1. CALL CONTEXT
The general context for this call for proposals is defined in Section 3.8 of the 2016 CEF Telecom work programme1 as published on the call page on the Innovation and Networks Executive Agency (INEA) website2.
2. BACKGROUND AND RATIONALE
The background and rationale for this call for proposals are defined in Section 3.8.1 of the 2016 work programme.
The priority outcomes of this call for proposals are defined in Section 188.8.131.52 of the 2016 work programme, namely to support the Generic Services provided by national and/or governmental (n/g) Computer Emergency Response Teams' (CERTs)/Computer Security Incident Response Teams' (CSIRTs) in all Member States.
Funding under this call will support the n/g CERTs/CSIRTs to create, maintain or expand national capacities to run a range of cyber security services, in order to reach a state of preparedness that
will allow them to participate on an equal footing in the cooperation mechanisms and core cooperation platform established through the 2015 work programme.
Funding will be granted as an incentive for Member States to develop their cyber security capacity for participating in the cooperation platform and mechanisms set up by the work programme 2015, including one or both of the following:
activities for increasing the preparedness of the n/g CERTs/CSIRTs (e.g. development or acquisition of better tools for analysis, identification, and detection of threats, awareness campaigns, services to local agents)
the establishment of access points from the n/g CERTs/CSIRTs to the cooperation mechanisms (e.g. secure devices and software, interfaces, gateways, translation of local tools into common formats).
These activities could include:
acquisition and operation of national level cyber security IT systems, experimental test
beds, and training facilities, that will facilitate the cross-border cooperation of n/g CERTs/CSIRTs, which may be complemented with very sophisticated toolsets specific to the cyber security area (e.g. sandboxes, simulation environments, advanced research infrastructures, and secure control rooms).
hiring of trained staff, training of current staff, joint training courses, cooperation meetings, Europe-wide cyber security exercises.
Proposals submitted by single/consortia of sectoral CERTs/CSIRTs will have lower priority than those submitted by n/g CERTs/CSIRTs.
4. RESULTS EXPECTED FROM THE FINANCIAL ASSISTANCE
The benefits and expected outcomes of this call for proposals are defined in Section 184.108.40.206 of the 2016 work programme. The results expected from the financial assistance provided by this call will allow Member States to limit the economic and political damage of cyber attacks, while reducing the overall costs of cyber security – both individually and at the EU level. They will also promote:
connection of national and/or governmental CERTs/CSIRTs capabilities to the cooperation mechanisms that will allow Member States to have an early response or at least mitigate cyber security incidents that may affect their networks and information systems, making European digital networks more secure for their citizens;
opening of new avenues for cross-European and multidisciplinary methodological and experimental cooperation that include European-wide views, perceptions and behaviours leading to higher preparedness and better cyber security resilience;
The success of the actions undertaken may be measured in several ways, such as the level of services enabling new uses and capabilities, the usefulness and usability of the tools/processes/services deployed. However, active European-wide cyber security cooperation in connection with the Core Service Platform and cooperation mechanisms set up following the 2015 work programme is considered essential for the success of the proposed actions.
The indicative amount to be allocated on the basis of this call for proposals to projects of common interest in the field of trans-European telecommunications for Cyber Security generic services is €12 million.
Date of publication of call for proposal
20 September 2016
Deadline for the submission of proposals
15 December 2016 (17:00.00 Brussels time)
Evaluation of proposals
January-March 2017 (indicative)
Consultation of the CEF Committee
April 2017 (indicative)
Adoption of the Selection Decision
April 2017 (indicative)
Preparation and signature of grant agreements
As of May 2017 (indicative)
7. ADMISSIBILITY REQUIREMENTS
A proposal will not be evaluated if at least one of the following situations occurs:
It is not submitted electronically in the TENtec Information System eSubmission module3.
It is not submitted by the deadline for submission of proposals (see sections 6 'Timetable'
and 13.2 'Submission of proposals').
The proposal is incomplete, i.e. any part of the application form (A, B, C or D) is missing.
