Enhancing the NCC Network -

Depending on the decision of each NCC, one or more of the following should be covered:

• Network of national initiatives to accelerate the cybersecurity industry and facilitate Access-to-Market.
• European frameworks for establishing cybersecurity incubators and accelerators.
• Cybersecurity Community Observatory to inform subsequent policy interventions by the ECCC and NCCs.
• Matchmaking events to create connections and build trust; platforms and events for Access-to-Finance and Access-to-Market including in the area of dual-use technologies
• Strengthened Cybersecurity Community to support the European Cybersecurity Industrial, Technology and Research Competence Centre; Maintained technical registration possibilities for candidates for the Cybersecurity Competence Community; Technical assistance for potential applicants for ECCC calls.
• Uptake of cybersecurity solutions.
• Strengthened cybersecurity capacities of stakeholders.
• Synergetic activities that strengthen the role of NCC.
• Centralise the many initiatives focusing on raising awareness and work together with other NCCs to support a cross European approach covering education, studies, training courses and awareness campaigns1 ; Share and provide best practices related to the awareness topic.
• Support the transfer of best practices related to cybersecurity teaching for primary and secondary school and other activities for children and youngsters (including camps, materials, games, etc.).
• Support for teachers and professors to have access to best practices available in the EU and facilitate dialogue.
• Support the development of cross-over educational solutions for SMEs, for example by gamification.
• Cyber campaign material focused on young professionals and students of all ages and gender to pursue and advance in cybersecurity careers, where the NCCs can build on in view of regional differences.
• Cyber campaign material focused on parents and teachers of future students of all ages and gender to raise the number of cybersecurity students.
• Platform supporting a network of young cybersecurity ambassadors spreading awareness and fostering a culture of cybersecurity among Europe's youth.
• Common services to be provided within national cyber campuses.
• Hybrid events for the cybersecurity competence community to increase awareness of cybersecurity threats, threat actor modus operandi and potential impact, potentially in collaboration with existing initiatives and platforms.
• Deliverables supporting the implementation of the Cyber skills Academy.
• Support for activities dedicated to the EU Cybersecurity Challenges.

In addition, activities could cover setting up a platform integrating all other existing platforms, hosted and maintained at the European level under the .eu domain, so as to:

• Establish and maintain a marketplace for cybersecurity products and services.
• Allow the retrieval of information on entities adhering to the 27 NCC communities.

1 The activities should consider other ongoing projects, activities, campaigns as well as the mandate of ENISA and other EU or national bodies. These actions should ensure synergies at EU level and should not duplicate efforts at EU or national levels.

The National Coordination Centres (NCCs) set up by the Regulation (EU) 2021/887 are designed to work together through a network and to contribute to achieving the objectives of the regulation and to foster the Cybersecurity Competence Community in each Member State, by contributing to the acquisition of the necessary capacity. National Coordination Centres can also support priority areas such as the implementation of EU legislation (Directive (EU) 2022/2555, the proposed Cyber Resilience Act and the Cybersecurity Act).

The objective of this topic is to support the operation of the NCCs and to enable them to support the cybersecurity community, including SMEs, for the uptake and dissemination of state-of-the-art cybersecurity solutions and strengthen cybersecurity capacities. This could also be achieved by using Financial Support for Third Parties (FSTPs)1 . Based on the financing received in previous years and on the different operational start dates in the Member States, this activity aims to continue providing support for NCCs.

In this regard, it is important to stress that individual NCC can choose from the list of activities and deliverables included in this topic depending on their interest and mandate. There is no obligation for NCCs to execute all actions.

This topic also considers providing support for the uptake of EU cybersecurity technologies and products, commercialisation and scale-up of the European cybersecurity start-up/SME ecosystem, in collaboration and complementarity with the European and ongoing national and regional initiatives, such as accelerator and incubation programmes and technology transfer programmes. Such a strategy should also include support for scale-ups, considering the use of public procurement and private investment.

An essential aspect of this action is to create a framework for the emergence of such incubators and accelerators in the Member States, based on best practices and considering the specific needs and requirements arising from EU legislation (such as the Cyber Resilience Act, NIS 2 Directive).

In addition, this topic could contribute to cybersecurity awareness. It is becoming increasingly important to inform and educate EU citizens on cybersecurity topics in their daily use of digital technologies. Cybersecurity awareness helps individuals and organisations to identify threats and take appropriate action. By promoting awareness, the likelihood of incidents and data breaches can be reduced. Within this topic, NCCs are encouraged to build upon ongoing initiatives, including for example the ones from the EC and ENISA, to improve the awareness of EU citizens, businesses and organisations about cybersecurity risks and threats and to support Europe-wide actions to increase the number of students in cybersecurity courses, students engaged in cybersecurity research activities and students and young professionals choosing a career in cybersecurity.

Furthermore, European companies are innovative and develop highly competitive products, but the still underdeveloped Digital Single Market confines most of these companies (especially SMEs and start-ups) to their home country. A platform that can open the European market for small and medium-sized enterprises would also act as a springboard into international markets. This platform will ensure the competitiveness of European cybersecurity solutions. As such, this topic could also support the EU market’s growth in cybersecurity products and services by providing a platform on which European SMEs and start-ups can post their (market-ready) products and solutions and on which businesses, public authorities and private individuals can search for the best solution for their needs, regardless of the country.

