manufacturers, importers, and distributors of products with digital elements, as well as those responsible for open-source software.

How SMEs can apply

The entire submission process, from registration to evaluation to implementation, is carried out via the digital SECURE platform. Projects submitted for consideration are evaluated based on their relevance to the objectives of the Cyber Resilience Act, their expected impact, and their feasibility and quality. The first call for proposals is open from 28 January to 29 March 2026.

Projects will be evaluated and selected based on the following criteria:

• Excellence and relevance: An assessment of how well the proposed measure meets the objectives of the Cyber Resilience Act (CRA) in terms of quality and credibility.
• Impact and clarity: An assessment of the expected benefits of the project, as well as an evaluation of the clarity of the overall proposals.
• Implementation: Consideration of the feasibility and practicality of the project plan.

In addition to financial support, SECURE provides SMEs with a range of comprehensive support services. These include free training courses and workshops, networking events with relevant stakeholders, and a selection of resources on CRA compliance. The first training and orientation materials on the CRA are already available. These materials provide practical guidelines on CRA obligations and essential cybersecurity requirements, as well as a methodological framework for assessing compliance to help SMEs familiarize themselves with the topic.

International SECURE Consortium

The project is supported by a Europe-wide consortium of national cybersecurity authorities, research institutions, and centers of excellence from Italy, Belgium, Spain, Poland, Luxembourg, Romania, and Austria, including Salzburg Research.

Further information and updates on the SECURE project can be found on the SECURE4ME website.