The implementation of the Cyber Resilience Act (CRA), Regulation (EU) 2024/2847, marks a major milestone in the European Union’s commitment to enhancing the cyber resilience of its digital market.
SECURE supports European micro, small and medium-sized Enterprises (MSMEs) with funding and guidance to strengthen their cybersecurity capabilities and comply with the Cyber Resilience Act (CRA).
Project Objectives
Cybersecurity is a crucial factor for business competitiveness. SECURE supports MSMEs by providing practical resources, tools, knowledge, and financial support to foster a security-by-design culture and implement concrete measures to strengthen cybersecurity.
The overall Impact of the SECURE project:
SECURE – Strengthening EU SMEs Cyber Resilience (GA No 1101190325) is an EU-funded project under the European Commission’s Digital Europe Programme and runs from January 2025 until December 2027.
With a total budget of nearly €22 million, including €16.5 million in direct financial support for MSMEs, the initiative helps Micro-, Small and Medium-sized companies to prepare for upcoming Cyber CRA requirements.
An openly accessible Central Repository for CRA-compliance-related resources provides access to guidelines, self-assessment tools, training materials, and free/open-source code. Workshops, training, events, good practice exchanges and community engagement activities aim to facilitate knowledge sharing. Through stakeholder engagement SECURE contributes to integrating MSME needs into CRA-related European standardization initiatives.
SECURE is a DEP -ECCC project at the center of an ecosystem of initiatives funded by the Digital Europe Programme aimed at supporting CRA compliance. In this context, and in close collaboration with the European Commission’s DG CNECT H2, and with the support of Cyberstand.eu, SECURE actively participates in coordination activities with other DEP projects. The goal is to help MSMEs better understand the CRA and adopt innovative tools that can be used within the projects funded through SECURE’s FSTP calls.
A comprehensive collection of CRA-related resources and use-cases to support knowledge sharing and upskilling initiatives
Trainings and workshops tailored to the needs of MSMEs to become CRA-compliant and cyber-resilient
EU financial support reaches MSMEs under the scope of the CRA to enhance their capacity to comply with upcoming requirements
| Project Total Budget | € 16.5 million |
|---|---|
| Funding per grant | Up to € 30,000 |
| Target applicant | Micro, small and medium-sized enterprises (MSMEs) |
| Co-financing | 50% |
| First call | 28 January 2026 - 29 March 2026 |
The CRA requires hardware and software products (“products with digital elements”) placed on the EU market to meet essential cybersecurity requirements throughout their entire product lifecycle.
Some products with digital elements covered by special EU legislation are excluded from the CRA.
To ensure compliance, obligations are laid down for economic operators, who place products covered by the CRA on the European Union market – manufacturers, importers, distributors and open-source stewards – for the design, development and production, as well as maintenance, until disposal of the product.
Before product placement on the market – main obligations:
After product placement on the market – main obligations:
The CRA entered into force on 10 December 2024 and will be fully applicable as of 11 December 2027. Notification of conformity assessment bodies applies from 11 June 2026 and reporting obligations as of 11 September 2026.
To gain a better understanding of the Cyber Resilience Act, we encourage MSMEs to consult the European Commission’s dedicated website, and in particular the FAQ document available at the following link: FAQ document
The SECURE project is coordinated by ACN, Agenzia per la cybersicurezza nazionale, Italy's National Cybersecurity Authority. The SECURE consortium consists of nine partners from across Europe - Austria, Belgium, Italy, Luxembourg, Poland, Romania and Spain - with expertise in cyber security and digitalization, representing National Cyber Security Centers (NCCs) and European Digital Innovation Hubs (EDIHs).
Connecting Europe to Boost SME Cyber Resilience
The implementation strategy of the SECURE project extends beyond its consortium, to ensure widest access to cascading funding and project outcomes. By bringing together National (Cybersecurity) Coordination Centres (NCCs), European Digital Innovation Hubs (EDIHs) and the European Cybersecurity Competence Center, the SECURE aims to reach and engage the largest possible number of interested stakeholders and boost resilience of SMEs across the whole European Union.
Stay updated on the SECURE project, cyber resilience news, and upcoming opportunities by subscribing our newsletter.
