2018 CEF Telecom Call - Cyber Security (CEF-TC-2018-3)

Deadline: Nov 22, 2018  
CALL EXPIRED

1. BACKGROUND AND RATIONALE

The general context for this call for proposals is defined in section 3.8 of the 2018 CEF Telecom Work Programme1 as published on the call page on the Innovation and Networks Executive Agency (INEA) website.2 The background and rationale for this call for proposals are defined in section 3.8.1 of the 2018 Work Programme.

This call for proposals forms part of a set of coordinated calls covering the CEF Telecom, CEF Transport and CEF Energy sectors. The coordinated calls aim at exploiting synergies between these three sectors related to the aspect of digitalisation with a view to foster the development and implementation of coherent digital infrastructure and solutions across the various networks within the scope of the three CEF sectors. The calls will be published on the INEA website3, which applicants are encouraged to consult.

 

2. PRIORITIES & OBJECTIVES

2.1 Priority outcomes

The priority outcomes of this call for proposals are defined in section 3.8.2.2 of the 2018 Work Programme. Applicants who already received CEF funding under previous CEF calls and who plan to apply under this call must clearly explain in the relevant section of 

application form part D of their proposal (notably section 1 and/or 2.1) how their proposed Action will differ from the action(s) funded under the previous call(s).

The Objectives of this call and the activities that could be funded are described below.

Each proposal must address only one of the following Objectives and should clearly specify which Objective is being addressed.

Objective 1: Capability development of national CSIRTs (Computer Security Incident Response Teams) designated by the Member States in line with the Security of Network and Information Systems Directive (Directive (EU) 2016/1148) ("NIS Directive")

Funding will be granted as an incentive to CSIRTs designated by the Member States, as required by the NIS Directive4, to develop their cybersecurity capacity and for their participation in the MeliCERTes facility co-operation mechanism. Details of the MeliCERTes facility are available to the designated CSIRTs through the CSIRTs Network portal, hosted by European Union Agency for Network and Information Security (ENISA).

Proposals submitted under this Objective:

•  must address activities to facilitate the access from national CSIRTs to the MeliCERTes facility cooperation mechanism e.g. systems integration; testing; the development or acquisition of secure devices and software, interfaces, gateways; translation of local tools into common formats.
•  where relevant, they may also address activities for increasing the preparedness of national CSIRTs e.g. the development or acquisition of infrastructure including software tools; development of skills and structural support encompassing training and services to local agents; business case development (i.e. economic and financial appraisal and evaluation).

Relevant activities might include, but should not necessarily be limited to:

•   Infrastructure: acquisition and operation of national level cybersecurity IT systems; experimental test-beds including infrastructure for cyber ranges; training facilities; Security Incident and Event Management infrastructure, honeypots, sandboxes, simulation environments, other software tools for automation, risk and threat assessment, incident and event management, forensic computing and malware analysis.

•   Skills and structural support development: joint training courses; “capture the flag” cybersecurity challenges; “Red and Blue teaming”, hackathons, cyber exercises (including Europe-wide events); awareness campaigns; legal compliance and organisational analysis; risk management; business continuity and disaster recovery planning.

   

Proposals selected under this Objective are expected to demonstrate the interaction with or use of the MeliCERTes facility by the end of the action.

Only one grant per Member State will be funded. Priority will be given to entities that were not financed under the Cyber Security Calls of CEF Telecom Work Programmes 2016 and 2017.

For this Objective, a maximum funding of €1,000,000 per selected proposal will be awarded.

Objective 2: Capability development of Operators of Essential Services (OES) and Digital Service Providers (DSP) in line with the Security of Network and Information Systems Directive (Directive (EU) 2016/1148) ("NIS Directive")

Funding will be granted to Operators of Essential Services (OESs) and Digital Service Providers (DSPs), as defined in the NIS Directive, as an incentive to develop their cybersecurity capacity above the minimum baseline security and reporting requirements set by the NIS Directive. For DSPs these requirements are further specified in the Commission Implementing Regulation laying down rules for application of the NIS Directive ((EU) 2018/151).5

Targeted OESs are those identified or in the process of being identified by the Member States in the context of the NIS Directive.6 Proposals involving the transport and energy sectors are particularly welcome.

Targeted DSPs are those entities that fall under the definition of Article 4(5) of the NIS Directive. Accordingly, digital services are defined as “ any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services" of the type "online market place, online search engine and cloud computing service". 

Proposals submitted under this Objective must address activities for increasing the preparedness of OESs and DSPs e.g. development or acquisition of infrastructure including software tools; development of skills and structural support encompassing training and services to local agents; national level information exchanges/Information Sharing and Analysis Centres (ISACs); and business case development (i.e. economic and financial appraisal and evaluation).

Relevant activities might include, but should not necessarily be limited to:

•   Infrastructure: acquisition and operation of cybersecurity IT systems (Security Operations Centres, firewalls, intrusion detection/prevention, monitoring equipment and software); training facilities; self-assessment security and reporting toolkits; auditing tools (vulnerability assessment, penetration testing); Security Incident and Event Management infrastructure; honeypots; simulation environments; other software tools for automation, risk and threat assessment, incident and event management, forensic computing.

