Vienna, Jan. 28, 2026 – With the Cyber Resilience Act (CRA), the European Union is introducing new binding cybersecurity requirements for digital products. The EU regulation obliges manufacturers, distributors, importers and software managers to consider cybersecurity throughout the entire product lifecycle-from development to maintenance. To prepare European micro, small and medium-sized enterprises (SMEs) for these requirements, the EU-funded SECURE project (“Strengthening EU SMEs Cyber Resilience”) launches its first call for proposals on January 28, 2026.

With a total budget of about €22 million, including €16 million for direct financial support, SECURE aims to support SMEs on this path. The Cyber Resilience Act – which entered into force in December 2024 and is fully applicable from 2027 – establishes harmonized cybersecurity requirements for all products with digital elements placed on the EU market. Common standards are designed to close security gaps, strengthen consumer confidence and create a level playing field for businesses.

The CRA obliges manufacturers, importers, distributors and software developers to ensure cybersecurity throughout the product lifecycle-from development to upgrades and maintenance to disposal. The regulation applies to a wide range of related products, while some sectors (such as medical devices, aviation and the automotive industry) are excluded. In the future, products that comply with the requirements will bear the CE mark.

Who can apply

SECURE’s first open call for proposals makes available €5 million in cascade funding, with individual projects eligible for funding up to a maximum of €30,000. Proposals can include concrete measures to improve cybersecurity, meet CRA requirements and strengthen the resilience of digital products. SMEs such as manufacturers, importers and distributors of products with digital elements, as well as software developers, are eligible to apply.

“SECURE represents one of Europe’s leading experiences in supporting SMEs in cybersecurity. Through the management of a significant cascading funding mechanism, the project embodies the EU’s concrete commitment to invest resources where they generate real impact, fostering a more interconnected, resilient and cross-border European cybersecurity ecosystem,” emphasized Luca Nicoletti, Head of the Industrial, Technological and Research Programs Service and Head of NCC IT.

How SMEs can apply

The entire submission process-from registration and evaluation to implementation-is conducted through the SECURE digital platform. Submitted projects will be evaluated based on their relevance to CRA objectives, expected impact, feasibility, and quality.The first call for proposals is open from January 28 to March 29, 2026. More detailed information on the eligibility requirements, application process, and evaluation criteria was provided during an online information event on January 19, 2026, and additional dates will be scheduled.

Additional support for SMEs

In addition to financial support, SECURE offers comprehensive support services for SMEs. These include open-access trainings and workshops, networking events with relevant stakeholders, and a repository of selected resources on CRA compliance. The first training and guidance materials on the Cyber Resilience Act are already available. They include practical guidelines on CRA obligations and essential cybersecurity requirements, as well as a methodological framework for assessing compliance, to help SMEs approach the topic.

SECURE project partners

The project is supported by a Europe-wide consortium that includes national cybersecurity authorities, research institutes and competence centers from Italy, Belgium, Spain, Poland, Luxembourg, Romania and Austria.

  • Agency for National Cybersecurity (ACN), Italy
  • Naukowa i Akademicka Sieć Komputerowa (NASK), Poland
  • Instituto Nacional de Ciberseguridad (INCIBE), Spain
  • Centre for Cybersecurity Belgium (CCB), Belgium
  • Luxembourg House of Cybersecurity (LHC), Luxembourg
  • Cyber 4.0 – National Competence Center for Cybersecurity, Italy
  • IDEA-Re Ideas & Research Hub, Italy
  • National Cybersecurity Coordination Center (NCC-RO), Romania
  • Plattform Industrie 4.0 Österreich, Austria
  • TU Wien, Austria
  • PROFACTOR GmbH, Austria
  • Salzburg Research Forschungsgesellschaft mbH, Austria
  • VIRTUAL VEHICLE, Austria

More information and updates on SECURE are available on the website SECURE4SME and on LinkedIn.