The proposal is not duly signed by the applicant(s).
8. ELIGIBILITY CRITERIA 8.1 Eligible applicants
In accordance with the 2016 work programme and pursuant to Article 9 of the CEF Regulation4, only those proposals submitted by one of the following types of applicants are eligible:
One or more Member States;
organisations, Joint Undertakings5, or public or private undertakings or bodies established in Member States.
In accordance with section 4.3.1 of the work programme, European Free Trade Association (EFTA) countries which are members of the European Economic Area (EEA) may participate6 in the call for proposals, even when not explicitly mentioned, with the same rights, obligations and requirements as EU Member States. At the moment of the publication of this call, these conditions apply to Norway and Iceland only.7
Where necessary to achieve the objectives of a given project of common interest and where duly motivated, third countries and entities established in third countries may participate in actions contributing to the projects of common interest. They may not receive funding under the CEF Regulation, except where it is indispensable to achieve the objectives of a given project of common interest.
Acceding states and candidate countries benefiting from a pre-accession strategy may also participate in the sector of the CEF covering telecommunications infrastructure in accordance with agreements signed with the EU. As at the time of the publication of this call no such agreements have been signed, the same conditions as for third countries apply to acceding states and candidate countries.
Third countries and entities established in third countries may only participate as part of a consortium with applicants from EU/EEA countries. The application must contain the agreement of the Member State concerned by the proposed Action and a declaration from the European partner involved in the proposal on why the participation of the third country applicant is indispensable. Applicants that are entities established in a third country must also provide proof of the support of the third country authorities concerned.
Proposals may be submitted by entities which do not have legal personality under the applicable national law, provided that their representatives have the capacity to undertake legal obligations on their behalf and offer guarantee for the protection of the EU's financial interests equivalent to that offered by legal persons.
Proposals submitted by natural persons are not eligible.
Any applicant that cannot provide the agreement of the EU Member State or EEA country concerned will not be eligible.
Applicants may designate affiliated entities within the meaning of Article 122(2)(b) of the Financial Regulation8, for the purpose of supporting the implementation of the action submitted for funding. Such affiliated entities must comply with the eligibility criteria for applicants.
For multi-applicant proposals, a coordinator must be designated. Exclusion criteria
The exclusion criteria are defined in Annex 2 of the 2016 work programme. Applicants must certify that they are not in any of the situations listed below:
they are bankrupt or being wound up, are having their affairs administered by the courts, have entered into an arrangement with creditors, have suspended business activities, are the subject of proceedings concerning those matters, or are in any analogous situation arising from a similar procedure provided for in national legislation or regulations;
they or persons having powers of representation, decision-making or control over them have been convicted of an offence concerning their professional conduct by a judgment of a competent authority of a Member State which has the force of res judicata;
they have been guilty of grave professional misconduct proven by any means which the contracting authority can justify including by decisions of the EIB and international organisations;
they are not in compliance with their obligations relating to the payment of social security contributions or the payment of taxes in accordance with the legal provisions of the country in which they are established or with those of the country of the contracting authority or those of the country where the contract is to be performed;
they or persons having powers of representation, decision-making or control over them have been the subject of a judgment which has the force of res judicata for fraud, corruption, involvement in a criminal organisation, money laundering or any other illegal activity, where such illegal activity is detrimental to the Union’s financial interests;
they are subject to a financial or administrative penalty referred to in Article 109(1) of the Financial Regulation;
they are subject to a conflict of interests;
they are guilty of misrepresenting the information required by the contracting authority as
a condition of participation in the procurement procedure or have failed to supply that information.
Proposals failing to meet the above criteria will not be further evaluated.
These same exclusion criteria also apply to affiliated entities. Applicants and their affiliated entities, if applicable, must certify that they are not in one of the situations listed above.
8.2 Eligible actions
Only actions which can be identified as "projects of common interest" as defined in the Telecom Guidelines9 may receive EU financial assistance.