1 For the use of FSTPs, the GB will prepare a dedicated procedure before the launch of the call.

The National Coordination Centre should carry out, depending on their decision, one or more of the following tasks:

• Acting as contact points at the national level for the Cybersecurity Competence Community to support the ECCC in achieving its objectives and missions.
• Providing expertise and actively contributing to the strategic tasks of the ECCC, taking into account relevant national and regional challenges for cybersecurity in different sectors and deliver tasks supporting the implementation of the Cyber skills Academy.
• Promoting, encouraging and facilitating the participation of civil society and industry, in particular start-ups and SMEs, academic and research communities and other actors at Member State level in cross-border projects and cybersecurity actions funded through all relevant Union programmes.
• Providing technical assistance to stakeholders by supporting stakeholders in their application phase for projects managed by the ECCC, and in full compliance with the rules of sound financial management, especially on conflicts of interests. This should be done in close coordination with the relevant NCPs set up by the Member States.
• Seeking to establish synergies with relevant activities at national, regional and local levels, such as addressing cybersecurity in national policies on research, development and innovation in the area of those policies stated in the national cybersecurity strategies. Where relevant, implementing specific actions for which grants have been awarded by the ECCC, including through the provision of financial support to third parties in accordance with Article 204 of the Financial Regulation under the conditions specified in the grant agreements concerned, in particular aimed at strengthening the uptake and dissemination of state-of-the-art cybersecurity solutions (notably by SMEs).
• Supporting the scaling-up of start-ups by finding other funding to implement existing projects.
• Promoting and disseminating the relevant outcomes of the work of the Network and the ECCC at national, regional or local level.
• assessing requests for becoming part of the Cybersecurity Competence Community by entities established in the same Member State as the NCC.
• advocating and promoting involvement by relevant entities in the activities arising from the ECCC, the Network of National Coordination Centres, and the Cybersecurity Competence Community, and monitoring, as appropriate, the level of engagement with actions awarded for cybersecurity research, developments and deployments.
• Supporting the Cybersecurity Competence Community registration (on platforms such as ATLAS) and contributing to the development of suitable community management tools.

In addition, this action aims to promote safer digital behaviours, grow talents and attract more youth to cybersecurity careers; the NCCs could also, depending on their national context, carry out one or more of the following tasks:

• Provide support to innovative ideas towards market-readiness.
• Promote cybersecurity awareness, best practices, and careers in schools, universities, and community events (for instance by launching a pan-European programme where young individuals will be trained as ambassadors to promote cybersecurity.)
• Strengthen collaboration between institutions for higher education, e.g. by jointly organising events, by teaching students and working together on cutting-edge research. Support activities in primary and secondary levels of education to increase cybersecurity awareness and hygiene, through educating the teachers and educators.
• Build stronger partnerships with established SMEs, tech companies, and government agencies to develop and distribute software tools and services that assist in early threat detection, actor identification, and threat evolution monitoring. These collaborations can ensure that cybersecurity professionals have access to the latest tools and technologies for effective threat management.
• In collaboration with other entities, as needed, organise periodic cybersecurity boot camps, challenges, awareness campaigns and training courses across Europe, specifically for SMEs or students (e.g. focusing on equipping participants with hands on skills to manage prevalent cyber threats through training sessions, workshops, and simulation activities tailored to their industry). Organise periodic awareness raising campaigns, at national and regional level, to increase cybersecurity awareness and hygiene aimed at different demographics. Organise national and regional cyber exercises to enhance the security and resilience of critical sectors as well as SMEs.
• Foster a community of cybersecurity professionals who can share their experiences, challenges, and solutions.
• Support and encourage the uptake of cybersecurity educational policy goals in national (cybersecurity) strategies.
• Promote safer digital behaviours and more youth considering cybersecurity careers.

The action could also aim to:

• Support the adoption of market-ready innovative cybersecurity solutions, including solutions developed in the framework of EU-supported research and innovation projects.
• Provide and deploy up to date tools and services to organisations (in particular SMEs) to prepare, protect (e.g. network security, advanced two-factor or passwordless authentication) and respond to cybersecurity threats.

This topic targets exclusively National Coordination Centres which have been recognised by the Commission as having the capacity to manage funds to achieve the mission and objectives laid down in the Regulation establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres. These actions aim at the operation of National Coordination Centres, which occupy a central role in the cybersecurity landscape as foreseen in Regulation (EU) 2021/887. Due to the synergetic role they play with regard to the activities at national, regional and local levels, such as addressing cybersecurity in national policies on research, development and innovation in the area of those policies stated in the national cybersecurity strategies, they must be able to handle sensitive information, and be protected against possible dependencies and vulnerabilities in cybersecurity to pre-empt undue foreign influence and control.

As previously noted, participation of non-EU entities entails the risk of highly sensitive information about security infrastructure, risks and incidents being subject to legislation or pressure that obliges those non-EU entities to disclose this information to non-EU governments, with an unpredictable security risk. Therefore, based on the outlined security reasons, the actions are subject to Article 12(5) of the DEP Regulation (2021/694).

News flashes