Last month  the European Commission released its Digital Europe Work Programme 2025-2027. Concurrently, the European Cybersecurity Competence Centre (ECCC) released the Digital Europe Cybersecurity Work Programme 2025-2027. Together, these Work Programmes describe funding for the EU’s Digital Europe Programme (DIGITAL), a funding programme aimed at bringing digital technology to businesses, citizens and public administrations. 

In total, the Work Programmes allocate EUR 441.6 million across all cybersecurity initiatives for the next two years. However, much of this funding has already been earmarked under the EU’s long-term budget, the 2021–2027 Multiannual Financial Framework (MFF).

The Commission’s Work Programme is broader than the ECCC’s Work Programme, containing funding for all Digital Europe Programme initiatives across AI, cloud and data, cybersecurity, advanced computing, and semiconductors. For cybersecurity specifically, it allocates EUR 45.6 million across three key initiatives:

1. EU Cybersecurity Reserve (EUR 36 million) - Funds the establishment of the EU Cybersecurity Reserve with cybersecurity incident response services from trusted private providers to provide relevant services to respond to and to mitigate the impact of significant and large-scale cybersecurity incidents. 
2. Cyber Resilience Act reporting platform (EUR 8.1 million) - Funds the development and operation of the Cyber Resilience Act single reporting platform, which will allow manufacturers to securely report cybersecurity vulnerabilities and incidents.
3. Cyber Situation and Analysis Centre (EUR 0.67 million to ENISA / EUR 0.87 million to the European Commission) - Funds the establishment of a Cyber Situation and Analysis Centre within the Directorate-General for Communications Networks, Content and Technology (DG CONNECT) to contribute to up-to-date and strategic-level situation analysis, risk scenarios and overviews of the threat landscape.

The Commission’s Work Programme also separately allocates EUR 6 million for the European Cybersecurity Support Centre for hospitals and healthcare providers to develop a comprehensive service catalogue catering for the needs of hospitals and healthcare providers pursuant to the 15 January 2025 European action plan on the cybersecurity of hospitals and healthcare providers. The consultation for that action plan is open through 30 June 2025.

Meanwhile, the ECCC’s Work Programme only covers cybersecurity initiatives. Although the Commission’s Work Programme states that ECCC will have EUR 353 million for its budget, ECCC carried over a budget surplus from 2022. As a result, the ECCC Work Programme allocates EUR 390 million across four key areas:

1. New technologies, AI & post-quantum transition (EUR 142 million) - Funds the development and deployment of cybersecurity tools based on AI, automation of cybersecurity processes, and initiatives to secure AI technologies; the implementation of post-quantum cryptography (PQC) algorithms in Public Key Infrastructures (PKIs); and initiatives to improve small and medium sized enterprises’ (SMEs) cybersecurity readiness.
2. Cyber Solidarity Act Implementation (EUR 121 million) - Funds support to National Cyber Hubs and Cross-Border Cyber Hubs; coordinates preparedness testing of entities operating in sectors of high criticality across the EU; and provides technical assistance to respond to significant and large-scale cybersecurity incidents.
3. Additional actions for improving EU cyber resilience (EUR 118 million) - Funds the operation of the National Coordination Centres (NCCs); the implementation of the Cyber Resilience Act (CRA), NIS 2 Directive, General Data Protection Regulation (GDPR), Digital Operational Resilience Act (DORA), Cybersecurity Act (CSA), and AI Act; hospital cybersecurity initiatives; and the enhancement of operational cybersecurity cooperation between the civil and defence spheres.
4. Programme Support Actions (EUR 9 million) - Funds additional programme support actions, including evaluations and reviews.

As these programs are implemented, the EU also continues to advance additional legislative initiatives on cybersecurity. On 11 April 2025, the Commission announced a consultation on the revision of the Cybersecurity Act (CSA). The new legislation will seek to clarify the mandate of the EU Agency for Cybersecurity (ENISA) and improve the European Cybersecurity Certification Framework to achieve better resilience. The legislation is also deeply tied to Commission President Ursula Von Der Leyen’s simplification initiative, which seeks to streamline rules and reduce the administrative burdens for businesses by 25%, and by 35% for small and medium enterprises by 2029. 

‍