The SECURE – Strengthening EU SMEs Cyber Resilience project launches its first Open Call , aiming to fund and support European micro, small and medium-sized enterprises in complying with the Cyber Resilience Act (CRA ) and strengthening their cybersecurity capabilities.The first SECURE Open Call is open from 28 January 2026 until 29 March 2026 , part of a series of calls that will distribute cascade funding to support concrete projects aimed at improving digital security practices in European companies subject to the CRA.
Project objectives
SECURE is a three-year initiative funded by the European Union through the Digital Europe Programme, with the aim of:- to facilitate the adaptation of SMEs to the requirements of the Cyber Resilience Act,
- strengthen cybersecurity skills and good practices,
- promote awareness and the development of sustainable solutions for digital resilience.
What does the announcement include?
Total budget : €5 million, with a maximum contribution of €30,000 per project (50% co-financing).Target audience : European micro, small and medium-sized enterprises (mSMEs) subject to the CRA, with the possibility of only one proposal per organisation
Objectives of eligible projects
The call co-finances projects and activities that improve cybersecurity practices and support compliance with the Cyber Resilience Act.In particular, the following types of interventions are considered eligible:
- Regulatory compliance activities, such as audits, certification support, and policy definition;
- Technology interventions on products, including Vulnerability assessment and Penetration testing ;
- Strengthening the security of production infrastructures, in the fields of cybersecurity, ICT, IT and OT;
- Adequacy of governance and risk management systems, including incident management processes, risk and impact assessment, and supply chain security;
- Cybersecurity training and awareness-raising activities;
- Purchase of tangible goods and professional services essential to achieving required safety standards.
Eligibility Requirements
To be eligible for this call, applicants must not fall into any of the exclusion criteria and must cumulatively meet the following requirements:- Be single legal entities.
- Qualify as a micro, small or medium-sized enterprise (mSME).
- Be legally incorporated in one of the eligible countries (EU + EEA).
- Comply with all relevant legal and ethical requirements.
- Ensure that the proposed project is not subject to double funding.
How to participate
To participate, you must create an account on the official SECURE project platform , consult the documentation, and submit your proposal online starting from the day registration opens.What is the Cyber Resilience Act?
The Cyber Resilience Act (EU Regulation 2024/2847) is the new European law on cyber resilience, aimed at strengthening the security of hardware and software products with digital elements placed on the EU market by imposing mandatory cybersecurity requirements throughout the product's lifecycle.Having entered into force on 10 December 2024 , the regulation will be fully applicable from 2027 , while the reporting obligations will apply from 11 September 2026 .
The goal is to increase trust and transparency in digital products and reduce vulnerabilities that expose businesses and consumers to cyber risks.
The Cyber Resilience Act applies to a wide range of products with digital elements connected to networks or devices and introduces security obligations for manufacturers, developers, importers, and distributors. Products that comply with the regulation's requirements will bear the CE marking.