•   Skills and structural support development: staff awareness raising, awareness campaigns and training courses; “capture the flag” cybersecurity challenges, “Red and Blue teaming”, hackathons, cyber exercises (including Europe-wide events); legal compliance and organisational analysis; risk management; business continuity and disaster recovery planning.

Proposals funded under this Objective are expected to improve the applicant’s preparedness and situational awareness through voluntary secure information exchange of cybersecurity risks, threats, vulnerabilities and incidents. Beneficiaries will be expected to participate in the co-operation mechanism for European level sectoral ISACs (Information Sharing and Analysis Centres) that will be established by the European Commission in the course of 2018-2019.

For this Objective, proposals requesting a contribution in the order of €150,000 are expected.

Objective 3: Capability development in the area of cybersecurity to support Cooperative Connected and Automated Mobility in the public and private sectors, in particular for electric vehicles

Funding will be granted as incentive for all eligible applicants (including from the public and private sectors) to develop their cybersecurity capability in relation to Cooperative Connected and Automated Mobility (CCAM), in particular for electric vehicles.

In the context of the current call for proposals, Cooperative and Connected Automated Mobility is intended as covering the levels of driving automation 3, 4 and 5, as defined by the International Society of Automotive Engineers (SAE)8, and covers both hardware such as roadside infrastructure, 5G telecommunications systems, vehicles and traffic navigation and control as well as enabling software applications and dataflows. Cybersecurity here is concerned with the confidentiality, integrity and availability of both the infrastructure and the enabling data for safe, efficient and intelligent mobility.

Proposals submitted under this Objective must address activities focused on developing more resilient and secure dataflows, as well as for increasing the preparedness of the underlying hardware to reduce vulnerabilities and to withstand cyber threats and attacks. In particular, proposals associated with 5G deployments along cross-border road corridors, to be specified in the proposal, and involving connected, automated vehicles would provide practical feedback on cybersecurity risks and incidents.

Relevant activities might include, but should not necessarily be limited to: acquisition and operation of cybersecurity IT systems (Security Operations Centres, firewalls, intrusion detection/prevention, monitoring equipment and software); training facilities, self-assessment security and reporting toolkits; auditing tools (vulnerability assessment, penetration testing); Security Incident and Event Management infrastructure, honeypots, simulation environments, other software tools for automation, risk and threat assessment, incident and event management, forensic computing.

In addition proposals may address skills and structural support development: staff awareness raising and training courses; “capture the flag” cyber security challenges, “Red and Blue teaming”, hackathons, cyber exercises (including Europe-wide events); risk management, business continuity and disaster recovery planning, and legal compliance.

Proposals funded under this Objective are expected to improve the applicant’s preparedness and situational awareness through voluntary secure information exchange of cybersecurity risks, threats, vulnerabilities and incidents. They will be expected to participate in the co-operation mechanism for European level ISACs (Information Sharing and Analysis Centres) for CCAM that will be established by the European Commission in the course of 2018-2019.

For this Objective, proposals requesting a contribution in the order of €150,000 are expected.

Objective 4: Capability development of National Competent Authorities (NCAs) and Single Points of Contact (SPOCs) designated in line with the Security of Network and Information Systems Directive (Directive (EU) 2016/1148) ("NIS Directive")

Funding will be granted as incentive to National Competent Authorities (NCAs) and Single Points of Contact (SPOCs) identified by the Member States, as required by the NIS Directive, to develop their cybersecurity capacity in order to effectively undertake the liaison, regulation and enforcement obligations set out in the NIS Directive.

Proposals submitted under this Objective must address activities for improving the effectiveness of NCAs and SPOCs e.g. development or acquisition of tools and skills to access the security of network and information systems of OES and DSPs, and the set-up of structural support.

Relevant activities might include, but should not necessarily be limited to:

•   Infrastructure: acquisition and operation of experimental test-beds including cyber ranges, training facilities; product security testing and certification equipment; secure control rooms, specialised ICT Security certification laboratories for testing digital products and services, risk management and audit tools (vulnerability assessment, penetration testing), databases for exploits, vulnerabilities, notifications, annual reporting; simulation environments, software tools for risk and threat assessment, incident and event management and forensic computing.

•   Skills and structural support development: training courses, cyber exercises (including Europe-wide events); risk management and auditing; repositories of good practices; compliance management; statistical analysis and legal compliance.

 

Beneficiaries funded under this Objective are expected to participate in the co-operation mechanism for notification and reporting of incidents in connection with the NIS Directive that will be established by the European Commission in the course of 2018- 2019.

Priority is given to SPOCs whether they are also NCAs or not.

For this Objective, proposals requesting a contribution in the order of €100,000 are expected.

Objective 5: Capability development for public bodies established by national or European legislation in a Member State to meet European Union Policy objectives associated with Operational Level Cyber Security

Funding will be granted as incentive to public bodies legally established by national or European legislation, having a structured cooperation agreement with at least eight other Member States, to meet European Union policy objectives associated with cybersecurity operations for the purpose of awareness raising, situational awareness and secure information exchange of cybersecurity risks, threats, vulnerabilities and incidents, or rapid incident response.