Proposals may be submitted by a single n/g CERT/CSIRT or by a consortium of several n/g CERTs/CSIRTs based in one or more Member States. Exceptionally, sectoral CERTs/CSIRTs may submit proposals or be part of consortia.
Each applicant must provide a written confirmation from the concerned Member States Ministry that an applicant has been designated as either n/g or sectoral CERT/CSIRT.
9. SELECTION CRITERIA
The operational and financial capacity of applicants and designated affiliated entities will be assessed as specified below.
9.1 Financial capacity
Applicants must have stable and sufficient sources of funding to maintain their activity throughout the period during which the action is being carried out and to participate in its funding.
Applicants' financial capacity will be assessed on the basis of the following supporting documents to be submitted with the application:
Grants > €60,000:
- the completed Financial Capacity Check form;
- the profit and loss account, the balance sheet for the last financial year for which the
accounts were closed;
- for newly created entities and/or applicants that do not have financial data available
for the last financial year, the applicant must provide a letter of support from a third party (another company such as the parent company or from another applicant in the same proposal). The letter of support must also be accompanied by the Financial Capacity Check form completed by the party providing support, including the relevant annexes (financial statements for the last year) and showing a 'satisfactory' or 'good' ratio analysis.
Grants ≥ €750,000:
- the completed Financial Capacity Check form
- the profit and loss account, the balance sheet for the last financial year for which the accounts were closed;
- an audit report produced by an approved external auditor certifying the accounts for the last financial year available
- for newly created entities and/or applicants that do not have certified financial data available for the last financial year, the applicant must provide a letter of support from a third party (another company such as the parent company or from another applicant in the same proposal). The letter of support must also be accompanied by the Financial Capacity Check form completed by the party providing support, including the relevant annexes (financial statements for the last year) and showing a 'satisfactory' or 'good' ratio analysis.
In the event of an application grouping several applicants (consortium), the above thresholds apply by applicant.
The requirement for applicants to demonstrate their financial capacity does not apply to Member States, public bodies established in the EU/EEA countries (Norway and Iceland), third countries, international organisations, European Economic Interest Groupings (EEIG)10 which are at least 50% owned by public body(ies), Joint Undertakings and affiliated entities unless the applicant relies fully on them for implementing the action.
9.2 Operational capacity
Applicants must have the operational and technical competencies and capacities required to complete the proposed action for which the grant is awarded. They must provide the appropriate documents attesting to that capacity (e.g. organisation activity reports, proof of experience in carrying out equivalent actions in related fields). Information submitted by applicants who benefited from CEF Telecom support as from 2014 may be taken into account in the evaluation of these applicants' operational capacity.
The requirement to demonstrate operational capacity does not apply to Member States, public bodies established in the EU/EEA countries (Norway and Iceland), third countries, international organisations, European Economic Interest Groupings (EEIG) which are at least 50% owned by public body(ies), Joint Undertakings and affiliated entities unless the applicant relies fully on them for implementing the action.
10. AWARD CRITERIA
The award criteria are defined in Annex 2 of the 2016 work programme.
The proposals will be evaluated on the basis of the following three criteria Relevance, Quality
and efficiency of the implementation and Impact as described below: Relevance
Alignment with the objectives and activities required for the deployment of the Digital Service Infrastructure described in Chapter 3 of the work programme and priorities set in Section 3 of the call text.
Alignment and synergies with relevant policies, strategies and activities at European and national level.
Quality and efficiency of the implementation
Maturity of the proposed solution (e.g. in terms of contribution towards interoperability, connectivity, sustainable deployment, operation, upgrading of trans-European digital service infrastructures, use of common building blocks, coordination at European level) and/or integration with existing components of the DSI.
Coherence and effectiveness of the work plan, including appropriateness of the allocation of tasks and resources.
Quality and relevant experience of the individual participants and, if more than one beneficiary, of the consortium as a whole (including complementarity, balance).
Extent to which the proposal demonstrates support from national authorities, industry and NGOs (when relevant).
Appropriate attention to security, privacy, inclusiveness and accessibility (when relevant). Impact and sustainability
Quality of the approach to facilitate wider deployment and take-up of the proposed actions.
