CYSSDE Penetration Test and Vulnerability Assessment
CYSSDE’s open call seeks penetration testing organizations to enhance cybersecurity resilience for Essential Service Operators and SMEs across Member States, aligning with NIS2 and Cyber Resilience Act requirements.
The CYSSDE project invites penetration testing organizations, including companies, consortia, and research institutions, to participate in its first open call aimed at bolstering the cybersecurity maturity of Essential Service Operators and SMEs across the EU. This initiative focuses on identifying and addressing known and emerging vulnerabilities through comprehensive penetration testing and vulnerability assessments.
Summary
The CYSSDE Open Call 2 aims to fund penetration testing and vulnerability assessments to enhance European cybersecurity preparedness. It supports up to 10 selected projects with grants of up to €200,000 per project, co-financing cybersecurity risk assessments under the Digital Europe Programme. The initiative focuses on Essential Service Operators, SMEs, and other critical infrastructure entities.
Details
Type of projects to be funded: Financial support for penetration testing and vulnerability assessments to improve cybersecurity resilience, focusing on high-risk sectors. Beneficiaries must conduct at least 10 penetration tests or vulnerability assessments.
Sectors / domain: Cybersecurity, critical infrastructure, essential service operators, SMEs, and high-tech industries (e.g., AI, cloud, fintech, medtech).
Individual or consortium: Open to individual entities and consortia (up to 2 entities).
Specific eligibility requirements: Eligible applicants include SMEs, mid-caps, large companies, research centres, and public bodies from EU Member States. Applicants must be legally registered in an EU Member State. CYSSDE partners, their affiliates, and employees are not eligible. A minimum of 25% of total funding is reserved for SMEs.
Specific topics or challenges: The focus is on penetration testing and vulnerability assessments, particularly for critical infrastructures, essential service operators, and SMEs subject to NIS2 or the Cyber Resilience Act.
Projects duration: Up to 18 months, structured into four stages: execution planning, developing testing scenarios, conducting assessments, and sustainability services.
Budget, funding rates, and payment conditions:
Funding rate: 50% co-funding required (e.g., for a €200,000 grant, total project costs must be at least €400,000).
Budget conditions / limitations: Up to €200,000 per project.
Payments: Distributed in four instalments based on project milestones:
5% (€10,000) – Execution plan approval (Month 1).
30% (€60,000) – Development of testing scenarios (Months 2-6).
40% (€80,000) – Completion of penetration tests or vulnerability assessments (Months 7-15).
25% (€50,000) – Final outputs and sustainability activities (Months 16-18).
Note: 10% of each payment is deferred until project completion (expected May 2028).
Deadline: The call is open from 7 January 2025 (10:00 CET) to 7 April 2025 (17:00 CET). Applications must be submitted via CYSSDE Open Call Platform.
Links
Closes
07/04/2025
Max funding per project
200.000€