Proposals funded under this Objective must address activities for developing IT platforms for effective awareness raising and situational awareness and prompt incident response.

Proposed activities might include, but should not necessarily be limited to:

•   Infrastructure: acquisition and operation of IT enterprise networks, web portals, experimental test-beds including cyber ranges; training facilities; product security testing and certification equipment; secure control rooms; specialised ICT Security certification laboratories for testing digital products and services; risk management and audit tools (vulnerability assessment, penetration testing); databases for exploits, vulnerabilities, notifications; annual reporting; simulation environments; software tools for risk and threat assessment, incident and event management, forensic computing and malware analysis.

•   Skills and structural support development: training courses; cyber exercises (including Europe-wide events); risk management and auditing; repositories of good practices; compliance management; statistical analysis and legal compliance.

Proposals funded under this Objective are expected to improve the applicant’s preparedness and situational awareness through voluntary secure information exchange of cybersecurity risks, threats, vulnerabilities and incidents. Beneficiaries will be expected to participate in the co-operation mechanism for European level sectoral ISACs (Information Sharing and Analysis Centres) that will be established by the European Commission in the course of 2018-2019.

For this Objective, a maximum funding of €300,000 per selected proposal will be awarded.

 

2.2 Results expected from the financial assistance

The benefits and expected outcomes of this call for proposals are defined in sections 3.8.2.4 and 3.8.2.5 of the 2018 Work Programme, namely to allow Member States to limit the economic and political damage of cyber incidents, while reducing the overall costs of cybersecurity at the Member State level, as well as the EU as a whole.

The call also aims to improve compliance with the NIS Directive, create higher levels of situational awareness and crisis response, as well as improve the product certification processes in Europe. This may open new avenues for cross-European and multidisciplinary methodological and experimental cooperation that include Europe-wide views, perceptions and behaviours leading to higher preparedness and better cybersecurity resilience.

 

3. TIMETABLE

Date of publication of call for proposals
3 May 2018

Opening of the Submission System
16 May 2018

Deadline for the submission of proposals
22 November 2018 (17:00.00 Brussels time)

Evaluation of proposals
December 2018 – February 2019 (indicative)

Consultation of the CEF Committee
April 2019 (indicative)

Adoption of the Selection Decision
April 2019 (indicative)

Preparation and signature of grant agreements
between April and August 2019 (indicative)

 

4. BUDGET

The indicative amount to be allocated on the basis of this call for proposals to projects of common interest in the field of trans-European telecommunications for Cyber Security generic services is €13 million, out of which €4 million is earmarked for Co-operative Connected and  Automated Mobility.

 

5. ADMISSIBILITY REQUIREMENTS

Proposals must be:

 Submitted electronically in the TENtec Information System eSubmission module.9 In this respect, proposals or part(s) of proposals submitted by e-mail or

 

hard copy will not be admissible.

•   Submitted by the submission deadline (see sections 3 on "Timetable" and 12.2 on "Submission process").

•   Complete, i.e. all parts of the application form (A, B, C or D) are complete and uploaded in TENtec.

•   Duly signed by the applicant(s).

  Failure to comply with any of these requirements will lead to the rejection of the application.

 

6. ELIGIBILITY CRITERIA

6.1 Eligible applicants

In accordance with the 2018 Work Programme and pursuant to Article 9 of the CEF Regulation,10 only those proposals submitted by the following types of applicants are eligible:

•   One or more Member States;

•   With the agreement of the Member State(s) or EEA countr(y)ies concerned, international organisations, Joint Undertakings11, or public or private undertakings or bodies established in Member States.

•   For Objective 1: National CSIRTs designated by the Member States in line with the NIS Directive.

•   For Objective 2: Proposals submitted under Objective 2 must include at least one Operator of Essential Services (OES), or at least one Digital Service Provider (DSP):

  •   Targeted OES are those entities identified or in the process of being identified

    by the Member States in the context of the NIS Directive. All OES must download from the call webpage12, fill in, and upload as a supporting document the letter of support, to be signed by the relevant Ministry/National Authority declaring that the applicant is or is in the process of being identified as an OES. Where the same Ministry/National Authority is responsible for the identification of several applicants as OES, it is possible to submit one letter of support listing all the relevant applicants.

    Entities in the process of being identified as OES at the moment of submission will have to confirm their OES status, if their proposal is retained for funding.

  •   Targeted DSPs are those entities that fall under the definition of Article 4(5) of the NIS Directive. Article 4(5) of the NIS Directive refers to point (b) of available under the "Application Forms" section of the call webpage: https://ec.europa.eu/inea/en/connecting-europe-

    facility/cef-telecom/apply-funding/2018-cyber-security

     

Article 1(1) of Directive (EU) 2015/1535, and it further narrows the scope of the definition of digital services to the types of services listed in Annex III. In particular, Article 1(1) point (b) of Directive (EU) 2015/1535 defines these services as “any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services” and Annex III of the Directive narrows down the definition to three specific types of services: online market place, online search engine and cloud computing service13.

All DSPs must download from the call webpage14, fill in, and upload as a supporting document the self-declaration that they meet the definition of a DSP stated in the NIS Directive.