A score will be applied to each of the three award criteria on a scale from 0 (insufficient) to 5 (excellent). The threshold for individual criteria is 3. The overall threshold, applying to the sum of the three individual scores, is 10.
At the end of the evaluation by independent experts, all evaluated proposals will be ranked, according to the scores obtained for each of the award criteria as indicated above.
If necessary, a priority order for proposals which have obtained the same score within a ranked list will be determined. The following approach will be applied successively for every group of ex aequo proposals11 requiring prioritisation, starting with the highest scored group, and continuing in descending order:
Proposals submitted by organisations established in an eligible country which is not otherwise covered by more highly-ranked proposals, will be considered to have the highest priority (geographical coverage).
The proposals identified under (i), if any, will themselves be prioritised according to the scores they have been awarded for the Relevance criterion. When these scores are equal, priority will be based on scores for the Impact and Sustainability criterion.
If a distinction still cannot be made, a further prioritisation may be done by considering how to enhance the quality of the project portfolio through synergies between proposals, or other factors related to the objectives of the call or to CEF in general. These factors will be documented.
There will be one proposal selected among those of entities based in the same Member State or EEA country, unless budget remains after all proposals above threshold from different participating countries have been served.
11. COMPLIANCE WITH EU LAW
In accordance with Article 23 of the CEF Regulation, only actions in conformity with EU law and which are in line with the relevant EU policies in the area of telecommunications infrastructure will be financed.
12. FINANCIAL PROVISIONS
12.1 General principles
12.1.1 Other sources of financing
Pursuant to Article 129 of the Financial Regulation, no EU financial aid will be awarded to actions receiving funds from other sources of EU financing. Under no circumstances will the same costs be financed twice by the EU budget.
12.1.2 Non-profit principle
In accordance with Article 125 of the Financial Regulation, grants shall not have the purpose or effect of producing a profit within the framework of the action. Where a profit is made, the Commission shall be entitled to recover the percentage of the profit corresponding to the EU contribution to the eligible costs actually incurred by the beneficiary to carry out the action12.
Pursuant to Article 130 of the Financial Regulation, no grants may be awarded retrospectively for actions already completed. A grant may be awarded for an action which has already begun provided that the applicant(s) can demonstrate the need for starting the action prior to the signature of the grant agreement.
12.2 Funding form
Grants to be awarded further to this call for proposals will take the form of reimbursement of a specified proportion of the eligible costs actually incurred.
12.2.1 Co-funding rates
The maximum co-financing rates of EU financial assistance to be granted under this call for proposals will not exceed 75% of the eligible costs of the action.
The Commission reserves the right to award a grant of less than the amount requested by the applicant.
Funding will be limited to a maximum of €1,000,000 per action.
12.2.2 Eligible costs
Eligible costs are costs actually incurred by the beneficiary of a grant which meet all the criteria laid down in Article 126(2) of the Financial Regulation. They may take a form of direct costs, (those specific costs that are directly linked to the implementation of the action and can therefore be attributed directly to it) and indirect costs (those costs which are not specific costs directly linked to the implementation of the action and can therefore not be attributed directly to it). The same criteria apply to the costs incurred by affiliated entities and implementing bodies.
Costs may be eligible at the earliest from the date on which an application is submitted. The indicative duration of an action proposed under this call is 24 months.
The applicants' attention is drawn to points (3) to (8) of Article 8 of the CEF Regulation concerning the eligibility of costs. The full costs of purchase of equipment and infrastructure which are treated as capital expenditure are eligible under this call.
Indirect costs are eligible for flat rate funding fixed at 7% of total direct eligible costs (minus subcontracting costs).
In line with the first subparagraph of Article 8(7) of the CEF Regulation and Article 126(3)(c) of the Financial Regulation, VAT paid by beneficiaries of grants awarded following this call for proposals is eligible except:
deductible VAT (VAT paid by the beneficiary for the implementation of taxed activities or exempt activities with right of deduction);
Detailed information on eligible and ineligible costs is included in the model grant agreement, which is available on the call webpage.
