Digital Europe Programme is the first EU programme that aims to accelerate the recovery and drive the digital transformation of Europe.
Worth €7.6 billion (in current prices), the Programme is a part of the next long-term EU budget, (the Multiannual Financial Framework), and it covers 2021 to 2027. It will provide funding for projects in five crucial areas: supercomputing, artificial intelligence, cybersecurity, advanced digital skills, and ensuring the wide use of digital technologies across the economy and society.
The Programme is fine-tuned to fill the gap between the research of digital technologies and their deployment, and to bring the results of research to the market – for the benefit of Europe’s citizens and businesses, and in particular SMEs. Investments under the Digital Europe programme supports the Union’s twin objectives of a green transition and digital transformation and strengthens the Union’s resilience and strategic autonomy.
Proposals shall target activities on the following subjects:
Proposals should carefully consider the requirements and constraints, such as security level, performance and business continuity, in a broad range of applications relevant for critical societal sectors and processes (such as governmental services, telecom, banking, smart homes, e-Health, automotive, and other sectors).
Proposals should address functions such as key establishment, digital signatures, and secure communication protocols that require careful adaptation with post-quantum counterparts to ensure resilience against threats posed by quantum-capable adversaries.
Proposals should safeguard compatibility with existing legacy systems. To achieve this, a transition to PKIs that support both pre-quantum and post-quantum cryptography should be addressed. The proposed systems should be able to seamlessly interact with legacy systems by disabling the post-quantum component as needed while preventing downgrade attacks. Relying solely on PQC solutions in this intermediate transition phase could introduce security risks given that the security analysis of the cryptosystems and of their implementations is not as mature as for their pre-quantum counterparts. Proposals should therefore use combinations of PQC solutions and established pre-quantum solutions, making sure to provide strongest-link security, meaning that the system remains secure as long as at least one of the components of the combination is secure.
For certificates for protocols that support negotiation, such as X.509 certificates for the Transport Layer (TLS), the use of post-quantum key exchange has already been demonstrated and can be implemented in a decentralised manner. Many other protocols need to be migrated, and this process will be more complex when old and new configurations must coexist. Moreover, for applications in IoT, smartcards, identity documents and others, the migration strategies defined for the core use cases of X.509 may well not work.
Proposals should develop clear procedures to effectively guide the various stakeholders involved in PKIs across different usage domains through the transition process.
Effective consortia should comprise a diverse range of actors along the entire PKI chain, encompassing expertise in areas such as software development, hardware implementation, cryptographic research, standardisation, policy, and application deployment, as well as organisations that can provide user case studies and real-world applications.
Activities should include some or all of the following:
50%
Requested grant amount per project: indicatively between €3 and €4 million, but other amounts are not excluded if duly justified.
In order to be eligible, applicants (beneficiaries and affiliated entities) must:
Be legal entities (public or private bodies).
Be established in one of the eligible countries, namely:
EU Member States (including overseas countries and territories (OCTs)).
EEA countries (Norway, Iceland, Liechtenstein).
Beneficiaries and affiliated entities must register in the Participant Register before submitting the proposal and will need to be validated by the Central Validation Service (REA Validation). For the validation, they will be required to upload documents proving their legal status and origin.
Other entities may participate in different consortium roles, such as associated partners, subcontractors, or third parties providing in-kind contributions (see section 13).
Please note, however, that all topics of this call are subject to restrictions for security reasons. Therefore, entities must not be directly or indirectly controlled by a country that is not considered an eligible country. All entities must complete and submit a declaration on ownership and control.
Ministry of Research, Innovation and Digital Policy
Directorate of Research and Innovation
Eleana Gabriel
Telephone: +357 22 691918
Email: egabriel@dmrid.gov.cy
For help related to this call, please contact ECCC Applicants Direct Contact Centre at applicants@eccc.europa.eu