•   For Objective 4: National Competent Authorities (NCAs) and/or Single Points of Contact (SPOCs) designated by the Member States in line with the NIS Directive.

•   For Objective 5: Proposals submitted under Objective 5 must include at least one

  public body legally established by national or European legislation, having a structured cooperation agreement with at least eight other Member States.

For British applicants: Please be aware that eligibility criteria must be complied with for the entire duration of the grant. If the United Kingdom withdraws from the EU during the grant period without concluding an agreement with the EU ensuring in particular that British applicants continue to be eligible, you will cease to receive EU funding (while continuing, where possible, to participate) or be required to leave the project on the basis of Article II.16.3.1 (a) (change of the legal situation of the beneficiary) of the grant agreement.15

EEA countries

In accordance with section 5.3.1 of the 2018 Work Programme, European Free Trade Association (EFTA) countries which are members of the European Economic Area (EEA) may participate16 in the call for proposals, even when not explicitly mentioned in the Work Programme text, with the same rights, obligations and requirements as EU Member States. At the time of call publication, these conditions apply to Norway and Iceland only.17

Third countries and third country entities

Where necessary to achieve the objectives of a given project of common interest and where duly motivated, third countries and entities established in third countries may participate in actions contributing to the projects of common interest. They may not receive funding under the CEF Regulation, except where it is indispensable to achieve the objectives of a given project of common interest.

Acceding states and candidate countries benefiting from a pre-accession strategy may also participate in the sector of the CEF covering telecommunications infrastructure in accordance with agreements signed with the EU. As at the time of call publication no such agreements have been signed, the same conditions as for third countries apply to acceding states and candidate countries.

Third countries and entities established in third countries may only participate as part of a consortium with applicants from EU/EEA countries. The application must contain the agreement of the Member State concerned by the proposed Action and a declaration from the European partner involved in the proposal on why the participation of the third country applicant is indispensable. Applicants that are entities established in a third country must also provide proof of the support of the third country authorities concerned by the action.

Applicants without legal personality

Proposals may be submitted by entities which do not have legal personality under the applicable national law, provided that their representatives have the capacity to undertake legal obligations on their behalf and offer a guarantee for the protection of the EU's financial interests equivalent to that offered by legal persons.

Natural persons

Proposals submitted by natural persons are not eligible.

Affiliated entities

Applicants may designate affiliated entities within the meaning of Article 122(2)(b) of the Financial Regulation,18 for the purpose of supporting the implementation of the action submitted for funding. Such affiliated entities must comply with the eligibility criteria for applicants.

Member State agreement

Any applicant that cannot provide the agreement of the EU Member State or EEA country concerned will not be eligible.

6.2 Exclusion criteria

In line with Articles 106 to 108 and 131 of the Financial Regulation and Article 141 of the Rules of Application,19 applicants will be excluded from participating in the call for proposals procedure if they are in any of the following situations:

1. (a) the applicant is bankrupt, subject to insolvency or winding-up procedures, where its assets are being administered by a liquidator or by a court, where it is in an arrangement with creditors, where its business activities are suspended, or where it is in any analogous situation arising from a similar procedure provided for under national laws or regulations;

2. (b)  it has been established by a final judgment or a final administrative decision that the applicant is in breach of its obligations relating to the payment of taxes or social security contributions in accordance with the law of the country in which it is established, with those of the country in which the authorising officer is located or those of the country of the performance of the contract;

3. (c)  it has been established by a final judgment or a final administrative decision that the applicant is guilty of grave professional misconduct by having violated applicable laws or regulations or ethical standards of the profession to which the applicant belongs, or by having engaged in any wrongful conduct which has an impact on its professional credibility where such conduct denotes wrongful intent or gross negligence, including, in particular, any of the following:

   1. (i)  fraudulently or negligently misrepresenting information required for the verification of the absence of grounds for exclusion or the fulfilment of selection criteria or in the performance of a contract, a grant agreement or a grant decision;

   2. (ii)  entering into agreement with other applicants with the aim of distorting competition;

   3. (iii)  violating intellectual property rights;

   4. (iv)  attempting to influence the decision-making process of the

      Commission/Agency during the award procedure;

   5. (v)  attempting to obtain confidential information that may confer upon it

      undue advantages in the award procedure;

4. (d)  it has been established by a final judgment that the applicant is guilty of any of the following:

   1. (i)  fraud, within the meaning of Article 1 of the Convention on the protection

      of the European Communities' financial interests, drawn up by the Council

      Act of 26 July 1995;

   2. (ii)  corruption, as defined in Article 3 of the Convention on the fight against

      corruption involving officials of the European Communities or officials of Member States of the European Union, drawn up by the Council Act of 26 May 1997, and in Article 2(1) of Council Framework Decision 2003/568/JHA, as well as corruption as defined in the law of the country where the contracting authority is located, the country in which the applicant is established or the country of the performance of the contract;

   3. (iii)  participation in a criminal organisation, as defined in Article 2 of Council Framework Decision 2008/841/JHA;

   4. (iv)  money laundering or terrorist financing, as defined in Article 1 of Directive 2005/60/EC of the European Parliament and of the Council;