12.3 Payment arrangements
Actions will be eligible to receive a pre-financing of 50% of the maximum grant amount awarded that will be made within 30 days after the last party signs the grant agreement. No interim payment will be made.
In the event that the beneficiary's financial capacity is not satisfactory, the pre-financing payment may be subject to the receipt of a financial guarantee for up to the same amount as the pre- financing payment to be made.
The financial guarantee, in euro, should be provided by an approved bank or financial institution established in one of the EU Member States. When the beneficiary is established in a third country, INEA may agree that a bank or financial institution established in that third country may provide the guarantee if the bank or financial institution is considered to offer equivalent security and characteristics as those offered by a bank or financial institution established in a Member State. Amounts blocked in bank accounts will not be accepted as financial guarantees.
The guarantee may be replaced by a joint or several guarantees provided by third parties or by a joint guarantee of the beneficiaries of an action that are parties to the same grant agreement. The guarantee will be released when the pre-financing is cleared against the interim payment, if applicable, and/or the balance of payment(s) made, in accordance with the conditions laid down in the grant agreement.
The final amount of the grant to be awarded to the beneficiary is established after completion of the action, upon approval of the request for payment including, where applicable, the supporting documents as described in the model grant agreement.
A coordinator must be designated for multi-beneficiary actions. The coordinator will be the contact point for INEA and will have, inter alia, the responsibility for receiving the payment(s) and coordinating the reporting exercise(s). It is strongly recommended that beneficiaries sign an internal cooperation agreement regarding their operation and coordination, including all internal aspects related to the management of the beneficiaries and the implementation of the action.
13. PROCEDURE FOR SUBMISSION OF PROPOSALS
All practical information on this call for proposals and the evaluation process is detailed in the Guide for Applicants. It is available, together with the application forms, model grant agreement, the 2016 work programme, and other relevant documents on the call webpage accessible via the following link: https://ec.europa.eu/inea/en/connecting-europe-facility/cef-telecom/apply- funding/2016-cef-telecom-call-cyber-security-cef-tc-2016-3.
Applicants are requested to carefully read all call-related documents, including the instructions given in the Guide for Applicants.
13.1 Application forms
Proposals must be submitted using the application forms provided on the call webpage at the link above.
Proposals must be signed by the applicant(s) or its duly authorized representative and must be perfectly legible so that there can be no doubt as to words and figures.
The applicant(s) specified in the application form part A will automatically be considered as the beneficiary(ies) if the proposal is selected for funding. If applicants designate affiliated entities within the meaning of Article 122 of the Financial Regulation to support the implementation of the submitted action, the information on these affiliated entities must be encoded in the application form part A, and any relevant supporting documents must be provided.
13.2 Submission of proposals
Applicants are strongly encouraged to submit their applications in English.
Proposals must be submitted electronically using the TENtec eSubmission module. The electronic submission of all parts of the proposal must be completed at the latest by Thursday, 15 December 2016 at 17:00.00 Brussels time (see also section 7 on Admissibility requirements).
Application form part A is automatically generated by the eSubmission module. Application form parts B, C and D must be downloaded from the call webpage at the link above and duly filled in. Once final, these must be uploaded into the TENtec eSubmission module. The same applies to any other annexes or supporting documents accompanying the proposal.
Any parts of the application form that require signatures of applicants or relevant authorities must be scanned and uploaded into the TENtec eSubmission module. Applicants must be able to provide the original documents and send them to the Commission/Agency services upon request.
Advanced electronic signatures based on a qualified certificate13 as defined by Regulation 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation) and which comply with the signature formats specified in Commission Implementing decision 2015/1506 shall be accepted. If a document is e-signed, a printable version of the document must be uploaded in the TENTec eSubmission module.
Consult the Guide for Applicants for more information on how to complete the application.
