EU Offers Up to €30,000 Grants to Help Small Businesses Meet Cybersecurity Standards
Brussels, Tuesday, 3 February 2026.
Starting January 28, 2026, European small and medium enterprises can apply for co-funding up to €30,000 through the EU’s SECURE project to comply with the Cyber Resilience Act, which takes effect December 2027. This financial support addresses a critical challenge for smaller companies lacking resources to independently meet new mandatory cybersecurity requirements for hardware and software products.
SECURE Project Details and Timeline
The SECURE project represents a coordinated European effort to support micro, small and medium enterprises (MSMEs) in achieving compliance with the EU Cyber Resilience Act (CRA) [1]. The initiative is coordinated by the Italian National Cybersecurity Coordination Centre and involves partners from seven different EU Member States [1]. Companies have a limited window to submit their funding requests, with applications accepted from January 28 to March 29, 2026 [1]. This tight timeline underscores the urgency of preparing businesses for the CRA’s full implementation on December 11, 2027 [1].
Understanding the Cyber Resilience Act Requirements
The CRA introduces mandatory cybersecurity requirements for manufacturers that cover the entire product lifecycle, including planning, design, development and maintenance of hardware and software products [1]. The Act entered into force on December 10, 2024, but will not apply fully until December 11, 2027, giving businesses nearly two years to prepare [1][3]. This comprehensive approach ensures that cybersecurity considerations are embedded from the earliest stages of product development rather than being retrofitted as an afterthought [GPT]. The legislation represents part of a broader EU cybersecurity strategy that has been evolving since 2020, with recent amendments to the Cybersecurity Act published on January 26, 2026, introducing new frameworks for ICT supply chain security [3].
Funding Structure and EU Cybersecurity Investment
The SECURE project operates under the Digital Europe Programme (DEP), which is managed by the European Cybersecurity Competence Centre (ECCC) [1]. This funding mechanism is part of a larger EU commitment to cybersecurity investment, with the Digital Europe Programme planning to invest €1.9 billion into cybersecurity capacity and deployment across the EU from 2021-2027 [2]. The €30,000 maximum co-funding available to individual MSMEs through SECURE represents a targeted approach to address the resource constraints that smaller companies face when implementing comprehensive cybersecurity measures [1]. This financial support structure acknowledges that while large corporations may have dedicated cybersecurity budgets, smaller enterprises often struggle to allocate sufficient resources for compliance with evolving regulatory requirements [GPT].
Broader EU Cybersecurity Policy Context
The SECURE project launch coincides with intensified EU cybersecurity policy development throughout 2025 and early 2026. On January 15, 2025, the Commission launched a European action plan to strengthen cybersecurity in hospitals and healthcare providers [4]. Additionally, on January 20, 2026, the Commission proposed a new cybersecurity package to strengthen EU cybersecurity resilience, including amendments to the NIS2 directive [2]. These developments demonstrate a comprehensive approach to cybersecurity that extends beyond individual product compliance to encompass critical infrastructure and supply chain security [GPT]. The timing of these initiatives reflects the EU’s recognition that cybersecurity threats require coordinated, well-funded responses across multiple sectors and business sizes [GPT].
Bronnen
- digital-strategy.ec.europa.eu
- digital-strategy.ec.europa.eu
- www.linkedin.com
- digital-strategy.ec.europa.eu