   5. (v)  terrorist-related offences or offences linked to terrorist activities, as

      defined in Articles 1 and 3 of Council Framework Decision 2002/475/JHA, respectively, or inciting, aiding, abetting or attempting to commit such offences, as referred to in Article 4 of that Decision;

   6. (vi)  child labour or other forms of trafficking in human beings as defined in Article 2 of Directive 2011/36/EU of the European Parliament and of the Council;

5. (e)  the applicant has shown significant deficiencies in complying with main obligations in the performance of a contract, a grant agreement or a grant decision financed by the Union's budget, which has led to its early termination or to the application of liquidated damages or other contractual penalties, or which has been discovered following checks, audits or investigations by an authorising officer, OLAF or the Court of Auditors;

6. (f)  it has been established by a final judgment or final administrative decision that the applicant has committed an irregularity within the meaning of Article 1(2) of Council Regulation (EC, Euratom) No 2988/95;

7. (g)  for the situations of grave professional misconduct, fraud, corruption, other criminal offences, significant deficiencies in the performance of the contract or irregularity, the applicant is subject to:

   1. (i)  facts established in the context of audits or investigations carried out by the Court of Auditors, OLAF or internal audit, or any other check, audit or control performed under the responsibility of an authorising officer of an EU institution, of a European office or of an EU agency or body;

   2. (ii)  non-final administrative decisions which may include disciplinary measures taken by the competent supervisory body responsible for the verification of the application of standards of professional ethics;

   3. (iii)  decisions of the ECB, the EIB, the European Investment Fund or international organisations;

   4. (iv)  decisions of the Commission relating to the infringement of the Union's competition rules or of a national competent authority relating to the infringement of Union or national competition law;

   5. (v)  decisions of exclusion by an authorising officer of an EU institution, of a European office or of an EU agency or body.

Remedial measures

If an applicant/affiliated entity declares one of the situations of exclusion listed above, it should indicate the measures it has taken to remedy the exclusion situation, thus demonstrating its reliability. This may include e.g. technical, organisational and personnel measures to prevent further occurrence, compensation of damage or payment of fines. The relevant documentary evidence which illustrates the remedial measures taken must be provided in annex to the declaration. This does not apply for situations referred in point (d) above.

Rejection from the call for proposals

Grants will not be awarded to applicants who:

1. a)  are in an exclusion situation established in accordance with the list above;20

2. b)  have misrepresented the information required as a condition for participating in the procedure or has failed to supply that information;

3. c)  were previously involved in the preparation of call for proposal documents where this entails a distortion of competition that cannot be remedied otherwise.

The same exclusion criteria apply to affiliated entities. Applicants and their affiliated entities, if applicable, must certify that they are not in one of the situations listed above.

Administrative and financial penalties may be imposed on applicants, or affiliated entities where applicable, who are guilty of misrepresentation.

 

6.3 Eligible actions

In line with Article 7 of the CEF Regulation, only actions contributing to "projects of common interest" as identified in the Telecom Guidelines21 shall be eligible for support through EU financial aid in the form of grants.

Please note that failure to comply with any of the eligibility criteria indicated above will lead to the rejection of the application.

 

7. SELECTION CRITERIA

The selection criteria are referred to in Annex 2 of the Work Programme. The financial and operational capacity of applicants and designated affiliated entities will be assessed as specified below.

The requirement to demonstrate financial and operational capacity also applies to designated affiliated entities only where, according to the proposal, the affiliated entity(ies) will be the only one(s) implementing the proposed Action.

Exceptions: The requirement for applicants to demonstrate their financial and operational capacity does not apply to Member States, public sector undertakings or bodies established in the EU/EEA countries (Norway and Iceland), third countries, international organisations, European Economic Interest Groupings (EEIG)22 in which at least one member is a public sector body, Joint Undertakings, and transmission system operators as defined in point (4) of Article 2 of Directive 2009/72/EC and certified following the procedures laid down in Articles 10 or 11 of Directive 2009/72/EC23 or Articles 10 or 11 of Directive 2009/73/EC.24

7.1 Financial capacity

Applicants must have stable and sufficient sources of funding to maintain the proposed activities throughout the period during which the action is being carried out and to participate in its funding.

Applicants' financial capacity will be assessed on the basis of the following supporting documents to be submitted with the application, according to the amount of CEF funding requested:

 Low value grants (≤ €60,000):

• - a declaration on their honour.

  Grants > €60,000:

• -  the completed Financial Capacity Check form;

• -  the profit and loss account, the balance sheet for the last financial year for

  which the accounts were closed;

• -  for newly created entities and/or applicants that do not have financial data

  available for the last financial year, the applicant must provide a letter of support from a third party (another company such as the parent company or from another applicant in the same proposal). The letter of support must also be accompanied by the Financial Capacity Check form completed by the party providing support, including the relevant annexes (financial statements for the last year) and showing a 'satisfactory' or 'good' ratio analysis.