14. COMMUNICATION ON THE CALL FOR PROPOSALS
Further information or clarifications on this call for proposals will be published on the call webpage at the following link: https://ec.europa.eu/inea/en/connecting-europe-facility/cef- telecom/apply-funding/2016-cef-telecom-call-cyber-security-cef-tc-2016-3.
Applicants are invited to consult this page and the INEA website/Twitter feed (@inea_eu) regularly until the deadline for submission of proposals.
Any other specific questions related to this call may be addressed to the call helpdesk: INEA- CEF-Telecom-Calls@ec.europa.eu.
The answers to submitted questions will be published in a FAQ list accessible via the call webpage, to ensure equal treatment of all potential applicants. Questions related to the call should be submitted at the latest by 1 December 2016 to ensure sufficient time for the last update of the FAQs by 8 December 2016.
Questions which are specific to a particular proposal and for which the answer would provide a comparative advantage to the applicant will not be answered.
However, individual technical questions related to TENtec eSubmission module will be treated until the call deadline.
Please note that proposals must not be sent to the helpdesk e-mail address.
15. PROCESSING OF PERSONAL DATA
An applicant's reply to the grant application involves the recording and processing of personal data (such as name, address and CV), which will be processed pursuant to Regulation (EC) No 45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data. Unless indicated otherwise, applicant's replies to the questions in this form and any personal data requested are required to assess an applicant's grant application in accordance with the specifications of the call for proposals and will be processed solely for that purpose by INEA as data controller for this purpose. An applicant may, upon request, have his/her personal data sent to him/her and rectify any inaccurate or incomplete particulars. Should an applicant have any queries concerning the processing of his/her personal data, please address them to the entity acting as data controller within INEA.
The data subjects have the right of recourse at any time to INEA's Data Protection Officer (INEA- DPO@ec.europa.eu) or in case of conflict with the Controller or data protection officer concerning the processing of his/her personal data, an applicant has the right to submit a complaint at any time directly to the European Data Protection Supervisor (www.edps.europa.eu).
Details concerning the processing of an applicant's personal data are available in the privacy statement on the call webpage: https://ec.europa.eu/inea/en/connecting-europe-facility/cef- telecom/apply-funding/2016-cef-telecom-call-cyber-security-cef-tc-2016-3.
Personal data included in the application (name, title. organisation, contact information) may be shared with the concerned Member States' representatives in the CEF Coordination Committee on a need to know basis in view of their role in the approval of proposals selected for funding as well as responsibilities under the CEF Regulation.
As specified in the call text, the personal details of applicants and, if they are legal entities, persons who have powers of representation, decision-making or control over them, may be registered in by the Accounting Officer of the Commission in the Early Detection and Exclusion System (EDES) established by the Commission pursuant to Article 108(1) of Regulation (EU, Euratom) No 966/2012 on the financial rules applicable to the general budget of the Union, as amended by Regulation (EU, Euratom) No 2015/1929 (OJ L 286, 30.10.2015, p. 1).
For more information on EDES (including the grounds for being registered in the database), please see http://ec.europa.eu/budget/explained/management/protecting/protect_en.cfm
and the privacy statement at
Applicants are informed that, to ensure that the EU’s financial interests are protected, their personal data may be communicated to internal audit services, the European Commission, the European Court of Auditors, the body specialising in financial irregularities (Financial Irregularities Panel) or the European Anti-Fraud Office (OLAF).
The data of applicants in any of the situations referred to in Articles 106(1), 107 and 109(2)(a) of the Financial Regulation may be included in a central exclusion database and communicated to designated persons in the Commission, the other institutions, agencies, authorities and bodies referred to in Article 108(1) and (2) of the Financial Regulation. This also applies to those with powers of representation, decision-making power or powers of control in respect of such applicants. Following a request to the Commission’s Accounting Officer, anyone registered in the database is entitled to be informed of the data recorded about them.
16. IMPORTANT DOCUMENTS
Please refer to all of the following documents, available on the call webpage, when preparing the application:
2016 work programme
Application form (Parts A, B, C and D)
Guide for Applicants
FAQs published on the call page
Model grant agreement