diamond_full diamond diamond_half diamond_euro search-icon menu chat-icon close-icon envelope-icon smartphone-call-icon

EU SECURE4SME – CRA Funding for SMEs

With the EU funding programme “SECURE4SME”, the European Union supports small and medium-sized enterprises (SMEs) in implementing the Cyber Resilience Act (CRA). The programme is financed under the Digital Europe Programme and provides a total of 16.5 million euros for direct SME funding.

The Cyber Resilience Act requires manufacturers, importers, and distributors of products with digital elements to meet mandatory cybersecurity requirements. For many SMEs, implementing these requirements poses a significant challenge. The SECURE4SME programme bridges this gap by providing targeted financial support for CRA-related cybersecurity measures.

USE OF THE FUNDING

Through open calls, SMEs can apply for grants of up to 30,000 euros. The co-financing rate is 50%, meaning the programme covers half of eligible project costs of up to 60,000 euros. Projects have a maximum duration of six months.

Eligible activities include:

  • Cybersecurity assessments and gap analyses
  • Vulnerability assessments and penetration testing
  • Code reviews and application security
  • Security-by-design improvements
  • Training and awareness programmes
  • Procurement of hardware and software for CRA implementation

SMEs can commission specialized service providers such as SCHUTZWERK to carry out the funded activities.

ELIGIBILITY

The following requirements must be met for an application:

  • The company is an SME (fewer than 250 employees, annual turnover up to EUR 50 million or balance sheet total up to EUR 43 million)
  • Established in an EU or EEA member state
  • The company is a manufacturer, developer, importer, or distributor of products with digital elements within the scope of the CRA
  • One application per organisation per open call
  • Applications must be submitted in English via the SECURE portal

The first open call runs from 28 January to 29 March 2026. Further calls are planned.

SCHUTZWERK SUPPORTS YOUR CRA IMPLEMENTATION

As a specialized service provider for product and embedded security, we provide comprehensive support – from application preparation to implementing the funded measures. Our services, including threatandriskassessments , penetrationtesting , embeddedsecurityassessments , and furthersecurityassessments , are directly eligible for funding under this programme. We help you prepare a compelling funding application and effectively implement the funded measures.

Learn more about our CRAcompliancesupport .

Frequently Asked Questions

Yes. Within the SECURE4SME funding programme, subcontracting specialized service providers is explicitly permitted. SMEs can commission cybersecurity experts such as SCHUTZWERK to carry out the funded activities. Services must be performed within the EU/EEA.
All application documents must be submitted in English. Official national documents (e.g. financial statements) may be submitted in the original language.
There are two options: With pre-financing, you receive 40% upon signing the Sub-Grant Agreement and the remaining 60% after approval of the final technical report. Without pre-financing, full payment is made after project completion.
Rejected proposals can be revised and resubmitted in subsequent open calls. At least one further call is planned.
According to the open call documents, projects have a maximum duration of 180 days (six months) from signing the Sub-Grant Agreement.
Products with digital elements – from connected IoT devices and embedded systems to software applications and critical components such as processors and software libraries. Eligible applicants are SMEs that develop, manufacture, import, or distribute such products; according to the programme FAQ, open-source software stewards may also be considered.
SECURE4SME is funded by the EU’s Digital Europe Programme (Grant Agreement No. 101190325) and supported by the European Cybersecurity Competence Centre (ECCC). The consortium is coordinated by Italy’s Agenzia per la Cybersicurezza Nazionale (ACN) and comprises nine partners from seven EU countries.

For more information, visit the SECURE4SMEprogrammepage and the SECUREapplicationportal .

More info about this funding

Visit the funding provider's website for more information about this funding.

View official info
Free Consultation