  Grants ≥ €750,000:

• -  the completed Financial Capacity Check form

• -  the profit and loss account, the balance sheet for the last financial year for which the accounts were closed;

• -  an audit report produced by an approved external auditor certifying the accounts for the last financial year available

• -  for newly created entities and/or applicants that do not have certified financial data available for the last financial year, the applicant must provide a letter of support from a third party (another company such as the parent company or from another applicant in the same proposal). The letter of support must also be accompanied by the Financial Capacity Check form completed by the party providing support, including the relevant annexes (financial statements for the last year) and showing a 'satisfactory' or 'good' ratio analysis.

  In the event of an application grouping several applicants (consortium), the above thresholds apply by applicant.

7.2 Operational capacity

Applicants must have the professional competencies and appropriate qualifications necessary to complete the proposed Action for which the grant is sought. To assess this capacity, applicants must provide the following documents:

•   description of the profiles of the people primarily responsible for managing and implementing the action (e.g. accompanied by a curriculum vitae);

•   the organisation's activity reports for at least the last year;

•   a list of previous actions and activities carried out in equivalent actions in related fields

If compliant with the above-mentioned requirements, information submitted by applicants who have benefited from CEF support since 2014 may be taken into account in the evaluation of their operational capacity.

 

8. AWARD CRITERIA

Proposals will be evaluated against the following award criteria, which are defined in Annex 2 of the 2018 Work Programme. These three criteria are Relevance, Quality and efficiency of the implementation and Impact and sustainability and are described below:

Relevance

•   Alignment with the objectives and activities required for the deployment of the Digital Service Infrastructure described in Chapter 3 of the Work Programme and priorities set in section 2 of the call text.

•   Alignment and synergies with relevant policies, strategies and activities at European and national level.

  Quality and efficiency of the implementation

•   Maturity of the proposed solution (e.g. in terms of contribution towards interoperability, connectivity, sustainable deployment, operation, upgrading of trans-European digital service infrastructures, use of common building blocks, coordination at European level) and/or integration with existing components of the DSI.

•   Coherence and effectiveness of the work plan, including appropriateness of the allocation of tasks and resources.

•   Quality and relevant experience of the individual participants and, if more than one beneficiary, of the consortium as a whole (including complementarity, balance).

•   Extent to which the proposal demonstrates support from national authorities, industry and NGOs (when relevant).

•   Appropriate attention to security, privacy, inclusiveness and accessibility (when relevant).

  Impact and sustainability

•   Quality of the approach to facilitate wider deployment and take-up of the proposed Actions.

•   Capability to survive, develop and scale up without European Union funding after the end of the project with a view to achieving long-term sustainability, where appropriate through funding sources other than CEF.

A score will be applied to each of the three award criteria on a scale from 0 (insufficient) to 5 (excellent). The threshold for individual criteria is 3. The overall threshold, applying to the sum of the three individual scores, is 10. Only proposals with a score on or above these thresholds (individual and overall) may be recommended for funding.

Ranking list

At the end of the evaluation by independent experts, all evaluated proposals will be ranked, according to the scores obtained for each of the award criteria as indicated above and according to any budgetary constraints set by this call text.

If necessary, a priority order for proposals which have obtained the same score within a ranked list will be determined. The following approach will be applied successively for every group of ex aequo proposals25 requiring prioritisation, starting with the highest scored group, and continuing in descending order:

1. Proposals submitted by organisations established in an eligible country which is not otherwise covered by more highly-ranked proposals, will be considered to have the highest priority (geographical coverage).

2. Proposals identified under (i), if any, will be prioritised according to the scores they have been awarded for the Relevance criterion. When these scores are equal, priority will be based on scores for the Impact and Sustainability criterion.

If a distinction still cannot be made, further prioritisation may be done by considering how to enhance the quality of the project portfolio through synergies between proposals, or other factors related to the objectives of the call or to the CEF Work Programme in general. These factors will be documented in the evaluation report.

 

9. COMPLIANCE WITH EU LAW

In accordance with Article 23 of the CEF Regulation, only actions in conformity with EU law, in particular in the area of public procurement, and which are in line with the relevant EU policies in the area of telecommunications infrastructure shall be financed.

 

 

10. FINANCIAL PROVISIONS

10.1 General principles

Other sources of financing

Pursuant to Article 129 of the Financial Regulation, an action may only receive one grant from the EU budget. Under no circumstances will the same costs be financed twice by the EU budget.

To ensure this, applicants must indicate in the application the sources and amounts of EU funding received or applied for the same action or part of the action, as well as any other funding received or applied for the same action.

In this respect, any proposed Action or part(s) thereof that receives or has received EU funding under the CEF or other EU Programmes (e.g. European Structural and Investment Funds (ESIF), Horizon 2020, etc.) will not be funded under this call.

10.1.2 No-profit principle

In accordance with Article 125 of the Financial Regulation, grants shall not have the purpose or effect of producing a profit within the framework of the action. Where a profit is made, the Commission/INEA will be entitled to recover the percentage of the profit corresponding to the EU contribution to the eligible costs actually incurred by the beneficiary to carry out the action.26

10.1.3 Non-retroactivity

Pursuant to Article 130 of the Financial Regulation, no grants may be awarded retrospectively for actions already completed. A grant may be awarded for an action which has already begun provided that the applicant(s) can demonstrate the need for starting the action prior to the signature of the grant agreement.

10.2 Form of the grant

10.2.1 Reimbursement of costs actually incurred

Grants to be awarded further to this call for proposals will take the form of reimbursement of a specified proportion of the eligible costs actually incurred.27

Co-funding rate

In line with Article 10(4) of the CEF Regulation, the EU financial assistance to be granted under this call for proposals shall not exceed 75% of the total eligible costs of the action.

The Commission reserves the right to award a grant of less than the amount requested by the applicant.

10.2.2 Eligible costs

Eligible costs are costs actually incurred by the beneficiary of a grant, which meet all the criteria laid down in Article 126(2) of the Financial Regulation.

The beneficiary's internal accounting and auditing procedures must permit direct reconciliation of the costs and revenue declared in respect of the action with the corresponding accounting statements and supporting documents.

The same criteria apply to the costs incurred by designated affiliated entities and implementing bodies.

Eligible costs may take the form of direct costs, (those specific costs that are directly linked to the implementation of the action and can therefore be attributed directly to it) and indirect costs (those costs which are not specific costs directly linked to the implementation of the action and can therefore not be attributed directly to it). Indirect costs are eligible for flat rate funding fixed at 7% of total direct eligible costs (minus subcontracting costs).

Applicants' attention is drawn to points (3) to (8) of Article 8 of the CEF Regulation concerning the eligibility of costs. The full costs of purchase of equipment and infrastructure which are treated as capital expenditure are eligible under this call.

Costs may be eligible at the earliest from the date on which an application is submitted.28

 

 

VAT

In line with the first subparagraph of Article 8(7) of the CEF Regulation and Article 126(3)(c) of the Financial Regulation, VAT paid by beneficiaries of grants awarded following this call for proposals is eligible except:

•   deductible VAT (VAT paid by the beneficiary for the implementation of taxed activities or exempt activities with right of deduction);

•   VAT paid for the implementation of activities engaged in as a public authority by the beneficiary where it is a Member State, regional or local government authority of a Member State or another body governed by public law of a Member State.

Financial support to third parties

The applications may not envisage provision of financial support to third parties.

Detailed information on eligible and ineligible costs is included in Article II.19 of the model grant agreement, which is available on the call webpage.

10.3 Payment arrangements

Actions will be eligible to receive a pre-financing of up to 50% of the maximum grant amount awarded that will be made within 30 days after the last party signs the grant agreement. No interim payment will be made.

In the event that the beneficiary's financial capacity is not satisfactory, the pre-financing payment may be subject to the receipt of a financial guarantee for up to the same amount as the pre-financing payment to be made.

The financial guarantee, in euro, must be provided by an approved bank or financial institution established in one of the EU Member States. When the beneficiary is established in a third country, INEA may agree that a bank or financial institution established in that third country may provide the guarantee if the bank or financial institution is considered to offer equivalent security and characteristics as those offered by a bank or financial institution established in a Member State. Amounts blocked in bank accounts will not be accepted as financial guarantees.

The guarantee may be replaced by a joint or several guarantees provided by third parties or by a joint guarantee of the beneficiaries of an action that are parties to the same grant agreement. The guarantee will be released when the pre-financing is cleared against the interim payment, if applicable, and/or the balance of payment(s) made, in accordance with the conditions laid down in the grant agreement.

The final amount of the grant to be awarded to the beneficiary is established after completion of the action, upon approval of the request for payment including, where applicable, the supporting documents as described in the model grant agreement.

 

 

10.4 Indicative duration

The indicative duration of an action proposed under this call is 24 months.

 

11. GRANT AGREEMENT

Applicant(s) will be invited by INEA to sign a grant agreement drawn up in euro and detailing the conditions and level of CEF funding, if the proposal is selected for funding. The standard model grant agreement, available on the call page, is not negotiable and will be signed in English.

Submitting an application implies the acceptance of the terms and conditions of the model grant agreement. Applicants are recommended to carefully read this document and its annexes before submitting an application.

A coordinator must be designated for multi-beneficiary actions. The coordinator will be the contact point for INEA and will have, inter alia, the responsibility for receiving the payment(s) and coordinating the reporting exercise(s). It is strongly recommended that beneficiaries sign an internal cooperation agreement regarding their operation and coordination, including all internal aspects related to the management of the beneficiaries and the implementation of the action.

 

12. PROCEDURE FOR SUBMISSION OF PROPOSALS

All practical information on this call for proposals and the evaluation process is detailed in the Guide for Applicants. It is available, together with the application forms, model grant agreement, the 2018 Work Programme, and other relevant documents on the call webpage: https://ec.europa.eu/inea/en/connecting-europe-facility/cef-telecom/apply-funding/2018- cyber-security

Applicants are requested to carefully read all call-related documents, including the detailed instructions given in the Guide for Applicants on how to complete their applications and other guidance documents and information, in particular the Frequently Asked Questions (FAQ).

12.1 Application forms

Proposals must be submitted using the application forms provided on the call webpage at the link above. Applicants are strongly encouraged to submit their applications in English.

Proposals must be signed by the applicant(s) or its duly authorized representative and must be perfectly legible so that there can be no doubt as to words and figures.

The applicant(s) specified in application form part A will automatically be considered as the beneficiary(ies) if the proposal is selected for funding. If applicants designate affiliated entities within the meaning of Article 122 of the Financial Regulation to support the implementation of the submitted action, information on these affiliated entities must be encoded in application form part A, and any relevant supporting documents must be provided.
For multi-applicant proposals, a coordinating applicant must be designated. 12.2 Submission process

Proposals must be submitted electronically using the TENtec eSubmission module, accessible via the following link: https://ec.europa.eu/inea/en/connecting-europe-facility/cef-telecom/apply-funding/2018- cyber-security before the call deadline: 22 November 2018 at 17:00.00 Brussels time (see also section 5 on Admissibility requirements).

Application form part A is automatically generated by the eSubmission module. Application form parts B, C, D, and where applicable the letter of support described under Objective 2, must be downloaded from the call webpage at the link above and duly completed. Once final, these must be uploaded into the TENtec eSubmission module. The same applies to any other annexes or supporting documents accompanying the proposal.

Applicants' attention is drawn to the fact that for application form part A, only the information encoded in the TENtec eSubmission module will be taken into account for the evaluation (notwithstanding the requirement to upload signed versions of application forms part A2.2 and A2.3). For the other forms and documents, only the last version uploaded in the TENtec eSubmission module will be taken into account for the evaluation.

Any parts of the application that require signatures of applicants or relevant authorities must be scanned and uploaded into the TENtec eSubmission module. Applicants must be able to provide the original documents and send them to the Commission/INEA services upon request.

Advanced electronic signatures based on a qualified certificate29 as defined by the eIDAS Regulation30 and which comply with the signature formats specified in Commission Implementing Decision 2015/1506 will be accepted. If a document is e-signed, a printable version of the document must be uploaded in the TENtec eSubmission module.

 

13. INFORMATION FOR APPLICANTS

Further information or clarifications on the call for proposals will be published on the call webpage. Please refer to all of the following documents, available on the call webpage, when preparing the application:

•   2018 Work Programme

•   CEF Regulation

•   Telecom Guidelines

•   Application form (Parts A, B, C, D, and where applicable the model letter of support described under Objective 2)

•   Guide for Applicants

•   FAQs published on the call page

•   Model grant agreement

•   Proposal checklist

•   EU Financial Regulation and Rules of application

•   Commission Decision on the reimbursement of personnel costs

Applicants are recommended to consult the webpage and the INEA website/Twitter feed (@inea_eu) regularly until the deadline for submission of proposals.

Questions related to this call must be addressed to the call helpdesk: INEA-CEF-Telecom-Calls@ec.europa.eu.

The answers to submitted questions will be published in a FAQ list accessible via the call webpage, to ensure equal treatment of all potential applicants. Questions related to the call should be submitted at the latest by 8 November 2018 to ensure sufficient time for the last update of the FAQs by 15 November 2018. However, individual technical questions related to TENtec eSubmission module will be treated until the call deadline.

Questions which are specific to a particular proposal and for which the answer would provide a comparative advantage to the applicant will not be answered.

Please note that proposals must not be sent to the helpdesk e-mail address.

 

14. PROCESSING OF PERSONAL DATA

The reply to any call for proposals involves the recording and processing of personal data (such as name, address and CV). Such data will be processed pursuant to Regulation (EC) No 45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data.

Unless indicated otherwise, the questions and any personal data requested will be processed solely for the purpose of evaluation of proposals in accordance with the call for proposals and in case of successful applications, for the purpose of grant management including evaluations of the CEF by INEA as data controller for this purpose. Personal data included in the application (name, title, organisation, contact information) may be shared within the limits set forth by Regulation 45/2001 with external experts whose contribution is necessary for evaluation of proposals and grants and with the concerned Member State representatives in the CEF Coordination Committee on a need to know basis in view of their role in the approval of proposals selected for funding, as well as responsibilities under the CEF Regulation.

Details concerning the processing of an applicant's personal data are available in the privacy statement on the call webpage: https://ec.europa.eu/inea/en/connecting-europe-facility/cef-telecom/apply-funding/2018- cyber-security

 

An applicant's personal data (e.g. name, given name if natural person, address, legal form, registration number and name and given name of the persons with powers of representation, decision-making or control, if legal person) may be registered in the Early Detection and Exclusion System (EDES) established by the Commission, should the beneficiary be in one of the situations mentioned in Article 106(1) and 107 of Regulation (EU, Euratom) No 966/2012 on the financial rules applicable to the general budget of the Union, as amended by Regulation (EU, Euratom) No 2015/1929 (OJ L 286, 30.10.2015, p. 1).

For more information on EDES (including the grounds for being registered in the database), please see: http://ec.europa.eu/budget/explained/management/protecting/protect_en.cfm

and the privacy statement at:

http://ec.europa.eu/budget/library/explained/management/protecting/privacy_statement_e des_en.pdf

Applicants are informed that, to ensure that the EU’s financial interests are protected, their personal data may be communicated to internal audit services, the European Commission, the European Court of Auditors, the body specialising in financial irregularities (Financial Irregularities Panel) or the European Anti-Fraud Office (OLAF).

Public link:   Only for registered users